June 2023 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2023-Jun 2023-Jun Final 1.0 86 2026-02-18T03:13:30 June 2023 Security Updates 2023-06-13T07:00:00 2026-02-18T03:13:30 <h2 id="this-release-consists-of-the-following-79-microsoft-cves">This release consists of the following 79 Microsoft CVEs:</h2> <table> <thead> <tr> <th>Tag</th> <th>CVE</th> <th>Base Score</th> <th>CVSS Vector</th> <th>Exploitability</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Azure DevOps</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21565">CVE-2023-21565</a></td> <td>7.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure DevOps</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21569">CVE-2023-21569</a></td> <td>5.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET and Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24895">CVE-2023-24895</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24896">CVE-2023-24896</a></td> <td>5.4</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET and Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24897">CVE-2023-24897</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET and Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24936">CVE-2023-24936</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows CryptoAPI</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24937">CVE-2023-24937</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows CryptoAPI</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24938">CVE-2023-24938</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28310">CVE-2023-28310</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET Framework</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29326">CVE-2023-29326</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET Core</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29331">CVE-2023-29331</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>NuGet Client</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29337">CVE-2023-29337</a></td> <td>7.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29345">CVE-2023-29345</a></td> <td>6.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NTFS</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29346">CVE-2023-29346</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29349">CVE-2023-29349</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Group Policy</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29351">CVE-2023-29351</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Remote Desktop Client</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29352">CVE-2023-29352</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SysInternals</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29353">CVE-2023-29353</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DHCP Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29355">CVE-2023-29355</a></td> <td>5.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>SQL Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29356">CVE-2023-29356</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29357">CVE-2023-29357</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows GDI</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29358">CVE-2023-29358</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29359">CVE-2023-29359</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows TPM Device Driver</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29360">CVE-2023-29360</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cloud Files Mini Filter Driver</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29361">CVE-2023-29361</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Remote Desktop Client</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29362">CVE-2023-29362</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows PGM</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29363">CVE-2023-29363</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Authentication Methods</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29364">CVE-2023-29364</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows Codecs Library</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29365">CVE-2023-29365</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Geolocation Service</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29366">CVE-2023-29366</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows OLE</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29367">CVE-2023-29367</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Filtering</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29368">CVE-2023-29368</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Procedure Call Runtime</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29369">CVE-2023-29369</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows Codecs Library</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29370">CVE-2023-29370</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29371">CVE-2023-29371</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC OLE DB provider for SQL</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29372">CVE-2023-29372</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows ODBC Driver</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29373">CVE-2023-29373</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Resilient File System (ReFS)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32008">CVE-2023-32008</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Collaborative Translation Framework</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32009">CVE-2023-32009</a></td> <td>8.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Bus Filter Driver</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32010">CVE-2023-32010</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows iSCSI</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32011">CVE-2023-32011</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Container Manager Service</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32012">CVE-2023-32012</a></td> <td>6.3</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Hyper-V</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32013">CVE-2023-32013</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows PGM</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32014">CVE-2023-32014</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows PGM</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32015">CVE-2023-32015</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Installer</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32016">CVE-2023-32016</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Printer Drivers</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32017">CVE-2023-32017</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Hello</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32018">CVE-2023-32018</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32019">CVE-2023-32019</a></td> <td>4.7</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: DNS Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32020">CVE-2023-32020</a></td> <td>3.7</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows SMB</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32021">CVE-2023-32021</a></td> <td>7.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Server Service</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32022">CVE-2023-32022</a></td> <td>7.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Microsoft Power Apps</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32024">CVE-2023-32024</a></td> <td>3.0</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32029">CVE-2023-32029</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET and Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32030">CVE-2023-32030</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32031">CVE-2023-32031</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET and Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32032">CVE-2023-32032</a></td> <td>6.5</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32025">CVE-2023-32025</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32026">CVE-2023-32026</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32027">CVE-2023-32027</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32028">CVE-2023-32028</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET and Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33126">CVE-2023-33126</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET and Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33128">CVE-2023-33128</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33129">CVE-2023-33129</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33130">CVE-2023-33130</a></td> <td>7.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Outlook</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33131">CVE-2023-33131</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33132">CVE-2023-33132</a></td> <td>6.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33133">CVE-2023-33133</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET and Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33135">CVE-2023-33135</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33137">CVE-2023-33137</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33139">CVE-2023-33139</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office OneNote</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33140">CVE-2023-33140</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>ASP .NET</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33141">CVE-2023-33141</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33142">CVE-2023-33142</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33143">CVE-2023-33143</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Visual Studio Code</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33144">CVE-2023-33144</a></td> <td>5.0</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33145">CVE-2023-33145</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33146">CVE-2023-33146</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="we-are-republishing-26-non-microsoft-cves">We are republishing 26 non-Microsoft CVEs:</h2> <table> <thead> <tr> <th>CNA</th> <th>Tag</th> <th>CVE</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-2929">CVE-2023-2929</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-2930">CVE-2023-2930</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-2931">CVE-2023-2931</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-2932">CVE-2023-2932</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-2933">CVE-2023-2933</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-2934">CVE-2023-2934</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-2935">CVE-2023-2935</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-2936">CVE-2023-2936</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-2937">CVE-2023-2937</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-2938">CVE-2023-2938</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-2939">CVE-2023-2939</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-2940">CVE-2023-2940</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-2941">CVE-2023-2941</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-3079">CVE-2023-3079</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-3214">CVE-2023-3214</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-3215">CVE-2023-3215</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-3216">CVE-2023-3216</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-3217">CVE-2023-3217</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Github</td> <td>Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-25815">CVE-2023-25815</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Github</td> <td>Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-25652">CVE-2023-25652</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>AutoDesk</td> <td>Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-27909">CVE-2023-27909</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>AutoDesk</td> <td>Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-27910">CVE-2023-27910</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>AutoDesk</td> <td>Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-27911">CVE-2023-27911</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Github</td> <td>Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29007">CVE-2023-29007</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Github</td> <td>Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29011">CVE-2023-29011</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Github</td> <td>Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29012">CVE-2023-29012</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-resources">Relevant Resources</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5027215">5027215</a></td> <td>Windows 10, version 21H2 and Windows 10, version 22H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5027222">5027222</a></td> <td>Windows 10, version 1809, Windows Server 2019</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5027223">5027223</a></td> <td>Windows 11, version 21H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5027225">5027225</a></td> <td>Windows Server 2022</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5027231">5027231</a></td> <td>Windows 11, version 22H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5027256">5027256</a></td> <td>Windows Server 2008 R2 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5027275">5027275</a></td> <td>Windows Server 2008 R2 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5027277">5027277</a></td> <td>Windows Server 2008 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5027279">5027279</a></td> <td>Windows Server 2008 (Monthly Rollup)</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 12 Microsoft Exchange Server 2019 Cumulative Update 13 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft Visual Studio 2022 version 17.2 Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Visual Studio 2022 version 17.0 Microsoft Visual Studio 2022 version 17.4 Microsoft Visual Studio 2022 version 17.6 Windows Sysinternals Process Monitor Sysinternals Suite Microsoft Visual Studio 2013 Update 5 Microsoft Visual Studio 2015 Update 3 .NET 7.0 .NET 6.0 PowerShell 7.2 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 R2 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows Server 2012 Microsoft .NET Framework 4.8 on Windows Server 2016 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 3.5 and 4.6.2 on Windows 10 for 32-bit Systems Microsoft .NET Framework 3.5 and 4.6.2 on Windows 10 for x64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems PowerShell 7.3 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.5 on Windows Server 2012 Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5 on Windows Server 2012 R2 Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for ARM64-based Systems Azure DevOps Server 2020.1.2 Microsoft Visual Studio 2022 version 17.8 NuGet 6.2.3 NuGet 6.4.1 NuGet 6.5.0 NuGet 6.3.2 NuGet 6.0.4 NuGet 6.6.0 NuGet 5.11.4 Microsoft Visual Studio 2022 version 17.9 YARP 1.0 YARP 2.0 Visual Studio Code Dynamics 365 for Finance and Operations Microsoft Power Apps Microsoft Edge (Chromium-based) Azure DevOps Server 2022 Azure DevOps Server 2022.0.1 Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Microsoft Office Online Server Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server Subscription Edition Microsoft Outlook 2016 (32-bit edition) Microsoft Outlook 2016 (64-bit edition) Microsoft Outlook 2013 (32-bit editions) Microsoft Outlook 2013 (64-bit editions) Microsoft Outlook 2013 RT Service Pack 1 Microsoft OneNote for Universal Microsoft Visio 2016 (32-bit edition) Microsoft Visio 2016 (64-bit edition) Microsoft ODBC Driver 17 for SQL Server on Linux Microsoft ODBC Driver 18 for SQL Server on Linux Microsoft ODBC Driver 17 for SQL Server on Windows Microsoft ODBC Driver 18 for SQL Server on Windows Microsoft ODBC Driver 17 for SQL Server on MacOS Microsoft ODBC Driver 18 for SQL Server on MacOS Microsoft OLE DB Driver 18 for SQL Server Microsoft OLE DB Driver 19 for SQL Server Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Remote Desktop client for Windows Desktop Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) 3D Viewer CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Outlook 2013 (32-bit editions) Microsoft Outlook 2013 (64-bit editions) Windows Server 2012 Windows Server 2012 (Server Core installation) Microsoft Outlook 2013 RT Service Pack 1 Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft Visual Studio 2013 Update 5 Microsoft Visual Studio 2015 Update 3 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Visio 2016 (32-bit edition) Microsoft Visio 2016 (64-bit edition) Microsoft Outlook 2016 (32-bit edition) Microsoft Outlook 2016 (64-bit edition) Windows Server 2016 Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Microsoft SharePoint Enterprise Server 2016 Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Microsoft SharePoint Server 2019 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft Office Online Server Visual Studio Code Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows Server 2012 Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 R2 Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2016 Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) Microsoft Edge (Chromium-based) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation) 3D Viewer Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Dynamics 365 for Finance and Operations Remote Desktop client for Windows Desktop Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft SharePoint Server Subscription Edition Microsoft Visual Studio 2022 version 17.0 PowerShell 7.2 .NET 6.0 YARP 1.0 Microsoft Exchange Server 2019 Cumulative Update 12 Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Visual Studio 2022 version 17.2 Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 3.5 and 4.6.2 on Windows 10 for 32-bit Systems Microsoft .NET Framework 3.5 and 4.6.2 on Windows 10 for x64-based Systems Microsoft Visual Studio 2022 version 17.4 .NET 7.0 PowerShell 7.3 CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM Azure DevOps Server 2020.1.2 Azure DevOps Server 2022 Microsoft OLE DB Driver 19 for SQL Server Microsoft OLE DB Driver 18 for SQL Server Microsoft Power Apps Microsoft Visual Studio 2022 version 17.6 YARP 2.0 Azure DevOps Server 2022.0.1 Windows Sysinternals Process Monitor Microsoft Exchange Server 2019 Cumulative Update 13 Microsoft OneNote for Universal Microsoft ODBC Driver 17 for SQL Server on Windows Microsoft ODBC Driver 17 for SQL Server on Linux Microsoft ODBC Driver 17 for SQL Server on MacOS Microsoft ODBC Driver 18 for SQL Server on Windows Microsoft ODBC Driver 18 for SQL Server on Linux Microsoft ODBC Driver 18 for SQL Server on MacOS NuGet 6.0.4 NuGet 6.2.3 NuGet 6.3.2 NuGet 6.4.1 NuGet 6.5.0 NuGet 6.6.0 Sysinternals Suite NuGet 5.11.4 Microsoft Visual Studio 2022 version 17.8 Microsoft Visual Studio 2022 version 17.9 cbl2 kernel 5.15.153.1-1 on CBL Mariner 2.0 azl3 hyperv-daemons 6.6.35.1-1 on Azure Linux 3.0 cbl2 hyperv-daemons 5.15.158.1-1 on CBL Mariner 2.0 cbl2 golang 1.21.6-1 on CBL Mariner 2.0 cbl2 qt5-qtbase 5.12.11-15 on CBL Mariner 2.0 cbl2 cert-manager 1.11.2-14 on CBL Mariner 2.0 azl3 tensorflow 2.16.1-9 on Azure Linux 3.0 azl3 cups 2.4.10-1 on Azure Linux 3.0 cm1 kernel 5.10.188.1-1 on CBL Mariner 1.0 cbl2 kernel 5.15.122.1-2 on CBL Mariner 2.0 cbl2 kernel 5.15.118.1-2 on CBL Mariner 2.0 cm1 kernel 5.10.185.1-1 on CBL Mariner 1.0 cbl2 kernel 5.15.126.1-1 on CBL Mariner 2.0 cbl2 hyperv-daemons 5.15.126.1-1 on CBL Mariner 2.0 cbl2 hyperv-daemons 5.15.135.1-1 on CBL Mariner 2.0 cbl2 hyperv-daemons 5.15.118.1-1 on CBL Mariner 2.0 cm1 libtiff 4.5.1-1 on CBL Mariner 1.0 cbl2 libtiff 4.5.1-1 on CBL Mariner 2.0 cm1 bind 9.16.37-2 on CBL Mariner 1.0 cbl2 bind 9.16.33-2 on CBL Mariner 2.0 cbl2 dhcp 4.4.2-5 on CBL Mariner 2.0 cbl2 kernel 5.15.116.1-2 on CBL Mariner 2.0 cm1 kernel 5.10.183.1-1 on CBL Mariner 1.0 cm1 yajl 2.1.0-18 on CBL Mariner 1.0 cbl2 yajl 2.1.0-19 on CBL Mariner 2.0 azl3 yajl 2.1.0-19 on Azure Linux 3.0 cm1 mozjs60 60.9.0-13 on CBL Mariner 1.0 cbl2 kernel 5.15.116.1-1 on CBL Mariner 2.0 cm1 libcap 2.26-3 on CBL Mariner 1.0 cbl2 libcap 2.60-2 on CBL Mariner 2.0 cm1 opensc 0.22.0-2 on CBL Mariner 1.0 cbl2 opensc 0.22.0-3 on CBL Mariner 2.0 azl3 opensc 0.22.0-3 on Azure Linux 3.0 cbl2 nodejs18 18.17.1-2 on CBL Mariner 2.0 cbl2 nodejs 16.20.1-2 on CBL Mariner 2.0 cbl2 msft-golang 1.19.10-1 on CBL Mariner 2.0 cbl2 golang 1.20.7-1 on CBL Mariner 2.0 azl3 golang 1.22.7-2 on Azure Linux 3.0 cbl2 msft-golang 1.20.7-1 on CBL Mariner 2.0 azl3 golang 1.20.7-1 on Azure Linux 3.0 cbl2 cups 2.3.3op2-7 on CBL Mariner 2.0 azl3 telegraf 1.29.4-1 on Azure Linux 3.0 cbl2 kernel 5.15.137.1-1 on CBL Mariner 2.0 cbl2 telegraf 1.28.5-1 on CBL Mariner 2.0 cbl2 bind 9.16.44-1 on CBL Mariner 2.0 azl3 gcc 13.2.0-7 on Azure Linux 3.0 cbl2 wireshark 4.0.8-1 on CBL Mariner 2.0 cbl2 ruby 3.1.4-2 on CBL Mariner 2.0 cbl2 libX11 1.6.12-6 on CBL Mariner 2.0 cbl2 advancecomp 2.5-1 on CBL Mariner 2.0 cbl2 dbus 1.15.6-1 on CBL Mariner 2.0 cbl2 javapackages-bootstrap 1.5.0-5 on CBL Mariner 2.0 cbl2 guava 25.0-8 on CBL Mariner 2.0 cbl2 helm 3.13.2-1 on CBL Mariner 2.0 azl3 librabbitmq 0.14.0-1 on Azure Linux 3.0 azl3 iniparser 4.1-9 on Azure Linux 3.0 azl3 mozjs 102.15.1-1 on Azure Linux 3.0 azl3 systemd-bootstrap 250.3-17 on Azure Linux 3.0 azl3 rpm-ostree 2022.1-7 on Azure Linux 3.0 azl3 containerized-data-importer 1.57.0-14 on Azure Linux 3.0 azl3 dwarves 1.25-2 on Azure Linux 3.0 azl3 telegraf 1.27.3-4 on Azure Linux 3.0 cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0 azl3 rust 1.75.0-14 on Azure Linux 3.0 azl3 rust 1.86.0-1 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 azl3 golang 1.24.3-1 on Azure Linux 3.0 cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0 cbl2 golang 1.17.13-2 on CBL Mariner 2.0 cbl2 golang 1.18.8-7 on CBL Mariner 2.0 azl3 hyperv-daemons 6.6.92.2-1 on Azure Linux 3.0 azl3 javapackages-bootstrap 1.14.0-3 on Azure Linux 3.0 cbl2 maven 3.8.7-3 on CBL Mariner 2.0 azl3 opensc 0.23.0-1 on Azure Linux 3.0 cbl2 cups 2.3.3op2-9 on CBL Mariner 2.0 azl3 libbpf 1.5.0-2 on Azure Linux 3.0 azl3 xdp-tools 1.4.2-1 on Azure Linux 3.0 azl3 cups 2.3.3op2-6 on Azure Linux 3.0 azl3 golang 1.22.7-1 on Azure Linux 3.0 azl3 grpc 1.42.0-7 on Azure Linux 3.0 Microsoft .NET Framework 3.5 on Windows Server 2012 Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5 on Windows Server 2012 R2 Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Wireshark MSMMS parsing buffer overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner AHA Yes CVE-2023-0667 Out-of-bounds Write 18324-16823 18324-16823 Moderate 18324-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18324-16823 CBL-Mariner Releases 18324-16823 No Security Update 4.0.8-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18324-16823 CBL-Mariner Releases 1.0 2023-06-14T00:00:00 <p>Information published.</p> Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-2455 Improper Input Validation 1.1 2024-12-18T00:00:00 <p>Added postgresql to CBL-Mariner 2.0</p> 1.0 2024-07-12T00:00:00 <p>Information published.</p> 1.2 2025-03-12T00:00:00 <p>Added postgresql to CBL-Mariner 2.0</p> libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-25433 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 17836-16820 17837-16823 17836-16820 17837-16823 Moderate 17836-16820 Moderate 17837-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17836-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17837-16823 CBL-Mariner Releases 17836-16820 17837-16823 No Security Update 4.5.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17836-16820 17837-16823 CBL-Mariner Releases 1.0 2023-07-03T00:00:00 <p>Information published.</p> libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-25435 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 17836-16820 17837-16823 17836-16820 17837-16823 Moderate 17836-16820 Moderate 17837-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17836-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17837-16823 CBL-Mariner Releases 17836-16820 17837-16823 No Security Update 4.5.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17836-16820 17837-16823 CBL-Mariner Releases 1.0 2023-06-26T00:00:00 <p>Information published.</p> 1.1 2023-07-29T00:00:00 <p>Information published.</p> A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error which can exhaust the process memory. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-2602 Missing Release of Memory after Effective Lifetime 17851-16823 17851-16823 Low 17851-16823 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17851-16823 CBL-Mariner Releases 17851-16823 No Security Update 2.60-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17851-16823 CBL-Mariner Releases 1.0 2023-06-08T00:00:00 <p>Information published.</p> Consul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner HashiCorp Yes CVE-2023-2816 Incorrect Privilege Assignment 18268-16823 18164-17084 19664-17084 18268-16823 18164-17084 19664-17084 Moderate 18268-16823 Moderate 18164-17084 19664-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 18268-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 18164-17084 8.7 8.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N 19664-17084 CBL-Mariner Releases 18268-16823 No Security Update 1.28.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18268-16823 CBL-Mariner Releases CBL-Mariner Releases 18164-17084 19664-17084 No Security Update 1.29.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18164-17084 19664-17084 CBL-Mariner Releases 1.0 2023-07-17T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> Libtiff: null pointer dereference in tif_dir.c <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-2908 NULL Pointer Dereference 17836-16820 17837-16823 17836-16820 17837-16823 Moderate 17836-16820 Moderate 17837-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17836-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17837-16823 CBL-Mariner Releases 17836-16820 17837-16823 No Security Update 4.5.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17836-16820 17837-16823 CBL-Mariner Releases 1.0 2023-07-03T00:00:00 <p>Information published.</p> Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2023-29404 Improper Control of Generation of Code ('Code Injection') 18315-17084 19785-17086 19668-17086 17667-17084 17375-16823 18137-16823 18138-16823 18139-17084 19778-17086 19712-17086 19693-17084 20239-17084 18315-17084 19785-17086 19668-17086 17667-17084 17375-16823 18137-16823 18138-16823 18139-17084 19778-17086 19712-17086 19693-17084 20239-17084 Critical 18315-17084 Critical 19785-17086 Critical 19668-17086 Critical 17667-17084 Critical 17375-16823 Critical 18137-16823 Critical 18138-16823 Critical 18139-17084 Critical 19778-17086 Critical 19712-17086 Critical 19693-17084 Critical 20239-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18315-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19785-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19668-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17667-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17375-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18137-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18138-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18139-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19778-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19712-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19693-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20239-17084 CBL-Mariner Releases 19785-17086 19778-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19785-17086 19778-17086 CBL-Mariner Releases CBL-Mariner Releases 17375-16823 No Security Update 1.21.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17375-16823 CBL-Mariner Releases CBL-Mariner Releases 18137-16823 No Security Update 1.19.10-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18137-16823 CBL-Mariner Releases CBL-Mariner Releases 18138-16823 No Security Update 1.20.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18138-16823 CBL-Mariner Releases CBL-Mariner Releases 18139-17084 20239-17084 No Security Update 1.22.7-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18139-17084 20239-17084 CBL-Mariner Releases 1.3 2026-02-18T02:42:15 <p>Information published.</p> 1.0 2023-06-14T00:00:00 <p>Information published.</p> 1.1 2024-08-09T00:00:00 <p>Information published.</p> 1.2 2024-10-05T00:00:00 <p>Information published.</p> A segmentation fault flaw was found in the Advancecomp package. This may lead to decreased availability. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-2961 Improper Input Validation 18351-16823 18351-16823 Low 18351-16823 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 18351-16823 CBL-Mariner Releases 18351-16823 No Security Update 2.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18351-16823 CBL-Mariner Releases 1.0 2023-06-22T00:00:00 <p>Information published.</p> Use of temporary directory for file creation in `FileBackedOutputStream` in Guava <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-2976 Files or Directories Accessible to External Parties 19822-17084 18353-16823 18354-16823 19830-17086 19822-17084 18353-16823 18354-16823 19830-17086 Moderate 19822-17084 Important 18353-16823 Important 18354-16823 Moderate 19830-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19822-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 18353-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 18354-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19830-17086 CBL-Mariner Releases 19822-17084 No Security Update 1.14.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19822-17084 CBL-Mariner Releases CBL-Mariner Releases 18353-16823 No Security Update 1.5.0-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18353-16823 CBL-Mariner Releases CBL-Mariner Releases 18354-16823 No Security Update 25.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18354-16823 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2024-07-12T00:00:00 <p>Information published.</p> A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request Event or Error IDs are within the bounds of the arrays that those functions write to using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself possibly causing the client to crash with this memory corruption. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3138 Out-of-bounds Write 18350-16823 18350-16823 Important 18350-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18350-16823 CBL-Mariner Releases 18350-16823 No Security Update 1.6.12-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18350-16823 CBL-Mariner Releases 1.0 2023-06-29T00:00:00 <p>Information published.</p> A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3212 NULL Pointer Dereference 17831-16820 17830-16823 17831-16820 17830-16823 Moderate 17831-16820 Moderate 17830-16823 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17831-16820 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17830-16823 CBL-Mariner Releases 17831-16820 No Security Update 5.10.185.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17831-16820 CBL-Mariner Releases CBL-Mariner Releases 17830-16823 No Security Update 5.15.118.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17830-16823 CBL-Mariner Releases 1.0 2023-07-05T00:00:00 <p>Information published.</p> OpenPrinting CUPS vulnerable to heap buffer overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-32324 Out-of-bounds Write 19950-17086 20071-17084 18159-16823 17722-17084 19950-17086 20071-17084 18159-16823 17722-17084 Moderate 19950-17086 Moderate 20071-17084 Moderate 18159-16823 Moderate 17722-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19950-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20071-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18159-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17722-17084 CBL-Mariner Releases 19950-17086 18159-16823 No Security Update 2.3.3op2-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19950-17086 18159-16823 CBL-Mariner Releases CBL-Mariner Releases 20071-17084 17722-17084 No Security Update 2.4.10-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20071-17084 17722-17084 CBL-Mariner Releases 1.0 2024-04-01T00:00:00 <p>Information published.</p> 1.1 2024-08-29T00:00:00 <p>Information published.</p> 1.2 2024-08-30T00:00:00 <p>Information published.</p> 1.3 2024-08-31T00:00:00 <p>Information published.</p> 1.4 2024-09-01T00:00:00 <p>Information published.</p> 1.5 2024-09-02T00:00:00 <p>Information published.</p> 1.6 2024-09-03T00:00:00 <p>Information published.</p> 1.7 2024-09-05T00:00:00 <p>Information published.</p> 1.8 2024-09-06T00:00:00 <p>Information published.</p> 1.9 2024-09-07T00:00:00 <p>Information published.</p> 2.0 2024-09-08T00:00:00 <p>Information published.</p> 2.1 2024-09-11T00:00:00 <p>Information published.</p> 2.2 2026-02-18T01:52:50 <p>Information published.</p> Information leak in gRPC <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-32731 Expected Behavior Violation 20279-17084 19693-17084 20279-17084 19693-17084 Important 20279-17084 Important 19693-17084 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 20279-17084 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 19693-17084 CBL-Mariner Releases 20279-17084 No Security Update 1.62.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20279-17084 CBL-Mariner Releases 1.1 2026-02-18T03:13:30 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner JFROG Yes CVE-2023-3316 NULL Pointer Dereference 17836-16820 17837-16823 17836-16820 17837-16823 Moderate 17836-16820 Moderate 17837-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17836-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17837-16823 CBL-Mariner Releases 17836-16820 17837-16823 No Security Update 4.5.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17836-16820 17837-16823 CBL-Mariner Releases 1.0 2023-06-26T00:00:00 <p>Information published.</p> 1.1 2023-07-29T00:00:00 <p>Information published.</p> A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3357 NULL Pointer Dereference 17831-16820 17830-16823 17831-16820 17830-16823 Moderate 17831-16820 Moderate 17830-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17831-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17830-16823 CBL-Mariner Releases 17831-16820 No Security Update 5.10.185.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17831-16820 CBL-Mariner Releases CBL-Mariner Releases 17830-16823 No Security Update 5.15.118.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17830-16823 CBL-Mariner Releases 1.0 2023-07-07T00:00:00 <p>Information published.</p> A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object potentially leading to a denial of service. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner fedora Yes CVE-2023-3439 Use After Free 17831-16820 17832-16823 17833-16823 17831-16820 17832-16823 17833-16823 Moderate 17831-16820 Moderate 17832-16823 Moderate 17833-16823 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17831-16820 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17832-16823 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17833-16823 CBL-Mariner Releases 17831-16820 No Security Update 5.10.185.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17831-16820 CBL-Mariner Releases CBL-Mariner Releases 17832-16823 17833-16823 No Security Update 5.15.126.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17832-16823 17833-16823 CBL-Mariner Releases 1.0 2023-07-07T00:00:00 <p>Information published.</p> 1.1 2023-07-05T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-35826 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 17823-16820 17327-16823 17824-16823 17823-16820 17327-16823 17824-16823 Important 17823-16820 Important 17327-16823 Important 17824-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17823-16820 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17327-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17327-16823 No Security Update 5.15.158.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17327-16823 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2023-06-27T00:00:00 <p>Information published.</p> 1.1 2023-06-28T00:00:00 <p>Added kernel to CBL-Mariner 1.0</p> 1.2 2023-07-05T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0</p> Rejected reason: Duplicate of CVE-2023-3390. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3117 17823-16820 17830-16823 17823-16820 17830-16823 Important 17823-16820 Important 17830-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17830-16823 No Security Update 5.15.118.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17830-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:31 <p>Information published.</p> Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range when untrusted user data is provided as a range. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner snyk Yes CVE-2022-25883 Inefficient Regular Expression Complexity 19693-17084 19712-17086 19693-17084 19712-17086 Important 19693-17084 Important 19712-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19712-17086 1.1 2026-02-18T02:42:00 <p>Information published.</p> 1.0 2023-06-26T00:00:00 <p>Information published.</p> iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-33461 NULL Pointer Dereference 18419-17084 18419-17084 Moderate 18419-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18419-17084 CBL-Mariner Releases 18419-17084 No Security Update 4.1-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18419-17084 CBL-Mariner Releases 1.0 2025-05-27T00:00:00 <p>Information published.</p> An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-35789 Insufficiently Protected Credentials 18409-17084 18409-17084 Moderate 18409-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18409-17084 CBL-Mariner Releases 18409-17084 No Security Update 0.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18409-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2023-29547 18469-17084 18469-17084 18469-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 18469-17084 1.0 2025-09-03T21:28:36 <p>Information published.</p> A duplicate <code>SystemPrincipal</code> object could be created when parsing a non-system html document via <code>DOMParser::ParseFromSafeString</code>. This could have lead to bypassing web security checks. This vulnerability affects Firefox < 109. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2023-23604 18469-17084 18469-17084 18469-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 18469-17084 1.0 2025-09-03T21:48:25 <p>Information published.</p> Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2023-25731 18469-17084 18469-17084 18469-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18469-17084 1.0 2025-09-03T22:04:26 <p>Information published.</p> An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2023-29543 Use After Free 18469-17084 18469-17084 18469-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18469-17084 1.0 2025-09-03T22:12:19 <p>Information published.</p> Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2023-29537 Concurrent Execution using Shared Resource with Improper Synchronization (&#39;Race Condition&#39;) 18469-17084 18469-17084 18469-17084 7.5 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 18469-17084 1.0 2025-09-03T23:36:01 <p>Information published.</p> Memory safety bugs present in Firefox 113. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 114. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2023-34417 Out-of-bounds Write 19686-17084 18469-17084 19686-17084 18469-17084 19686-17084 18469-17084 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19686-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18469-17084 1.0 2025-09-03T23:40:46 <p>Information published.</p> Service workers could reveal script base URL due to dynamic `import()`. This vulnerability affects Firefox < 113. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2023-32208 18469-17084 18469-17084 18469-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 18469-17084 1.0 2025-09-04T00:00:17 <p>Information published.</p> A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-1206 Uncontrolled Resource Consumption 17832-16823 17832-16823 Moderate 17832-16823 5.7 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17832-16823 CBL-Mariner Releases 17832-16823 No Security Update 5.15.126.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17832-16823 CBL-Mariner Releases 1.0 2023-07-11T00:00:00 <p>Information published.</p> Privilege escalation with IO_RING_OP_CLOSE in the Linux Kernel <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-1295 Time-of-check Time-of-use (TOCTOU) Race Condition 17823-16820 17823-16820 Important 17823-16820 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17823-16820 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases 1.0 2023-07-08T00:00:00 <p>Information published.</p> A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n` causing the allocation of a massive string array possibly causing a denial of service through excessive use of memory. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-2253 Allocation of Resources Without Limits or Throttling 18355-16823 17402-16823 19346-17084 18355-16823 17402-16823 19346-17084 Moderate 18355-16823 Moderate 17402-16823 19346-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18355-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17402-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19346-17084 CBL-Mariner Releases 18355-16823 No Security Update 3.13.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18355-16823 CBL-Mariner Releases CBL-Mariner Releases 17402-16823 No Security Update 1.11.2-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17402-16823 CBL-Mariner Releases 1.0 2023-06-08T00:00:00 <p>Information published.</p> 1.1 2023-06-07T00:00:00 <p>Information published.</p> 1.2 2024-06-30T07:00:00 <p>Information published.</p> 1.3 2024-08-25T00:00:00 <p>Information published.</p> 1.4 2024-08-26T00:00:00 <p>Information published.</p> 1.5 2024-08-27T00:00:00 <p>Information published.</p> 1.6 2024-08-28T00:00:00 <p>Information published.</p> 1.7 2024-08-29T00:00:00 <p>Information published.</p> 1.8 2024-08-30T00:00:00 <p>Information published.</p> 1.9 2024-08-31T00:00:00 <p>Information published.</p> 2.0 2024-09-01T00:00:00 <p>Information published.</p> 2.1 2024-09-02T00:00:00 <p>Information published.</p> 2.2 2024-09-03T00:00:00 <p>Information published.</p> 2.3 2024-09-05T00:00:00 <p>Information published.</p> 2.4 2024-09-06T00:00:00 <p>Information published.</p> 2.5 2024-09-07T00:00:00 <p>Information published.</p> 2.6 2024-09-08T00:00:00 <p>Information published.</p> 2.7 2024-09-11T00:00:00 <p>Information published.</p> 2.8 2024-09-13T00:00:00 <p>Information published.</p> 2.9 2024-10-12T00:00:00 <p>Information published.</p> 3.0 2024-12-03T00:00:00 <p>Added cert-manager to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added moby-engine to Azure Linux 3.0</p> libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-25434 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 17836-16820 17837-16823 17836-16820 17837-16823 Important 17836-16820 Important 17837-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17836-16820 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17837-16823 CBL-Mariner Releases 17836-16820 17837-16823 No Security Update 4.5.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17836-16820 17837-16823 CBL-Mariner Releases 1.0 2023-06-19T00:00:00 <p>Information published.</p> 1.1 2023-07-29T00:00:00 <p>Information published.</p> A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-2598 Out-of-bounds Write 17844-16820 17849-16823 17844-16820 17849-16823 Important 17844-16820 Important 17849-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17844-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17849-16823 CBL-Mariner Releases 17844-16820 No Security Update 5.10.183.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17844-16820 CBL-Mariner Releases CBL-Mariner Releases 17849-16823 No Security Update 5.15.116.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17849-16823 CBL-Mariner Releases 1.0 2023-06-08T00:00:00 <p>Information published.</p> A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-2603 Integer Overflow or Wraparound 17850-16820 17851-16823 17850-16820 17851-16823 Important 17850-16820 Important 17851-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17850-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17851-16823 CBL-Mariner Releases 17850-16820 No Security Update 2.26-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17850-16820 CBL-Mariner Releases CBL-Mariner Releases 17851-16823 No Security Update 2.60-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17851-16823 CBL-Mariner Releases 1.0 2023-06-08T00:00:00 <p>Information published.</p> 1.1 2023-06-07T00:00:00 <p>Information published.</p> loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-26965 Out-of-bounds Write 17836-16820 17837-16823 17836-16820 17837-16823 Moderate 17836-16820 Moderate 17837-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17836-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17837-16823 CBL-Mariner Releases 17836-16820 17837-16823 No Security Update 4.5.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17836-16820 17837-16823 CBL-Mariner Releases 1.0 2023-06-19T00:00:00 <p>Information published.</p> 1.1 2023-07-29T00:00:00 <p>Information published.</p> libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-26966 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 17836-16820 17837-16823 17836-16820 17837-16823 Moderate 17836-16820 Moderate 17837-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17836-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17837-16823 CBL-Mariner Releases 17836-16820 17837-16823 No Security Update 4.5.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17836-16820 17837-16823 CBL-Mariner Releases 1.0 2023-07-03T00:00:00 <p>Information published.</p> named's configured cache size limit can be significantly exceeded <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner isc Yes CVE-2023-2828 Allocation of Resources Without Limits or Throttling 17838-16820 17839-16823 17840-16823 17838-16820 17839-16823 17840-16823 Important 17838-16820 Important 17839-16823 Important 17840-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17838-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17839-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17840-16823 CBL-Mariner Releases 17838-16820 No Security Update 9.16.37-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17838-16820 CBL-Mariner Releases CBL-Mariner Releases 17839-16823 No Security Update 9.16.33-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17839-16823 CBL-Mariner Releases CBL-Mariner Releases 17840-16823 No Security Update 4.4.2-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17840-16823 CBL-Mariner Releases 1.0 2023-06-26T00:00:00 <p>Information published.</p> 1.1 2023-06-27T00:00:00 <p>Added bind to CBL-Mariner 2.0</p> Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner isc Yes CVE-2023-2829 18308-16823 18308-16823 Important 18308-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18308-16823 CBL-Mariner Releases 18308-16823 No Security Update 9.16.44-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18308-16823 CBL-Mariner Releases 1.0 2023-07-04T00:00:00 <p>Information published.</p> Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner isc Yes CVE-2023-2911 Out-of-bounds Write 18308-16823 18308-16823 Important 18308-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18308-16823 CBL-Mariner Releases 18308-16823 No Security Update 9.16.44-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18308-16823 CBL-Mariner Releases 1.0 2023-06-27T00:00:00 <p>Information published.</p> Code injection via go command with cgo in cmd/go <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2023-29402 Improper Control of Generation of Code ('Code Injection') 19778-17086 19785-17086 19668-17086 19693-17084 20239-17084 17375-16823 18137-16823 18138-16823 18139-17084 17667-17084 19712-17086 19778-17086 19785-17086 19668-17086 19693-17084 20239-17084 17375-16823 18137-16823 18138-16823 18139-17084 17667-17084 19712-17086 Critical 19778-17086 Critical 19785-17086 Critical 19668-17086 Critical 19693-17084 Critical 20239-17084 Critical 17375-16823 Critical 18137-16823 Critical 18138-16823 Critical 18139-17084 Critical 17667-17084 Critical 19712-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19778-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19785-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19668-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19693-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20239-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17375-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18137-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18138-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18139-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17667-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19712-17086 CBL-Mariner Releases 19778-17086 19785-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19778-17086 19785-17086 CBL-Mariner Releases CBL-Mariner Releases 20239-17084 18139-17084 No Security Update 1.22.7-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20239-17084 18139-17084 CBL-Mariner Releases CBL-Mariner Releases 17375-16823 No Security Update 1.21.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17375-16823 CBL-Mariner Releases CBL-Mariner Releases 18137-16823 No Security Update 1.19.10-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18137-16823 CBL-Mariner Releases CBL-Mariner Releases 18138-16823 No Security Update 1.20.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18138-16823 CBL-Mariner Releases 1.2 2024-10-05T00:00:00 <p>Information published.</p> 1.3 2026-02-18T02:30:46 <p>Information published.</p> 1.0 2023-06-12T00:00:00 <p>Information published.</p> 1.1 2024-08-09T00:00:00 <p>Information published.</p> A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-2977 Out-of-bounds Read 17852-16820 17853-16823 17854-17084 19857-17084 17852-16820 17853-16823 17854-17084 19857-17084 Important 17852-16820 Important 17853-16823 Important 17854-17084 Important 19857-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17852-16820 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17853-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17854-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19857-17084 CBL-Mariner Releases 17852-16820 No Security Update 0.22.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17852-16820 CBL-Mariner Releases CBL-Mariner Releases 17853-16823 17854-17084 No Security Update 0.22.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17853-16823 17854-17084 CBL-Mariner Releases CBL-Mariner Releases 19857-17084 No Security Update 0.25.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19857-17084 CBL-Mariner Releases 1.0 2023-06-06T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2026-02-18T01:18:40 <p>Information published.</p> A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-2985 Use After Free 17844-16820 17849-16823 17844-16820 17849-16823 Moderate 17844-16820 Moderate 17849-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17844-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17849-16823 CBL-Mariner Releases 17844-16820 No Security Update 5.10.183.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17844-16820 CBL-Mariner Releases CBL-Mariner Releases 17849-16823 No Security Update 5.15.116.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17849-16823 CBL-Mariner Releases 1.0 2023-06-08T00:00:00 <p>Information published.</p> The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3 only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16 v18 and v20 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2023-30589 17866-16823 17867-16823 19671-17084 19686-17084 17866-16823 17867-16823 19671-17084 19686-17084 Important 17866-16823 Important 17867-16823 Important 19671-17084 Important 19686-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 17866-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 17867-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19671-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19686-17084 CBL-Mariner Releases 17866-16823 No Security Update 18.17.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17866-16823 CBL-Mariner Releases CBL-Mariner Releases 17867-16823 No Security Update 16.20.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17867-16823 CBL-Mariner Releases 1.1 2026-02-18T01:57:15 <p>Information published.</p> 1.0 2023-07-01T00:00:00 <p>Information published.</p> Out-of-bounds write in Linux kernel's ipvlan network driver <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-3090 Out-of-bounds Write 17831-16820 17830-16823 17831-16820 17830-16823 Important 17831-16820 Important 17830-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17831-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17830-16823 CBL-Mariner Releases 17831-16820 No Security Update 5.10.185.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17831-16820 CBL-Mariner Releases CBL-Mariner Releases 17830-16823 No Security Update 5.15.118.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17830-16823 CBL-Mariner Releases 1.0 2023-07-07T00:00:00 <p>Information published.</p> A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3111 Use After Free 17841-16823 17841-16823 Important 17841-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17841-16823 CBL-Mariner Releases 17841-16823 No Security Update 5.15.116.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17841-16823 CBL-Mariner Releases 1.0 2023-06-10T00:00:00 <p>Information published.</p> 1.1 2023-07-17T00:00:00 <p>Information published.</p> A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect possibly leading to a kernel information leak. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3141 Use After Free 17841-16823 17841-16823 Important 17841-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17841-16823 CBL-Mariner Releases 17841-16823 No Security Update 5.15.116.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17841-16823 CBL-Mariner Releases 1.0 2023-06-17T00:00:00 <p>Information published.</p> 1.1 2023-07-17T00:00:00 <p>Information published.</p> A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3159 Use After Free 17844-16820 17841-16823 17844-16820 17841-16823 Moderate 17844-16820 Moderate 17841-16823 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 17844-16820 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 17841-16823 CBL-Mariner Releases 17844-16820 No Security Update 5.10.183.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17844-16820 CBL-Mariner Releases CBL-Mariner Releases 17841-16823 No Security Update 5.15.116.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17841-16823 CBL-Mariner Releases 1.0 2023-06-21T00:00:00 <p>Information published.</p> 1.1 2023-06-30T00:00:00 <p>Information published.</p> A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font since there are no checks in place a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3161 Incorrect Calculation 17844-16820 17841-16823 17844-16820 17841-16823 Moderate 17844-16820 Moderate 17841-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17844-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17841-16823 CBL-Mariner Releases 17844-16820 No Security Update 5.10.183.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17844-16820 CBL-Mariner Releases CBL-Mariner Releases 17841-16823 No Security Update 5.15.116.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17841-16823 CBL-Mariner Releases 1.0 2023-06-23T00:00:00 <p>Information published.</p> 1.1 2023-06-22T00:00:00 <p>Information published.</p> 1.2 2023-06-30T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3220 NULL Pointer Dereference 17831-16820 17830-16823 17831-16820 17830-16823 Moderate 17831-16820 Moderate 17830-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17831-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17830-16823 CBL-Mariner Releases 17831-16820 No Security Update 5.10.185.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17831-16820 CBL-Mariner Releases CBL-Mariner Releases 17830-16823 No Security Update 5.15.118.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17830-16823 CBL-Mariner Releases 1.0 2023-06-28T00:00:00 <p>Information published.</p> 1.1 2023-07-29T00:00:00 <p>Information published.</p> An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3268 Out-of-bounds Read 17823-16820 17824-16823 17823-16820 17824-16823 Important 17823-16820 Important 17824-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17823-16820 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2023-06-27T00:00:00 <p>Information published.</p> Denial-of-Service in gRPC <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-32732 Expected Behavior Violation 20279-17084 17667-17084 19712-17086 19693-17084 19668-17086 20279-17084 17667-17084 19712-17086 19693-17084 19668-17086 Moderate 20279-17084 Moderate 17667-17084 Moderate 19712-17086 Moderate 19693-17084 Moderate 19668-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20279-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17667-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19712-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19693-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19668-17086 CBL-Mariner Releases 20279-17084 No Security Update 1.62.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20279-17084 CBL-Mariner Releases CBL-Mariner Releases 19693-17084 No Security Update 2.16.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19693-17084 CBL-Mariner Releases 1.1 2026-02-18T03:12:57 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw during device unbind will lead to double release problem leading to denial of service. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3312 Double Free 17831-16820 17830-16823 17831-16820 17830-16823 Important 17831-16820 Important 17830-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17831-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17830-16823 CBL-Mariner Releases 17831-16820 No Security Update 5.10.185.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17831-16820 CBL-Mariner Releases CBL-Mariner Releases 17830-16823 No Security Update 5.15.118.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17830-16823 CBL-Mariner Releases 1.0 2023-06-28T00:00:00 <p>Information published.</p> 1.1 2023-07-05T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0</p> A use-after-free flaw was found in mt7921_check_offload_capability in drivers/net/wireless/mediatek/mt76/mt7921/init.c in wifi mt76/mt7921 sub-component in the Linux Kernel. This flaw could allow an attacker to crash the system after 'features' memory release. This vulnerability could even lead to a kernel information leak problem. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3317 Use After Free 17823-16820 17824-16823 17823-16820 17824-16823 Important 17823-16820 Important 17824-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17823-16820 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2023-07-06T00:00:00 <p>Information published.</p> 1.1 2023-06-27T00:00:00 <p>Information published.</p> Crash due to a null pointer dereference in the dn_nsp_send function <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3338 NULL Pointer Dereference 19797-17084 19991-17084 19998-17084 18259-16823 17327-16823 16989-17084 19405-17084 18547-17084 19797-17084 19991-17084 19998-17084 18259-16823 17327-16823 16989-17084 19405-17084 18547-17084 Moderate 19797-17084 Moderate 19991-17084 Moderate 19998-17084 Moderate 18259-16823 Moderate 17327-16823 Moderate 16989-17084 Moderate 19405-17084 Moderate 18547-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19797-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19991-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19998-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18259-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17327-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16989-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19405-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18547-17084 CBL-Mariner Releases 19797-17084 16989-17084 No Security Update 6.6.35.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19797-17084 16989-17084 CBL-Mariner Releases CBL-Mariner Releases 18259-16823 No Security Update 5.15.137.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18259-16823 CBL-Mariner Releases CBL-Mariner Releases 17327-16823 No Security Update 5.15.158.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17327-16823 CBL-Mariner Releases CBL-Mariner Releases 18547-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18547-17084 CBL-Mariner Releases 1.3 2026-02-18T01:38:25 <p>Information published.</p> 1.0 2023-10-27T00:00:00 <p>Information published.</p> 1.1 2023-07-31T00:00:00 <p>Information published.</p> 1.2 2024-08-15T00:00:00 <p>Information published.</p> There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-33460 Missing Release of Memory after Effective Lifetime 17845-16820 17846-16823 17847-17084 17845-16820 17846-16823 17847-17084 Moderate 17845-16820 Moderate 17846-16823 Moderate 17847-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17845-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17846-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17847-17084 CBL-Mariner Releases 17845-16820 No Security Update 2.1.0-18 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17845-16820 CBL-Mariner Releases CBL-Mariner Releases 17846-16823 17847-17084 No Security Update 2.1.0-19 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17846-16823 17847-17084 CBL-Mariner Releases 1.0 2023-06-13T00:00:00 <p>Information published.</p> 1.1 2023-06-14T00:00:00 <p>Added yajl to CBL-Mariner 1.0</p> 1.2 2024-06-30T07:00:00 <p>Information published.</p> Null pointer dereference in submit_lookup_cmds() in drivers/gpu/drm/msm/msm_gem_submit.c <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3355 NULL Pointer Dereference 17831-16820 17830-16823 17831-16820 17830-16823 Moderate 17831-16820 Moderate 17830-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17831-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17830-16823 CBL-Mariner Releases 17831-16820 No Security Update 5.10.185.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17831-16820 CBL-Mariner Releases CBL-Mariner Releases 17830-16823 No Security Update 5.15.118.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17830-16823 CBL-Mariner Releases 1.0 2023-07-08T00:00:00 <p>Information published.</p> A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3358 NULL Pointer Dereference 17831-16820 17830-16823 17831-16820 17830-16823 Moderate 17831-16820 Moderate 17830-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17831-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17830-16823 CBL-Mariner Releases 17831-16820 No Security Update 5.10.185.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17831-16820 CBL-Mariner Releases CBL-Mariner Releases 17830-16823 No Security Update 5.15.118.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17830-16823 CBL-Mariner Releases 1.0 2023-07-07T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel brcm_nvram_parse in drivers/nvmem/brcm_nvram.c. Lacks for the check of the return value of kzalloc() can cause the NULL Pointer Dereference. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3359 NULL Pointer Dereference 17831-16820 17830-16823 17835-16823 17831-16820 17830-16823 17835-16823 Moderate 17831-16820 Moderate 17830-16823 Moderate 17835-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17831-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17830-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17835-16823 CBL-Mariner Releases 17831-16820 No Security Update 5.10.185.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17831-16820 CBL-Mariner Releases CBL-Mariner Releases 17830-16823 No Security Update 5.15.118.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17830-16823 CBL-Mariner Releases CBL-Mariner Releases 17835-16823 No Security Update 5.15.118.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17835-16823 CBL-Mariner Releases 1.0 2023-07-07T00:00:00 <p>Information published.</p> 1.1 2023-07-05T00:00:00 <p>Information published.</p> Use after free in io_uring in the Linux Kernel <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-3389 Use After Free 17831-16820 17834-16823 17824-16823 17831-16820 17834-16823 17824-16823 Important 17831-16820 Important 17834-16823 Important 17824-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17831-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17834-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17824-16823 CBL-Mariner Releases 17831-16820 No Security Update 5.10.185.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17831-16820 CBL-Mariner Releases CBL-Mariner Releases 17834-16823 No Security Update 5.15.135.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17834-16823 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2023-07-07T00:00:00 <p>Information published.</p> 1.1 2023-10-23T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0</p> CUPS vulnerable to use-after-free in cupsdAcceptClient() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-34241 Use After Free 18159-16823 17722-17084 19950-17086 20071-17084 18159-16823 17722-17084 19950-17086 20071-17084 Important 18159-16823 Important 17722-17084 Moderate 19950-17086 Important 20071-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 18159-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17722-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19950-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20071-17084 CBL-Mariner Releases 18159-16823 19950-17086 No Security Update 2.3.3op2-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18159-16823 19950-17086 CBL-Mariner Releases CBL-Mariner Releases 17722-17084 20071-17084 No Security Update 2.4.10-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17722-17084 20071-17084 CBL-Mariner Releases 2.2 2026-02-18T01:54:33 <p>Information published.</p> 1.0 2024-04-01T00:00:00 <p>Information published.</p> 1.1 2024-08-29T00:00:00 <p>Information published.</p> 1.2 2024-08-30T00:00:00 <p>Information published.</p> 1.3 2024-08-31T00:00:00 <p>Information published.</p> 1.4 2024-09-01T00:00:00 <p>Information published.</p> 1.5 2024-09-02T00:00:00 <p>Information published.</p> 1.6 2024-09-03T00:00:00 <p>Information published.</p> 1.7 2024-09-05T00:00:00 <p>Information published.</p> 1.8 2024-09-06T00:00:00 <p>Information published.</p> 1.9 2024-09-07T00:00:00 <p>Information published.</p> 2.0 2024-09-08T00:00:00 <p>Information published.</p> 2.1 2024-09-11T00:00:00 <p>Information published.</p> The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document. The earliest affected version is 0.8.9. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-34411 Improper Restriction of XML External Entity Reference 17848-16820 18815-17084 18469-17084 17848-16820 18815-17084 18469-17084 Important 17848-16820 Important 18815-17084 Important 18469-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17848-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18815-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18469-17084 CBL-Mariner Releases 17848-16820 No Security Update 60.9.0-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17848-16820 CBL-Mariner Releases CBL-Mariner Releases 18815-17084 No Security Update 2024.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18815-17084 CBL-Mariner Releases 1.2 2026-02-18T01:51:41 <p>Information published.</p> 1.0 2023-06-13T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus this is a denial-of-service vulnerability. The fixed versions are 1.12.28 1.14.8 and 1.15.6. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-34969 18352-16823 18352-16823 Moderate 18352-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18352-16823 CBL-Mariner Releases 18352-16823 No Security Update 1.15.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18352-16823 CBL-Mariner Releases 1.0 2023-06-21T00:00:00 <p>Information published.</p> An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-35788 Out-of-bounds Write 17831-16820 17841-16823 17831-16820 17841-16823 Important 17831-16820 Important 17841-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17831-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17841-16823 CBL-Mariner Releases 17831-16820 No Security Update 5.10.185.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17831-16820 CBL-Mariner Releases CBL-Mariner Releases 17841-16823 No Security Update 5.15.116.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17841-16823 CBL-Mariner Releases 1.0 2023-06-24T00:00:00 <p>Information published.</p> 1.1 2023-07-17T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-35823 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 17831-16820 17830-16823 17831-16820 17830-16823 Important 17831-16820 Important 17830-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17831-16820 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17830-16823 CBL-Mariner Releases 17831-16820 No Security Update 5.10.185.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17831-16820 CBL-Mariner Releases CBL-Mariner Releases 17830-16823 No Security Update 5.15.118.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17830-16823 CBL-Mariner Releases 1.0 2023-06-27T00:00:00 <p>Information published.</p> 1.1 2023-07-29T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-35824 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 17831-16820 17830-16823 17831-16820 17830-16823 Important 17831-16820 Important 17830-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17831-16820 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17830-16823 CBL-Mariner Releases 17831-16820 No Security Update 5.10.185.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17831-16820 CBL-Mariner Releases CBL-Mariner Releases 17830-16823 No Security Update 5.15.118.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17830-16823 CBL-Mariner Releases 1.0 2023-06-27T00:00:00 <p>Information published.</p> 1.1 2023-07-29T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-35827 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 16838-16823 16838-16823 Important 16838-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 16838-16823 CBL-Mariner Releases 16838-16823 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16838-16823 CBL-Mariner Releases 1.0 2023-06-27T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-35828 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 17823-16820 17824-16823 17823-16820 17824-16823 Important 17823-16820 Important 17824-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17823-16820 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2023-06-27T00:00:00 <p>Information published.</p> 1.1 2023-06-28T00:00:00 <p>Added kernel to CBL-Mariner 1.0</p> An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-35829 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 17831-16820 17830-16823 17831-16820 17830-16823 Important 17831-16820 Important 17830-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17831-16820 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17830-16823 CBL-Mariner Releases 17831-16820 No Security Update 5.10.185.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17831-16820 CBL-Mariner Releases CBL-Mariner Releases 17830-16823 No Security Update 5.15.118.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17830-16823 CBL-Mariner Releases 1.0 2023-06-27T00:00:00 <p>Information published.</p> 1.1 2023-07-29T00:00:00 <p>Information published.</p> A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-36617 Inefficient Regular Expression Complexity 18349-16823 18349-16823 Moderate 18349-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 18349-16823 CBL-Mariner Releases 18349-16823 No Security Update 3.1.4-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18349-16823 CBL-Mariner Releases 1.0 2023-07-04T00:00:00 <p>Information published.</p> Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2023-29405 Improper Neutralization of Special Elements in Output Used by a Downstream Component (&#39;Injection&#39;) 19778-17086 19785-17086 19668-17086 19693-17084 19697-17084 17375-16823 18140-16823 18138-16823 18141-17084 17667-17084 19712-17086 19778-17086 19785-17086 19668-17086 19693-17084 19697-17084 17375-16823 18140-16823 18138-16823 18141-17084 17667-17084 19712-17086 Critical 19778-17086 Critical 19785-17086 Critical 19668-17086 Critical 19693-17084 Critical 19697-17084 Critical 17375-16823 Critical 18140-16823 Critical 18138-16823 Critical 18141-17084 Critical 17667-17084 Critical 19712-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19778-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19785-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19668-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19693-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19697-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17375-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18140-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18138-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18141-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17667-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19712-17086 CBL-Mariner Releases 19778-17086 19785-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19778-17086 19785-17086 CBL-Mariner Releases CBL-Mariner Releases 17375-16823 No Security Update 1.21.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17375-16823 CBL-Mariner Releases CBL-Mariner Releases 18140-16823 18138-16823 18141-17084 No Security Update 1.20.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18140-16823 18138-16823 18141-17084 CBL-Mariner Releases 1.1 2026-02-18T03:11:39 <p>Information published.</p> 1.0 2025-09-04T05:08:03 <p>Information published.</p> Unsafe behavior in setuid/setgid binaries in runtime <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2023-29403 Exposure of Resource to Wrong Sphere 19785-17086 19778-17086 17667-17084 19712-17086 19697-17084 17375-16823 18140-16823 18138-16823 18141-17084 19668-17086 19693-17084 19785-17086 19778-17086 17667-17084 19712-17086 19697-17084 17375-16823 18140-16823 18138-16823 18141-17084 19668-17086 19693-17084 Important 19785-17086 Important 19778-17086 Important 17667-17084 Important 19712-17086 Important 19697-17084 Important 17375-16823 Important 18140-16823 Important 18138-16823 Important 18141-17084 Important 19668-17086 Important 19693-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19785-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19778-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17667-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19712-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19697-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17375-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18140-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18138-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18141-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19668-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19693-17084 CBL-Mariner Releases 19785-17086 19778-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19785-17086 19778-17086 CBL-Mariner Releases CBL-Mariner Releases 17375-16823 No Security Update 1.21.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17375-16823 CBL-Mariner Releases CBL-Mariner Releases 18140-16823 18138-16823 18141-17084 No Security Update 1.20.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18140-16823 18138-16823 18141-17084 CBL-Mariner Releases 1.0 2025-09-04T05:23:28 <p>Information published.</p> 1.1 2026-02-18T03:12:10 <p>Information published.</p> Use-after-free in Linux kernel's netfilter subsystem <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-3390 Use After Free 17824-16823 17824-16823 Important 17824-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17824-16823 CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:32 <p>Information published.</p> An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-34410 Improper Certificate Validation 17384-16823 17384-16823 Moderate 17384-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 17384-16823 CBL-Mariner Releases 17384-16823 No Security Update 5.12.11-15 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17384-16823 CBL-Mariner Releases 1.0 2025-03-19T00:00:00 <p>Information published.</p> An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2023-32212 18469-17084 18469-17084 18469-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 18469-17084 1.0 2025-09-03T21:57:40 <p>Information published.</p> If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2023-29544 Uncontrolled Resource Consumption 18469-17084 18469-17084 18469-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18469-17084 1.0 2025-09-03T22:02:48 <p>Information published.</p> Microsoft Exchange Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?</strong></p> <p>Yes, the attacker must be authenticated.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker who is on the same intranet as the Exchange server can achieve remote code execution via a PowerShell remoting session.</p> Microsoft Exchange Server Microsoft Yes CVE-2023-28310 Deserialization of Untrusted Data 12039 12038 12191 Remote Code Execution 12039 Remote Code Execution 12038 Remote Code Execution 12191 Important 12039 Important 12038 Important 12191 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12038 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12191 5025903 https://www.microsoft.com/download/details.aspx?familyid=b4a55fc9-bb0d-41b9-bc88-de8cd02314e6 5024296 12039 Yes Security Update 15.01.2507.027 https://support.microsoft.com/help/5025903 12039 5025903 5026261 https://www.microsoft.com/download/details.aspx?familyid=a5bece57-d7f9-4c91-b737-8d5bf89e3f1e 5024296 12038 Yes Security Update 15.02.1118.030 https://support.microsoft.com/help/5026261 12038 5026261 5026261 https://www.microsoft.com/download/details.aspx?familyid=06b1401a-746b-4130-a0be-b597c4204995 5024296 12191 Yes Security Update 15.02.1258.016 https://support.microsoft.com/help/5026261 12191 5026261 Anonymous, m4yfly with TianGong Team of Legendsec at Qi&#39;anxin Group, Anonymous 1.0 2023-06-13T07:00:00 <p>Information published.</p> GitHub: CVE-2023-29012 Git CMD erroneously executes `doskey.exe` in current directory, if it exists <p><strong>Why is this GitHub CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> Visual Studio GitHub Yes CVE-2023-29012 Relative Path Traversal 11600 12051 11935 11969 12129 12187 Remote Code Execution 11600 Remote Code Execution 12051 Remote Code Execution 11935 Remote Code Execution 11969 Remote Code Execution 12129 Remote Code Execution 12187 Important 11600 Important 12051 Important 11935 Important 11969 Important 12129 Important 12187 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.55 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.16 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.27 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.22 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.0 11969 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.3 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes <a href="https://github.com/ycdxsb">ycdxsb</a> with <a href="http://www.iie.ac.cn/">VARAS@IIE</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> GitHub: CVE-2023-29011 The config file of `connect.exe` is susceptible to malicious placing <p><strong>Why is this GitHub CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> Visual Studio GitHub Yes CVE-2023-29011 Relative Path Traversal 11600 12051 11935 11969 12129 12187 Remote Code Execution 11600 Remote Code Execution 12051 Remote Code Execution 11935 Remote Code Execution 11969 Remote Code Execution 12129 Remote Code Execution 12187 Important 11600 Important 12051 Important 11935 Important 11969 Important 12129 Important 12187 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.55 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.16 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.27 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.22 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.0 11969 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.3 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes <a href="https://github.com/ycdxsb">ycdxsb</a> with <a href="http://www.iie.ac.cn/">VARAS@IIE</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> GitHub: CVE-2023-25815 Git looks for localized messages in an unprivileged place <p><strong>Why is this GitHub CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> Visual Studio GitHub Yes CVE-2023-25815 11600 12051 11935 11969 12129 12187 Spoofing 11600 Spoofing 12051 Spoofing 11935 Spoofing 11969 Spoofing 12129 Spoofing 12187 Important 11600 Important 12051 Important 11935 Important 11969 Important 12129 Important 12187 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.55 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.16 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.27 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.22 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.0 11969 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.3 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Anonymous 1.0 2023-06-13T07:00:00 <p>Information published.</p> GitHub: CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write <p><strong>Why is this GitHub CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in MinGit software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> Visual Studio GitHub Yes CVE-2023-25652 11600 12051 11935 11969 12129 12187 Remote Code Execution 11600 Remote Code Execution 12051 Remote Code Execution 11935 Remote Code Execution 11969 Remote Code Execution 12129 Remote Code Execution 12187 Important 11600 Important 12051 Important 11935 Important 11969 Important 12129 Important 12187 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.55 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.16 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.27 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.22 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.0 11969 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.3 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Anonymous 1.0 2023-06-13T07:00:00 <p>Information published.</p> GitHub: CVE-2023-29007 Arbitrary configuration injection via `git submodule deinit` <p><strong>Why is this GitHub CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in MinGit software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> Visual Studio GitHub Yes CVE-2023-29007 Improper Neutralization of Special Elements used in a Command ('Command Injection') 11600 12051 11935 11969 12129 12187 Remote Code Execution 11600 Remote Code Execution 12051 Remote Code Execution 11935 Remote Code Execution 11969 Remote Code Execution 12129 Remote Code Execution 12187 Important 11600 Important 12051 Important 11935 Important 11969 Important 12129 Important 12187 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.55 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.16 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.27 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.22 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.0 11969 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.3 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Anonymous 1.0 2023-06-13T07:00:00 <p>Information published.</p> Dynamics 365 Finance Spoofing Vulnerability <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Limited information from the victim's browser associated with the vulnerable URL can be sent to the attacker by the malicious code.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The user would need to access the URL of the malicious website, which could spoof the content of a legitimate website, and then click a popup displayed on that site.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Microsoft Dynamics Microsoft Yes CVE-2023-24896 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11786 Spoofing 11786 Important 11786 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11786 Release Notes https://docs.microsoft.com/en-us/dynamics365/fin-ops-core/dev-itpro/migration-upgrade/download-hotfix-lcs 11786 Maybe Security Update 10.0.32 https://learn.microsoft.com/en-us/dynamics365/finance/get-started/whats-new-changed-10-0-32 11786 Release Notes <a href="https://www.facebook.com/khalidamin51/">Khalid Amin</a> with <a href="https://cyshield.com/">Cyshield</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> 2.0 2023-07-11T07:00:00 <p>In the Security Updates table, added Download and Article links for Dynamics 365 Finance/Operations. Customers running Dynamics 365 Finance and Operations should install the updates to be protected from this vulnerability.</p> Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a browser sandbox escape.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>Integrity is impacted as XSS allows an attacker to add their malicious script to fetch victim's sensitive info or to change DOM execution.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Limited information from the victim's browser associated with the vulnerable URL can be sent to the attacker by the malicious code.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass the permissions dialog feature prompt presented to users when initiating a download.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-29345 11655 Security Feature Bypass 11655 Low 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 114.0.1823.37 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes lxhom Ahmed ElMasry 1.0 2023-06-02T07:00:00 <p>Information published.</p> 1.1 2023-09-26T07:00:00 <p>Acknowledgement added. This is an informational change only.</p> Sysinternals Process Monitor for Windows Denial of Service Vulnerability <p><strong>How do I get the update for a Windows App?</strong></p> <p>The Microsoft Store will automatically update affected customers.</p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a>.</p> <p>Note that Process Monitor is only available as part of an MSIX package called Sysinternals Suite.</p> SysInternals Microsoft Yes CVE-2023-29353 Improper Input Validation 12190 12205 Denial of Service 12190 Denial of Service 12205 Low 12190 Low 12205 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12190 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12205 Release Notes https://download.sysinternals.com/files/ProcessMonitor.zip 12190 Maybe Security Update 3.94 https://learn.microsoft.com/en-us/sysinternals/downloads/procmon 12190 Release Notes Release Notes https://apps.microsoft.com/store/detail/sysinternals-suite/9P7KNL5RWT25 12205 Maybe Security Update 2023.6 https://apps.microsoft.com/store/detail/sysinternals-suite/9P7KNL5RWT25 12205 Release Notes <a href="https://twitter.com/akilgundogan">M. Akil G&#252;ndoğan</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> .NET and Visual Studio Microsoft Yes CVE-2023-24897 Heap-based Buffer Overflow 11600 12051 11935 11969 12129 10566 10577 12130 12009 12187 11970 11676-11923 11650-10049 11650-10483 11676-11924 11676-11568 11650-10051 11650-10852 11650-10378 11650-10816 11676-11572 11676-11926 11676-11929 11676-11927 11676-12097 11676-11930 11676-12099 11676-11931 11677-11568 11676-12098 11677-11569 11677-11570 11677-11571 11677-11572 11676-11571 11723-10816 11723-10853 11723-10855 11723-10852 11650-10855 11650-10853 11863-10051 11863-10049 11863-10378 11863-10379 11863-10483 11863-10543 12079-11923 12079-11924 12079-11926 12079-11929 12079-11930 12079-11927 12079-11931 12079-12086 12079-12097 12079-12099 12079-12085 12079-12098 11650-10543 12115-10287 12115-9312 12115-9318 12115-9344 12128-10729 12128-10735 11650-10379 11676-11569 Remote Code Execution 11600 Remote Code Execution 12051 Remote Code Execution 11935 Remote Code Execution 11969 Remote Code Execution 12129 Remote Code Execution 10566 Remote Code Execution 10577 Remote Code Execution 12130 Remote Code Execution 12009 Remote Code Execution 12187 Remote Code Execution 11970 Remote Code Execution 11676-11923 Remote Code Execution 11650-10049 Remote Code Execution 11650-10483 Remote Code Execution 11676-11924 Remote Code Execution 11676-11568 Remote Code Execution 11650-10051 Remote Code Execution 11650-10852 Remote Code Execution 11650-10378 Remote Code Execution 11650-10816 Remote Code Execution 11676-11572 Remote Code Execution 11676-11926 Remote Code Execution 11676-11929 Remote Code Execution 11676-11927 Remote Code Execution 11676-12097 Remote Code Execution 11676-11930 Remote Code Execution 11676-12099 Remote Code Execution 11676-11931 Remote Code Execution 11677-11568 Remote Code Execution 11676-12098 Remote Code Execution 11677-11569 Remote Code Execution 11677-11570 Remote Code Execution 11677-11571 Remote Code Execution 11677-11572 Remote Code Execution 11676-11571 Remote Code Execution 11723-10816 Remote Code Execution 11723-10853 Remote Code Execution 11723-10855 Remote Code Execution 11723-10852 Remote Code Execution 11650-10855 Remote Code Execution 11650-10853 Remote Code Execution 11863-10051 Remote Code Execution 11863-10049 Remote Code Execution 11863-10378 Remote Code Execution 11863-10379 Remote Code Execution 11863-10483 Remote Code Execution 11863-10543 Remote Code Execution 12079-11923 Remote Code Execution 12079-11924 Remote Code Execution 12079-11926 Remote Code Execution 12079-11929 Remote Code Execution 12079-11930 Remote Code Execution 12079-11927 Remote Code Execution 12079-11931 Remote Code Execution 12079-12086 Remote Code Execution 12079-12097 Remote Code Execution 12079-12099 Remote Code Execution 12079-12085 Remote Code Execution 12079-12098 Remote Code Execution 11650-10543 Remote Code Execution 12115-10287 Remote Code Execution 12115-9312 Remote Code Execution 12115-9318 Remote Code Execution 12115-9344 Remote Code Execution 12128-10729 Remote Code Execution 12128-10735 Remote Code Execution 11650-10379 Remote Code Execution 11676-11569 Critical 11600 Critical 12051 Critical 11935 Critical 11969 Critical 12129 Critical 10566 Critical 10577 Critical 12130 Critical 12009 Critical 12187 Critical 11970 Critical 11676-11923 Critical 11650-10049 Critical 11650-10483 Critical 11676-11924 Critical 11676-11568 Critical 11650-10051 Critical 11650-10852 Critical 11650-10378 Critical 11650-10816 Critical 11676-11572 Critical 11676-11926 Critical 11676-11929 Critical 11676-11927 Critical 11676-12097 Critical 11676-11930 Critical 11676-12099 Critical 11676-11931 Critical 11677-11568 Critical 11676-12098 Critical 11677-11569 Critical 11677-11570 Critical 11677-11571 Critical 11677-11572 Critical 11676-11571 Critical 11723-10816 Critical 11723-10853 Critical 11723-10855 Critical 11723-10852 Critical 11650-10855 Critical 11650-10853 Critical 11863-10051 Critical 11863-10049 Critical 11863-10378 Critical 11863-10379 Critical 11863-10483 Critical 11863-10543 Critical 12079-11923 Critical 12079-11924 Critical 12079-11926 Critical 12079-11929 Critical 12079-11930 Critical 12079-11927 Critical 12079-11931 Critical 12079-12086 Critical 12079-12097 Critical 12079-12099 Critical 12079-12085 Critical 12079-12098 Critical 11650-10543 Critical 12115-10287 Critical 12115-9312 Critical 12115-9318 Critical 12115-9344 Critical 12128-10729 Critical 12128-10735 Critical 11650-10379 Critical 11676-11569 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11600 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11935 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11969 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12129 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10566 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10577 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12130 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12009 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12187 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11970 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12128-10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12128-10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11569 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.55 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.16 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.27 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.22 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.0 11969 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes 5026610 https://aka.ms/vs/12/release/5026610 10566 Maybe Security Update 12.0.40700.0 https://support.microsoft.com/help/5026610 10566 5026610 5025792 https://aka.ms/vs/14/release/5025792 10577 Maybe Security Update 14.0.27555.0 https://support.microsoft.com/help/5025792 10577 5025792 5027798 https://dotnet.microsoft.com/download/dotnet/7.0 12130 Maybe Security Update 7.0.7 https://support.microsoft.com/help/5027798 12130 5027798 5027797 https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.18 https://support.microsoft.com/help/5027797 12009 5027797 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.3 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://github.com/PowerShell/Announcements/issues/40 11970 Maybe Security Update 7.2.12 https://github.com/PowerShell/Announcements/issues/40 11970 Release Notes 5027544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027127 5022735, 5022726 11676-11923 11676-11924 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027544 11676-11923 11676-11924 5027544 5027540 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027129 5022731 11650-10049 11650-10051 Maybe Monthly Rollup 4.8.4644.0 https://support.microsoft.com/help/5027540 11650-10049 11650-10051 5027540 5027531 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027110 11650-10049 11650-10051 Maybe Security Only 4.8.4644.0 https://support.microsoft.com/help/5027531 11650-10049 11650-10051 5027531 5027542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027128 5022733 11650-10483 11650-10543 Maybe Monthly Rollup 4.8.4644.0 https://support.microsoft.com/help/5027542 11650-10483 11650-10543 5027542 5027533 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027109 11650-10483 11650-10543 Maybe Security Only 4.8.4644.0 https://support.microsoft.com/help/5027533 11650-10483 11650-10543 5027533 5027536 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027124 5022782 11676-11568 11676-11572 11677-11569 11676-11571 11676-11569 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027536 11676-11568 11676-11572 11677-11569 11676-11571 11676-11569 5027536 5027123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027123 5022503 11650-10852 11650-10816 11650-10855 11650-10853 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027123 11650-10852 11650-10816 11650-10855 11650-10853 5027123 5027541 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027126 5022732 11650-10378 11650-10379 Maybe Monthly Rollup 4.8.4644.0 https://support.microsoft.com/help/5027541 11650-10378 11650-10379 5027541 5027532 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027108 11650-10378 11650-10379 Maybe Security Only 4.8.4644.0 https://support.microsoft.com/help/5027532 11650-10378 11650-10379 5027532 5027539 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027125 5026959, 5022730 11676-11926 11676-11927 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027539 11676-11926 11676-11927 5027539 5027537 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027122 5022728, 5026958, 5022729 11676-11929 11676-11930 11676-11931 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027537 11676-11929 11676-11930 11676-11931 5027537 5027538 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027122 5022728, 5026958, 5022729 11676-12097 11676-12099 11676-12098 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027538 11676-12097 11676-12099 11676-12098 5027538 5027536 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027131 5022782 11677-11568 11677-11570 11677-11571 11677-11572 Maybe Security Update 4.7.4050.0 https://support.microsoft.com/help/5027536 11677-11568 11677-11570 11677-11571 11677-11572 5027536 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 11723-10816 11723-10853 11723-10855 11723-10852 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 11723-10816 11723-10853 11723-10855 11723-10852 5027219 5027540 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027134 5022731 11863-10051 11863-10049 Maybe Monthly Rollup 4.7.04043.0 https://support.microsoft.com/help/5027540 11863-10051 11863-10049 5027540 5027531 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027113 11863-10051 11863-10049 Maybe Security Only 4.7.4050.0 https://support.microsoft.com/help/5027531 11863-10051 11863-10049 5027531 5027541 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027132 5022732 11863-10378 11863-10379 Maybe Monthly Rollup 4.7.04043.0 https://support.microsoft.com/help/5027541 11863-10378 11863-10379 5027541 5027532 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027111 11863-10378 11863-10379 Maybe Security Only 4.7.4050.0 https://support.microsoft.com/help/5027532 11863-10378 11863-10379 5027532 5027542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027133 5022733 11863-10483 11863-10543 Maybe Monthly Rollup 4.7.04043.0 https://support.microsoft.com/help/5027542 11863-10483 11863-10543 5027542 5027533 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027112 11863-10483 11863-10543 Maybe Security Only 4.7.4050.0 https://support.microsoft.com/help/5027533 11863-10483 11863-10543 5027533 5027544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027121 5022735 12079-11923 12079-11924 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027544 12079-11923 12079-11924 5027544 5027539 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027118 5026959, 5022730 12079-11926 12079-11927 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027539 12079-11926 12079-11927 5027539 5027537 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027117 5022728, 5026958, 5022729 12079-11929 12079-11930 12079-11931 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027537 12079-11929 12079-11930 12079-11931 5027537 5027119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027119 5026515, 5022497 12079-12086 12079-12085 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027119 12079-12086 12079-12085 5027119 5027538 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027117 5022728, 5026958, 5022729 12079-12097 12079-12099 12079-12098 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027538 12079-12097 12079-12099 12079-12098 5027538 5027543 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027134 5022731, 5022734 12115-10287 12115-9312 12115-9318 12115-9344 Maybe Monthly Rollup 4.7.04043.0 https://support.microsoft.com/help/5027543 12115-10287 12115-9312 12115-9318 12115-9344 5027543 5027534 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027113 12115-10287 12115-9312 12115-9318 12115-9344 Maybe Security Only 4.7.4050.0 https://support.microsoft.com/help/5027534 12115-10287 12115-9312 12115-9318 12115-9344 5027534 5027230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027230 5026382 12128-10729 12128-10735 Yes Security Update 10.0.10240.19983 https://support.microsoft.com/help/5027230 12128-10729 12128-10735 5027230 goodbyeselene HAO LI of VenusTech ADLab goodbyeselene 1.0 2023-06-13T07:00:00 <p>Information published.</p> 2.0 2023-06-29T07:00:00 <p>Revised the Security Updates table to include PowerShell 7.2 because this version of PowerShell 7 is affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/40">https://github.com/PowerShell/Announcements/issues/40</a> for more information.</p> .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> .NET and Visual Studio Microsoft Yes CVE-2023-24895 12130 11969 12051 12129 12187 11970 12131 11650-10379 11650-10816 11650-10852 11676-11568 11650-10049 11676-11571 11676-11924 11676-11572 11650-10051 11676-11569 11650-10543 11650-10378 11650-10853 11676-11923 11650-10855 11650-10483 11676-11926 11676-11927 11676-11929 11676-11930 11676-11931 11676-12097 11676-12099 11676-12098 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 11723-10852 11723-10853 11723-10816 11723-10855 11863-10051 11863-10049 11863-10378 11863-10543 11863-10379 11863-10483 12079-11923 12079-11924 12079-11926 12079-11927 12079-11929 12079-11930 12079-11931 12079-12085 12079-12086 12079-12097 12079-12098 12079-12099 12115-10287 12115-9312 12115-9344 12115-9318 12128-10729 12128-10735 9292-9312 9292-9318 9195-9312 9195-9318 2472-10378 2472-10379 2472-10483 2472-10543 9495-10051 9495-10049 Remote Code Execution 12130 Remote Code Execution 11969 Remote Code Execution 12051 Remote Code Execution 12129 Remote Code Execution 12187 Remote Code Execution 11970 Remote Code Execution 12131 Remote Code Execution 11650-10379 Remote Code Execution 11650-10816 Remote Code Execution 11650-10852 Remote Code Execution 11676-11568 Remote Code Execution 11650-10049 Remote Code Execution 11676-11571 Remote Code Execution 11676-11924 Remote Code Execution 11676-11572 Remote Code Execution 11650-10051 Remote Code Execution 11676-11569 Remote Code Execution 11650-10543 Remote Code Execution 11650-10378 Remote Code Execution 11650-10853 Remote Code Execution 11676-11923 Remote Code Execution 11650-10855 Remote Code Execution 11650-10483 Remote Code Execution 11676-11926 Remote Code Execution 11676-11927 Remote Code Execution 11676-11929 Remote Code Execution 11676-11930 Remote Code Execution 11676-11931 Remote Code Execution 11676-12097 Remote Code Execution 11676-12099 Remote Code Execution 11676-12098 Remote Code Execution 11677-11568 Remote Code Execution 11677-11569 Remote Code Execution 11677-11570 Remote Code Execution 11677-11571 Remote Code Execution 11677-11572 Remote Code Execution 11723-10852 Remote Code Execution 11723-10853 Remote Code Execution 11723-10816 Remote Code Execution 11723-10855 Remote Code Execution 11863-10051 Remote Code Execution 11863-10049 Remote Code Execution 11863-10378 Remote Code Execution 11863-10543 Remote Code Execution 11863-10379 Remote Code Execution 11863-10483 Remote Code Execution 12079-11923 Remote Code Execution 12079-11924 Remote Code Execution 12079-11926 Remote Code Execution 12079-11927 Remote Code Execution 12079-11929 Remote Code Execution 12079-11930 Remote Code Execution 12079-11931 Remote Code Execution 12079-12085 Remote Code Execution 12079-12086 Remote Code Execution 12079-12097 Remote Code Execution 12079-12098 Remote Code Execution 12079-12099 Remote Code Execution 12115-10287 Remote Code Execution 12115-9312 Remote Code Execution 12115-9344 Remote Code Execution 12115-9318 Remote Code Execution 12128-10729 Remote Code Execution 12128-10735 Remote Code Execution 9292-9312 Remote Code Execution 9292-9318 Remote Code Execution 9195-9312 Remote Code Execution 9195-9318 Remote Code Execution 2472-10378 Remote Code Execution 2472-10379 Remote Code Execution 2472-10483 Remote Code Execution 2472-10543 Remote Code Execution 9495-10051 Remote Code Execution 9495-10049 Important 12130 Important 11969 Important 12051 Important 12129 Important 12187 Important 11970 Important 12131 Important 11650-10379 Important 11650-10816 Important 11650-10852 Important 11676-11568 Important 11650-10049 Important 11676-11571 Important 11676-11924 Important 11676-11572 Important 11650-10051 Important 11676-11569 Important 11650-10543 Important 11650-10378 Important 11650-10853 Important 11676-11923 Important 11650-10855 Important 11650-10483 Important 11676-11926 Important 11676-11927 Important 11676-11929 Important 11676-11930 Important 11676-11931 Important 11676-12097 Important 11676-12099 Important 11676-12098 Important 11677-11568 Important 11677-11569 Important 11677-11570 Important 11677-11571 Important 11677-11572 Important 11723-10852 Important 11723-10853 Important 11723-10816 Important 11723-10855 Important 11863-10051 Important 11863-10049 Important 11863-10378 Important 11863-10543 Important 11863-10379 Important 11863-10483 Important 12079-11923 Important 12079-11924 Important 12079-11926 Important 12079-11927 Important 12079-11929 Important 12079-11930 Important 12079-11931 Important 12079-12085 Important 12079-12086 Important 12079-12097 Important 12079-12098 Important 12079-12099 Important 12115-10287 Important 12115-9312 Important 12115-9344 Important 12115-9318 Important 12128-10729 Important 12128-10735 Important 9292-9312 Important 9292-9318 Important 9195-9312 Important 9195-9318 Important 2472-10378 Important 2472-10379 Important 2472-10483 Important 2472-10543 Important 9495-10051 Important 9495-10049 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12130 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11969 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12129 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12187 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11970 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12131 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12128-10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12128-10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9292-9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9292-9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9195-9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9195-9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9495-10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9495-10049 5027798 https://dotnet.microsoft.com/download/dotnet/7.0 12130 Maybe Security Update 7.0.7 https://support.microsoft.com/help/5027798 12130 5027798 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.22 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.0 11969 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.16 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.3 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://github.com/PowerShell/Announcements/issues/41 11970 Maybe Security Update 7.2.12 https://github.com/PowerShell/Announcements/issues/41 11970 Release Notes Release Notes https://github.com/PowerShell/Announcements/issues/41 12131 Maybe Security Update 7.3.5 https://github.com/PowerShell/Announcements/issues/41 12131 Release Notes 5027541 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027126 5022732 11650-10379 11650-10378 Maybe Monthly Rollup 4.8.4644.0 https://support.microsoft.com/help/5027541 11650-10379 11650-10378 5027541 5027532 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027108 11650-10379 11650-10378 Maybe Security Only 4.8.4644.0 https://support.microsoft.com/help/5027532 11650-10379 11650-10378 5027532 5027123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027123 5022503 11650-10816 11650-10852 11650-10853 11650-10855 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027123 11650-10816 11650-10852 11650-10853 11650-10855 5027123 5027536 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027124 5022782 11676-11568 11676-11571 11676-11572 11676-11569 11677-11569 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027536 11676-11568 11676-11571 11676-11572 11676-11569 11677-11569 5027536 5027540 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027129 5022731 11650-10049 11650-10051 Maybe Monthly Rollup 4.8.4644.0 https://support.microsoft.com/help/5027540 11650-10049 11650-10051 5027540 5027531 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027110 11650-10049 11650-10051 Maybe Security Only 4.8.4644.0 https://support.microsoft.com/help/5027531 11650-10049 11650-10051 5027531 5027544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027127 5022735, 5022726 11676-11924 11676-11923 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027544 11676-11924 11676-11923 5027544 5027542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027128 5022733 11650-10543 11650-10483 Maybe Monthly Rollup 4.8.4644.0 https://support.microsoft.com/help/5027542 11650-10543 11650-10483 5027542 5027533 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027109 11650-10543 11650-10483 Maybe Security Only 4.8.4644.0 https://support.microsoft.com/help/5027533 11650-10543 11650-10483 5027533 5027539 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027125 5026959, 5022730 11676-11926 11676-11927 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027539 11676-11926 11676-11927 5027539 5027537 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027122 5022728, 5026958, 5022729 11676-11929 11676-11930 11676-11931 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027537 11676-11929 11676-11930 11676-11931 5027537 5027538 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027122 5022728, 5026958, 5022729 11676-12097 11676-12099 11676-12098 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027538 11676-12097 11676-12099 11676-12098 5027538 5027536 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027131 5022782 11677-11568 11677-11570 11677-11571 11677-11572 Maybe Security Update 4.7.4050.0 https://support.microsoft.com/help/5027536 11677-11568 11677-11570 11677-11571 11677-11572 5027536 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 11723-10852 11723-10853 11723-10816 11723-10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 11723-10852 11723-10853 11723-10816 11723-10855 5027219 5027540 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027134 5022731 11863-10051 11863-10049 Maybe Monthly Rollup 4.7.04043.0 https://support.microsoft.com/help/5027540 11863-10051 11863-10049 5027540 5027531 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027113 11863-10051 11863-10049 Maybe Security Only 4.7.4050.0 https://support.microsoft.com/help/5027531 11863-10051 11863-10049 5027531 5027541 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027132 5022732 11863-10378 11863-10379 Maybe Monthly Rollup 4.7.04043.0 https://support.microsoft.com/help/5027541 11863-10378 11863-10379 5027541 5027532 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027111 11863-10378 11863-10379 Maybe Security Only 4.7.4050.0 https://support.microsoft.com/help/5027532 11863-10378 11863-10379 5027532 5027542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027133 5022733 11863-10543 11863-10483 Maybe Monthly Rollup 4.7.04043.0 https://support.microsoft.com/help/5027542 11863-10543 11863-10483 5027542 5027533 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027112 11863-10543 11863-10483 Maybe Security Only 4.7.4050.0 https://support.microsoft.com/help/5027533 11863-10543 11863-10483 5027533 5027544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027121 5022735 12079-11923 12079-11924 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027544 12079-11923 12079-11924 5027544 5027539 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027118 5026959, 5022730 12079-11926 12079-11927 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027539 12079-11926 12079-11927 5027539 5027537 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027117 5022728, 5026958, 5022729 12079-11929 12079-11930 12079-11931 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027537 12079-11929 12079-11930 12079-11931 5027537 5027119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027119 5026515, 5022497 12079-12085 12079-12086 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027119 12079-12085 12079-12086 5027119 5027538 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027117 5022728, 5026958, 5022729 12079-12097 12079-12098 12079-12099 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027538 12079-12097 12079-12098 12079-12099 5027538 5027543 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027134 5022731, 5022734 12115-10287 12115-9312 12115-9344 12115-9318 Maybe Monthly Rollup 4.7.04043.0 https://support.microsoft.com/help/5027543 12115-10287 12115-9312 12115-9344 12115-9318 5027543 5027534 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027113 12115-10287 12115-9312 12115-9344 12115-9318 9292-9318 9195-9318 Maybe Security Only 4.7.4050.0 https://support.microsoft.com/help/5027534 12115-10287 12115-9312 12115-9344 12115-9318 9292-9318 9195-9318 5027534 5027230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027230 5026382 12128-10729 12128-10735 Yes Security Update 10.0.10240.19983 https://support.microsoft.com/help/5027230 12128-10729 12128-10735 5027230 5027543 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027139 5022734 9292-9312 9292-9318 9195-9312 9195-9318 Maybe Monthly Rollup 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027543 9292-9312 9292-9318 9195-9312 9195-9318 5027543 5027534 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027114 9292-9312 9195-9312 Maybe Security Only 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027534 9292-9312 9195-9312 5027534 5027541 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027138 5022732 2472-10378 2472-10379 Maybe Monthly Rollup 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027541 2472-10378 2472-10379 5027541 5027532 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027107 2472-10378 2472-10379 Maybe Security Only 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027532 2472-10378 2472-10379 5027532 5027542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027141 5022733 2472-10483 2472-10543 Maybe Monthly Rollup 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027542 2472-10483 2472-10543 5027542 5027533 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027116 2472-10483 2472-10543 Maybe Security Only 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027533 2472-10483 2472-10543 5027533 5027540 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027140 5022731 9495-10051 9495-10049 Maybe Monthly Rollup 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027540 9495-10051 9495-10049 5027540 5027531 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027115 9495-10051 9495-10049 Maybe Security Only 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027531 9495-10051 9495-10049 5027531 1.0 2023-06-13T07:00:00 <p>Information published.</p> 2.0 2023-06-29T07:00:00 <p>Revised the Security Updates table to include PowerShell 7.2 and PowerShell 7.3 because these versions of PowerShell 7 are affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/41">https://github.com/PowerShell/Announcements/issues/41</a> for more information.</p> .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into opening a malicious XML file.</p> .NET and Visual Studio Microsoft Yes CVE-2023-24936 12051 11969 12129 12009 12130 12187 11970 12131 11650-10855 11650-10543 11676-11568 11650-10852 11650-10853 11650-10379 11650-10049 11650-10378 11676-11569 11650-10051 11650-10483 11650-10816 11676-11924 11676-11923 11676-11571 11676-11570 11676-11572 11676-11926 11676-12099 11676-11929 11676-12097 11676-11930 11676-11931 11676-12098 11676-11927 11677-11568 11677-11571 11677-11570 11677-11569 11677-11572 11723-10816 11723-10855 11723-10852 11723-10853 11863-10483 11863-10378 11863-10051 11863-10049 11863-10379 11863-10543 12079-11924 12079-11923 12079-11929 12079-11927 12079-11926 12079-12099 12115-10287 12079-12085 12079-11930 12115-9318 12079-11931 12079-12097 12079-12086 12115-9344 12115-9312 12079-12098 12128-10729 12128-10735 9292-9312 9195-9318 9292-9318 9195-9312 9495-10051 2472-10379 2472-10378 2472-10543 2472-10483 9495-10049 Elevation of Privilege 12051 Elevation of Privilege 11969 Elevation of Privilege 12129 Elevation of Privilege 12009 Elevation of Privilege 12130 Elevation of Privilege 12187 Elevation of Privilege 11970 Elevation of Privilege 12131 Elevation of Privilege 11650-10855 Elevation of Privilege 11650-10543 Elevation of Privilege 11676-11568 Elevation of Privilege 11650-10852 Elevation of Privilege 11650-10853 Elevation of Privilege 11650-10379 Elevation of Privilege 11650-10049 Elevation of Privilege 11650-10378 Elevation of Privilege 11676-11569 Elevation of Privilege 11650-10051 Elevation of Privilege 11650-10483 Elevation of Privilege 11650-10816 Elevation of Privilege 11676-11924 Elevation of Privilege 11676-11923 Elevation of Privilege 11676-11571 Elevation of Privilege 11676-11570 Elevation of Privilege 11676-11572 Elevation of Privilege 11676-11926 Elevation of Privilege 11676-12099 Elevation of Privilege 11676-11929 Elevation of Privilege 11676-12097 Elevation of Privilege 11676-11930 Elevation of Privilege 11676-11931 Elevation of Privilege 11676-12098 Elevation of Privilege 11676-11927 Elevation of Privilege 11677-11568 Elevation of Privilege 11677-11571 Elevation of Privilege 11677-11570 Elevation of Privilege 11677-11569 Elevation of Privilege 11677-11572 Elevation of Privilege 11723-10816 Elevation of Privilege 11723-10855 Elevation of Privilege 11723-10852 Elevation of Privilege 11723-10853 Elevation of Privilege 11863-10483 Elevation of Privilege 11863-10378 Elevation of Privilege 11863-10051 Elevation of Privilege 11863-10049 Elevation of Privilege 11863-10379 Elevation of Privilege 11863-10543 Elevation of Privilege 12079-11924 Elevation of Privilege 12079-11923 Elevation of Privilege 12079-11929 Elevation of Privilege 12079-11927 Elevation of Privilege 12079-11926 Elevation of Privilege 12079-12099 Elevation of Privilege 12115-10287 Elevation of Privilege 12079-12085 Elevation of Privilege 12079-11930 Elevation of Privilege 12115-9318 Elevation of Privilege 12079-11931 Elevation of Privilege 12079-12097 Elevation of Privilege 12079-12086 Elevation of Privilege 12115-9344 Elevation of Privilege 12115-9312 Elevation of Privilege 12079-12098 Elevation of Privilege 12128-10729 Elevation of Privilege 12128-10735 Elevation of Privilege 9292-9312 Elevation of Privilege 9195-9318 Elevation of Privilege 9292-9318 Elevation of Privilege 9195-9312 Elevation of Privilege 9495-10051 Elevation of Privilege 2472-10379 Elevation of Privilege 2472-10378 Elevation of Privilege 2472-10543 Elevation of Privilege 2472-10483 Elevation of Privilege 9495-10049 Moderate 12051 Moderate 11969 Moderate 12129 Moderate 12009 Moderate 12130 Moderate 12187 Moderate 11970 Moderate 12131 Moderate 11650-10855 Moderate 11650-10543 Moderate 11676-11568 Moderate 11650-10852 Moderate 11650-10853 Moderate 11650-10379 Moderate 11650-10049 Moderate 11650-10378 Moderate 11676-11569 Moderate 11650-10051 Moderate 11650-10483 Moderate 11650-10816 Moderate 11676-11924 Moderate 11676-11923 Moderate 11676-11571 Moderate 11676-11570 Moderate 11676-11572 Moderate 11676-11926 Moderate 11676-12099 Moderate 11676-11929 Moderate 11676-12097 Moderate 11676-11930 Moderate 11676-11931 Moderate 11676-12098 Moderate 11676-11927 Moderate 11677-11568 Moderate 11677-11571 Moderate 11677-11570 Moderate 11677-11569 Moderate 11677-11572 Moderate 11723-10816 Moderate 11723-10855 Moderate 11723-10852 Moderate 11723-10853 Moderate 11863-10483 Moderate 11863-10378 Moderate 11863-10051 Moderate 11863-10049 Moderate 11863-10379 Moderate 11863-10543 Moderate 12079-11924 Moderate 12079-11923 Moderate 12079-11929 Moderate 12079-11927 Moderate 12079-11926 Moderate 12079-12099 Moderate 12115-10287 Moderate 12079-12085 Moderate 12079-11930 Moderate 12115-9318 Moderate 12079-11931 Moderate 12079-12097 Moderate 12079-12086 Moderate 12115-9344 Moderate 12115-9312 Moderate 12079-12098 Moderate 12128-10729 Moderate 12128-10735 Moderate 9292-9312 Moderate 9195-9318 Moderate 9292-9318 Moderate 9195-9312 Moderate 9495-10051 Moderate 2472-10379 Moderate 2472-10378 Moderate 2472-10543 Moderate 2472-10483 Moderate 9495-10049 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11969 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12129 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12009 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12130 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12187 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11970 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12131 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10543 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10049 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11570 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11926 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11927 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11570 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10049 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10543 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11927 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11926 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-10287 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12085 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9318 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12086 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9344 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9312 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12128-10729 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12128-10735 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9292-9312 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9195-9318 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9292-9318 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9195-9312 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9495-10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10543 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9495-10049 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.16 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.22 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.0 11969 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes 5027797 https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.18 https://support.microsoft.com/help/5027797 12009 5027797 5027798 https://dotnet.microsoft.com/download/dotnet/7.0 12130 Maybe Security Update 7.0.7 https://support.microsoft.com/help/5027798 12130 5027798 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.3 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://github.com/PowerShell/Announcements/issues/42 11970 Maybe Security Update 7.2.12 https://github.com/PowerShell/Announcements/issues/42 11970 Release Notes Release Notes https://github.com/PowerShell/Announcements/issues/42 12131 Maybe Security Update 7.3.5 https://github.com/PowerShell/Announcements/issues/42 12131 Release Notes 5027123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027123 5022503 11650-10855 11650-10852 11650-10853 11650-10816 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027123 11650-10855 11650-10852 11650-10853 11650-10816 5027123 5027542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027128 5022733 11650-10543 11650-10483 Maybe Monthly Rollup 4.8.4644.0 https://support.microsoft.com/help/5027542 11650-10543 11650-10483 5027542 5027533 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027109 11650-10543 11650-10483 Maybe Security Only 4.8.4644.0 https://support.microsoft.com/help/5027533 11650-10543 11650-10483 5027533 5027536 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027124 5022782 11676-11568 11676-11569 11676-11571 11676-11572 11677-11569 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027536 11676-11568 11676-11569 11676-11571 11676-11572 11677-11569 5027536 5027541 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027126 5022732 11650-10379 11650-10378 Maybe Monthly Rollup 4.8.4644.0 https://support.microsoft.com/help/5027541 11650-10379 11650-10378 5027541 5027532 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027108 11650-10379 11650-10378 Maybe Security Only 4.8.4644.0 https://support.microsoft.com/help/5027532 11650-10379 11650-10378 5027532 5027540 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027129 5022731 11650-10049 11650-10051 Maybe Monthly Rollup 4.8.4644.0 https://support.microsoft.com/help/5027540 11650-10049 11650-10051 5027540 5027531 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027110 11650-10049 11650-10051 Maybe Security Only 4.8.4644.0 https://support.microsoft.com/help/5027531 11650-10049 11650-10051 5027531 5027544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027127 5022735, 5022726 11676-11924 11676-11923 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027544 11676-11924 11676-11923 5027544 5027536 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027131 5022782 11676-11570 11677-11568 11677-11571 11677-11570 11677-11572 Maybe Security Update 4.7.4050.0 https://support.microsoft.com/help/5027536 11676-11570 11677-11568 11677-11571 11677-11570 11677-11572 5027536 5027539 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027125 5026959, 5022730 11676-11926 11676-11927 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027539 11676-11926 11676-11927 5027539 5027538 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027122 5022728, 5026958, 5022729 11676-12099 11676-12097 11676-12098 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027538 11676-12099 11676-12097 11676-12098 5027538 5027537 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027122 5022728, 5026958, 5022729 11676-11929 11676-11930 11676-11931 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027537 11676-11929 11676-11930 11676-11931 5027537 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 11723-10816 11723-10855 11723-10852 11723-10853 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 11723-10816 11723-10855 11723-10852 11723-10853 5027219 5027542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027133 5022733 11863-10483 11863-10543 Maybe Monthly Rollup 4.7.04043.0 https://support.microsoft.com/help/5027542 11863-10483 11863-10543 5027542 5027533 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027112 11863-10483 11863-10543 Maybe Security Only 4.7.4050.0 https://support.microsoft.com/help/5027533 11863-10483 11863-10543 5027533 5027541 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027132 5022732 11863-10378 11863-10379 Maybe Monthly Rollup 4.7.04043.0 https://support.microsoft.com/help/5027541 11863-10378 11863-10379 5027541 5027532 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027111 11863-10378 11863-10379 Maybe Security Only 4.7.4050.0 https://support.microsoft.com/help/5027532 11863-10378 11863-10379 5027532 5027540 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027134 5022731 11863-10051 11863-10049 Maybe Monthly Rollup 4.7.04043.0 https://support.microsoft.com/help/5027540 11863-10051 11863-10049 5027540 5027531 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027113 11863-10051 11863-10049 Maybe Security Only 4.7.4050.0 https://support.microsoft.com/help/5027531 11863-10051 11863-10049 5027531 5027544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027121 5022735 12079-11924 12079-11923 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027544 12079-11924 12079-11923 5027544 5027537 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027117 5022728, 5026958, 5022729 12079-11929 12079-11930 12079-11931 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027537 12079-11929 12079-11930 12079-11931 5027537 5027539 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027118 5026959, 5022730 12079-11927 12079-11926 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027539 12079-11927 12079-11926 5027539 5027538 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027117 5022728, 5026958, 5022729 12079-12099 12079-12097 12079-12098 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027538 12079-12099 12079-12097 12079-12098 5027538 5027543 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027134 5022731, 5022734 12115-10287 12115-9318 12115-9344 12115-9312 Maybe Monthly Rollup 4.7.04043.0 https://support.microsoft.com/help/5027543 12115-10287 12115-9318 12115-9344 12115-9312 5027543 5027534 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027113 12115-10287 12115-9318 12115-9344 12115-9312 9195-9318 9292-9318 Maybe Security Only 4.7.4050.0 https://support.microsoft.com/help/5027534 12115-10287 12115-9318 12115-9344 12115-9312 9195-9318 9292-9318 5027534 5027119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027119 5026515, 5022497 12079-12085 12079-12086 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027119 12079-12085 12079-12086 5027119 5027230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027230 5026382 12128-10729 12128-10735 Yes Security Update 10.0.10240.19983 https://support.microsoft.com/help/5027230 12128-10729 12128-10735 5027230 5027543 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027139 5022734 9292-9312 9195-9318 9292-9318 9195-9312 Maybe Monthly Rollup 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027543 9292-9312 9195-9318 9292-9318 9195-9312 5027543 5027534 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027114 9292-9312 9195-9312 Maybe Security Only 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027534 9292-9312 9195-9312 5027534 5027540 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027140 5022731 9495-10051 9495-10049 Maybe Monthly Rollup 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027540 9495-10051 9495-10049 5027540 5027531 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027115 9495-10051 9495-10049 Maybe Security Only 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027531 9495-10051 9495-10049 5027531 5027541 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027138 5022732 2472-10379 2472-10378 Maybe Monthly Rollup 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027541 2472-10379 2472-10378 5027541 5027532 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027107 2472-10379 2472-10378 Maybe Security Only 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027532 2472-10379 2472-10378 5027532 5027542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027141 5022733 2472-10543 2472-10483 Maybe Monthly Rollup 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027542 2472-10543 2472-10483 5027542 5027533 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027116 2472-10543 2472-10483 Maybe Security Only 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027533 2472-10543 2472-10483 5027533 H01 and H02 from FPT Software Cybersecurity Assurance Service with https://www.fpt-software.com/ H01 and H02 from FPT Software Cybersecurity Assurance Service with https://www.fpt-software.com/ H01 and H02 from FPT Software Cybersecurity Assurance Service with https://www.fpt-software.com/ 3.2 2023-09-12T07:00:00 <p>Updated links to security updates. This is an informational change only.</p> 1.0 2023-06-13T07:00:00 <p>Information published.</p> 2.0 2023-06-29T07:00:00 <p>Revised the Security Updates table to include PowerShell 7.2 and PowerShell 7.3 because these versions of PowerShell 7 are affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/42">https://github.com/PowerShell/Announcements/issues/42</a> for more information.</p> 3.0 2023-07-13T07:00:00 <p>In the Security Updates table, added all supported versions of all supported versions of .NET Framework, Visual Studio 2022 version 17.0, Visual Studio 2022 version 17.2, and Visual Studio 2022 version 17.4 because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> 3.1 2023-08-18T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> .NET Framework Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> .NET Framework Microsoft Yes CVE-2023-29326 11676-11568 11676-11569 11676-11571 11676-11572 11676-11923 11676-11924 11676-11926 11676-11927 11676-11929 11676-11930 11676-11931 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 11723-10852 11723-10853 11723-10816 11723-10855 12079-11923 12079-11924 12079-11926 12079-11927 9292-9312 9292-9318 9195-9312 9195-9318 2472-10378 2472-10379 2472-10483 2472-10543 9495-10051 9495-10049 11676-12097 11676-12098 11676-12099 12079-11929 12079-11930 12079-11931 12079-12085 12079-12086 12079-12097 12079-12098 12079-12099 12128-10729 12128-10735 Remote Code Execution 11676-11568 Remote Code Execution 11676-11569 Remote Code Execution 11676-11571 Remote Code Execution 11676-11572 Remote Code Execution 11676-11923 Remote Code Execution 11676-11924 Remote Code Execution 11676-11926 Remote Code Execution 11676-11927 Remote Code Execution 11676-11929 Remote Code Execution 11676-11930 Remote Code Execution 11676-11931 Remote Code Execution 11677-11568 Remote Code Execution 11677-11569 Remote Code Execution 11677-11570 Remote Code Execution 11677-11571 Remote Code Execution 11677-11572 Remote Code Execution 11723-10852 Remote Code Execution 11723-10853 Remote Code Execution 11723-10816 Remote Code Execution 11723-10855 Remote Code Execution 12079-11923 Remote Code Execution 12079-11924 Remote Code Execution 12079-11926 Remote Code Execution 12079-11927 Remote Code Execution 9292-9312 Remote Code Execution 9292-9318 Remote Code Execution 9195-9312 Remote Code Execution 9195-9318 Remote Code Execution 2472-10378 Remote Code Execution 2472-10379 Remote Code Execution 2472-10483 Remote Code Execution 2472-10543 Remote Code Execution 9495-10051 Remote Code Execution 9495-10049 Remote Code Execution 11676-12097 Remote Code Execution 11676-12098 Remote Code Execution 11676-12099 Remote Code Execution 12079-11929 Remote Code Execution 12079-11930 Remote Code Execution 12079-11931 Remote Code Execution 12079-12085 Remote Code Execution 12079-12086 Remote Code Execution 12079-12097 Remote Code Execution 12079-12098 Remote Code Execution 12079-12099 Remote Code Execution 12128-10729 Remote Code Execution 12128-10735 Important 11676-11568 Important 11676-11569 Important 11676-11571 Important 11676-11572 Important 11676-11923 Important 11676-11924 Important 11676-11926 Important 11676-11927 Important 11676-11929 Important 11676-11930 Important 11676-11931 Important 11677-11568 Important 11677-11569 Important 11677-11570 Important 11677-11571 Important 11677-11572 Important 11723-10852 Important 11723-10853 Important 11723-10816 Important 11723-10855 Important 12079-11923 Important 12079-11924 Important 12079-11926 Important 12079-11927 Important 9292-9312 Important 9292-9318 Important 9195-9312 Important 9195-9318 Important 2472-10378 Important 2472-10379 Important 2472-10483 Important 2472-10543 Important 9495-10051 Important 9495-10049 Important 11676-12097 Important 11676-12098 Important 11676-12099 Important 12079-11929 Important 12079-11930 Important 12079-11931 Important 12079-12085 Important 12079-12086 Important 12079-12097 Important 12079-12098 Important 12079-12099 Important 12128-10729 Important 12128-10735 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9292-9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9292-9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9195-9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9195-9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9495-10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9495-10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12128-10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12128-10735 5027536 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027124 5022782 11676-11568 11676-11569 11676-11571 11676-11572 11677-11569 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027536 11676-11568 11676-11569 11676-11571 11676-11572 11677-11569 5027536 5027544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027127 5022735, 5022726 11676-11923 11676-11924 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027544 11676-11923 11676-11924 5027544 5027539 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027125 5026959, 5022730 11676-11926 11676-11927 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027539 11676-11926 11676-11927 5027539 5027537 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027122 5022728, 5026958, 5022729 11676-11929 11676-11930 11676-11931 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027537 11676-11929 11676-11930 11676-11931 5027537 5027536 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027131 5022782 11677-11568 11677-11570 11677-11571 11677-11572 Maybe Security Update 4.7.4050.0 https://support.microsoft.com/help/5027536 11677-11568 11677-11570 11677-11571 11677-11572 5027536 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 11723-10852 11723-10853 11723-10816 11723-10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 11723-10852 11723-10853 11723-10816 11723-10855 5027219 5027544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027121 5022735 12079-11923 12079-11924 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027544 12079-11923 12079-11924 5027544 5027539 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027118 5026959, 5022730 12079-11926 12079-11927 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027539 12079-11926 12079-11927 5027539 5027543 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027139 5022734 9292-9312 9292-9318 9195-9312 9195-9318 Maybe Monthly Rollup 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027543 9292-9312 9292-9318 9195-9312 9195-9318 5027543 5027534 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027114 9292-9312 9195-9312 Maybe Security Only 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027534 9292-9312 9195-9312 5027534 5027534 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027113 9292-9318 9195-9318 Maybe Security Only 4.7.4050.0 https://support.microsoft.com/help/5027534 9292-9318 9195-9318 5027534 5027541 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027138 5022732 2472-10378 2472-10379 Maybe Monthly Rollup 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027541 2472-10378 2472-10379 5027541 5027532 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027107 2472-10378 2472-10379 Maybe Security Only 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027532 2472-10378 2472-10379 5027532 5027542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027141 5022733 2472-10483 2472-10543 Maybe Monthly Rollup 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027542 2472-10483 2472-10543 5027542 5027533 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027116 2472-10483 2472-10543 Maybe Security Only 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027533 2472-10483 2472-10543 5027533 5027540 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027140 5022731 9495-10051 9495-10049 Maybe Monthly Rollup 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027540 9495-10051 9495-10049 5027540 5027531 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027115 9495-10051 9495-10049 Maybe Security Only 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027531 9495-10051 9495-10049 5027531 5027538 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027122 5022728, 5026958, 5022729 11676-12097 11676-12098 11676-12099 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027538 11676-12097 11676-12098 11676-12099 5027538 5027537 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027117 5022728, 5026958, 5022729 12079-11929 12079-11930 12079-11931 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027537 12079-11929 12079-11930 12079-11931 5027537 5027119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027119 5026515, 5022497 12079-12085 12079-12086 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027119 12079-12085 12079-12086 5027119 5027538 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027117 5022728, 5026958, 5022729 12079-12097 12079-12098 12079-12099 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027538 12079-12097 12079-12098 12079-12099 5027538 5027230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027230 5026382 12128-10729 12128-10735 Yes Security Update 10.0.10240.19983 https://support.microsoft.com/help/5027230 12128-10729 12128-10735 5027230 1.0 2023-06-13T07:00:00 <p>Information published.</p> Azure DevOps Server Spoofing Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?</strong></p> <p>While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker would have to send the victim a malicious file that the victim would have to execute.</p> Azure DevOps Microsoft Yes CVE-2023-21569 Improper Control of Generation of Code ('Code Injection') 12143 12149 12189 Spoofing 12143 Spoofing 12149 Spoofing 12189 Important 12143 Moderate 12149 Moderate 12189 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 12143 5.5 4.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 12149 5.5 4.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 12189 Release Notes file://cpvsbuild/drops/mseng/tfs/Dev18/releases_M181.AzureDevOps2020.1.1public/layouts/x86ret/Tfs2018Sgn_20230601.3/enu/devops/Patch 12143 Maybe Security Update 20230601.3 https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2020u1?view=azure-devops 12143 Release Notes Release Notes file://cpvsbuild/drops/mseng/tfs/Dev19/releases_M205.AzureDevOps2022.RTW/layouts/x86ret/Tfs2018Sgn_20230602.4/enu/devops/Patch 12149 Maybe Security Update 20230602.4 https://learn.microsoft.com/azure/devops/server/release-notes/azuredevops2022?view=azure-devops 12149 Release Notes Release Notes file://cpvsbuild/drops/mseng/tfs/Dev19/releases_M205.AzureDevOps2022.0.1/layouts/x86ret/Tfs2018Sgn_20230602.5/enu/devops/Patch 12189 Maybe Security Update 20230602.5 https://learn.microsoft.com/azure/devops/server/release-notes/azuredevops2022?view=azure-devops 12189 Release Notes <a href="https://www.xing.com/profile/martin_wrona3">Martin Wrona (martin_jw)</a> with <a href="https://www.galaxus.ch/">Digitec Galaxus AG</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> Azure DevOps Server Spoofing Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to no loss of availability (A:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker cannot impact the availability of the service.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could access data that is available for the current user. Depending on the user's authorization the attacker could collect detailed data about ADO elements such as org/proj configuration, users, groups, teams, projects, pipelines, board, or wiki. An attacker could also craft page elements to collect user secrets.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>An attacker is able to manipulate DOM model of website adding/removing elements, with crafted script is able to do actions on ADO in current user context without user consent or awareness.</p> Azure DevOps Microsoft Yes CVE-2023-21565 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 12149 12143 12189 Spoofing 12149 Spoofing 12143 Spoofing 12189 Important 12149 Important 12143 Important 12189 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 12149 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 12143 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 12189 Release Notes file://cpvsbuild/drops/mseng/tfs/Dev19/releases_M205.AzureDevOps2022.RTW/layouts/x86ret/Tfs2018Sgn_20230602.4/enu/devops/Patch 12149 Maybe Security Update 20230602.4 https://learn.microsoft.com/azure/devops/server/release-notes/azuredevops2022?view=azure-devops 12149 Release Notes Release Notes file://cpvsbuild/drops/mseng/tfs/Dev18/releases_M181.AzureDevOps2020.1.1public/layouts/x86ret/Tfs2018Sgn_20230601.3/enu/devops/Patch 12143 Maybe Security Update 20230601.3 https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2020u1?view=azure-devops 12143 Release Notes Release Notes file://cpvsbuild/drops/mseng/tfs/Dev19/releases_M205.AzureDevOps2022.0.1/layouts/x86ret/Tfs2018Sgn_20230602.5/enu/devops/Patch 12189 Maybe Security Update 20230602.5 https://learn.microsoft.com/azure/devops/server/release-notes/azuredevops2022?view=azure-devops 12189 Release Notes <a href="https://www.xing.com/profile/martin_wrona3">Martin Wrona (martin_jw)</a> with <a href="https://www.galaxus.ch/">Digitec Galaxus AG</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> Microsoft Power Apps Spoofing Vulnerability <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>How do I know that I'm protected from this vulnerability?</strong></p> <p>A new PowerApp compiler (version 3.23052.16) has been rolled out world wide.</p> <p>If you have an existing Canvas App you'll need to save and republish your canvas app. Please see <a href="https://learn.microsoft.com/en-us/power-apps/maker/canvas-apps/save-publish-app">Save and publish canvas apps</a> for information on this process. If you create a new Canvas App you will already be protected from this vulnerability.</p> Microsoft Power Apps Microsoft Yes CVE-2023-32024 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 12186 Spoofing 12186 Important 12186 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 3.0 2.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C 12186 Information https://learn.microsoft.com/en-us/power-apps/maker/canvas-apps/save-publish-app 12186 No Security Update 3.23052.16 https://learn.microsoft.com/en-us/power-apps/maker/canvas-apps/save-publish-app 12186 Information Jordan Hopkins 1.0 2023-06-13T07:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> Microsoft Office Excel Microsoft Yes CVE-2023-32029 Out-of-bounds Read 11573 11574 11575 11605 11762 11763 11951 11952 11953 10739 10740 10656 10654 10655 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11575 Remote Code Execution 11605 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 10739 Remote Code Execution 10740 Remote Code Execution 10656 Remote Code Execution 10654 Remote Code Execution 10655 Important 11573 Important 11574 Important 11575 Important 11605 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 10739 Important 10740 Important 10656 Important 10654 Important 10655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11575 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11605 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10656 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10654 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10655 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Maybe Security Update 16.74.23061100 https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Release Notes 5002401 https://www.microsoft.com/download/details.aspx?familyid=c4ea9a4f-1c8e-43b5-af8f-ce298bf97f14 5002372 11605 Maybe Security Update 16.0.10399.20000 https://support.microsoft.com/help/5002401 11605 5002401 5002405 https://www.microsoft.com/download/details.aspx?familyid=0204046f-b4a1-47a1-a985-307c34e92ebe 5002386 10739 Maybe Security Update 16.0.5400.1000 https://support.microsoft.com/help/5002405 10739 5002405 5002405 https://www.microsoft.com/download/details.aspx?familyid=832c1bf7-27f6-4845-8ff5-6ff460381ec6 5002386 10740 Maybe Security Update 16.0.5400.1000 https://support.microsoft.com/help/5002405 10740 5002405 5002414 5002384 10656 Maybe Security Update 15.0.5563.1000 https://support.microsoft.com/help/5002414 10656 5002414 5002414 https://www.microsoft.com/download/details.aspx?familyid=1a60905c-9b77-4df7-944a-aeeff2ebc55f 5002384 10654 Maybe Security Update 15.0.5563.1000 https://support.microsoft.com/help/5002414 10654 5002414 5002414 https://www.microsoft.com/download/details.aspx?familyid=4f333af6-b5f9-499d-a4d9-32670c821cee 5002384 10655 Maybe Security Update 15.0.5563.1000 https://support.microsoft.com/help/5002414 10655 5002414 <a href="https://twitter.com/_icewall">Marcin 'Icewall' Noga</a> with <a href="https://talosintelligence.com/vulnerability_reports/">Cisco Talos</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> Microsoft Exchange Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is none (UI:N). What is the target used in the context of the remote code execution?</strong></p> <p>The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?</strong></p> <p>Yes, the attacker must be authenticated.</p> Microsoft Exchange Server Microsoft Yes CVE-2023-32031 Deserialization of Untrusted Data 12038 12039 12191 Remote Code Execution 12038 Remote Code Execution 12039 Remote Code Execution 12191 Important 12038 Important 12039 Important 12191 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12038 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12191 5026261 https://www.microsoft.com/download/details.aspx?familyid=a5bece57-d7f9-4c91-b737-8d5bf89e3f1e 5024296 12038 Yes Security Update 15.02.1118.030 https://support.microsoft.com/help/5026261 12038 5026261 5025903 https://www.microsoft.com/download/details.aspx?familyid=b4a55fc9-bb0d-41b9-bc88-de8cd02314e6 5024296 12039 Yes Security Update 15.01.2507.027 https://support.microsoft.com/help/5025903 12039 5025903 5026261 https://www.microsoft.com/download/details.aspx?familyid=06b1401a-746b-4130-a0be-b597c4204995 5024296 12191 Yes Security Update 15.02.1258.016 https://support.microsoft.com/help/5026261 12191 5026261 Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative 1.0 2023-06-13T07:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> Microsoft Office Excel Microsoft Yes CVE-2023-33137 Double Free 11573 11574 11605 10739 10740 10656 10654 10655 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11605 Remote Code Execution 10739 Remote Code Execution 10740 Remote Code Execution 10656 Remote Code Execution 10654 Remote Code Execution 10655 Important 11573 Important 11574 Important 11605 Important 10739 Important 10740 Important 10656 Important 10654 Important 10655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11605 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10656 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10654 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10655 Click to Run 11573 11574 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 Click to Run 5002401 https://www.microsoft.com/download/details.aspx?familyid=c4ea9a4f-1c8e-43b5-af8f-ce298bf97f14 5002372 11605 Maybe Security Update 16.0.10399.20000 https://support.microsoft.com/help/5002401 11605 5002401 5002405 https://www.microsoft.com/download/details.aspx?familyid=0204046f-b4a1-47a1-a985-307c34e92ebe 5002386 10739 Maybe Security Update 16.0.5400.1000 https://support.microsoft.com/help/5002405 10739 5002405 5002405 https://www.microsoft.com/download/details.aspx?familyid=832c1bf7-27f6-4845-8ff5-6ff460381ec6 5002386 10740 Maybe Security Update 16.0.5400.1000 https://support.microsoft.com/help/5002405 10740 5002405 5002414 5002384 10656 Maybe Security Update 15.0.5563.1000 https://support.microsoft.com/help/5002414 10656 5002414 5002414 https://www.microsoft.com/download/details.aspx?familyid=1a60905c-9b77-4df7-944a-aeeff2ebc55f 5002384 10654 Maybe Security Update 15.0.5563.1000 https://support.microsoft.com/help/5002414 10654 5002414 5002414 https://www.microsoft.com/download/details.aspx?familyid=4f333af6-b5f9-499d-a4d9-32670c821cee 5002384 10655 Maybe Security Update 15.0.5563.1000 https://support.microsoft.com/help/5002414 10655 5002414 Excel Engineering team 1.0 2023-06-13T07:00:00 <p>Information published.</p> Visual Studio Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is information disclosure?</strong></p> <p>The attack itself is carried out locally. For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer which could leak data.</p> Visual Studio Microsoft Yes CVE-2023-33139 Out-of-bounds Read 11600 12051 11935 11969 12129 10566 10577 12187 Information Disclosure 11600 Information Disclosure 12051 Information Disclosure 11935 Information Disclosure 11969 Information Disclosure 12129 Information Disclosure 10566 Information Disclosure 10577 Information Disclosure 12187 Important 11600 Important 12051 Important 11935 Important 11969 Important 12129 Important 10566 Important 10577 Important 12187 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11600 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12051 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11935 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11969 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12129 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10566 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10577 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12187 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.55 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.16 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.27 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.22 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.0 11969 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes 5026454 https://aka.ms/vs/12/release/5026454 10566 Maybe Security Update 12.0.40702.0 https://support.microsoft.com/help/5026454 10566 5026454 5026455 https://aka.ms/vs/14/release/5026455 10577 Maybe Security Update 14.0.27554.0 https://support.microsoft.com/help/5026455 10577 5026455 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.3 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes HAO LI of VenusTech ADLab 1.0 2023-06-13T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>114.0.1823.37</td> <td>6/2/2023</td> <td>114.0.5735.90/91</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a browser sandbox escape.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>The attacker would gain the rights of the user that is running the affected application.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to loss of availability (A:H)? What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the user to click on a malicious URL or an embedded link in an email message which could lead to denial of service (DOS) or the Browser to crash.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The user would need to access the URL of the malicious website, which could spoof the content of a legitimate website, and then click a popup displayed on that site.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-33143 11655 Elevation of Privilege 11655 Moderate 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:H/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 114.0.1823.37 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Anonymous 1.0 2023-06-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-2936 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>114.0.1823.37</td> <td>6/2/2023</td> <td>114.0.5735.90/91</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-2936 11655 11655 11655 Release Notes 11655 No Security Update 114.0.1823.37 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-06-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-2938 Inappropriate implementation in Picture In Picture <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>114.0.1823.37</td> <td>6/2/2023</td> <td>114.0.5735.90/91</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-2938 11655 11655 11655 Release Notes 11655 No Security Update 114.0.1823.37 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-06-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-2931 Use after free in PDF <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>114.0.1823.37</td> <td>6/2/2023</td> <td>114.0.5735.90/91</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-2931 11655 11655 11655 Release Notes 11655 No Security Update 114.0.1823.37 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-06-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-2941 Inappropriate implementation in Extensions API <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>114.0.1823.37</td> <td>6/2/2023</td> <td>114.0.5735.90/91</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-2941 11655 11655 11655 Release Notes 11655 No Security Update 114.0.1823.37 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-06-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-2929 Out of bounds write in Swiftshader <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>114.0.1823.37</td> <td>6/2/2023</td> <td>114.0.5735.90/91</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-2929 11655 11655 11655 Release Notes 11655 No Security Update 114.0.1823.37 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-06-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-2933 Use after free in PDF <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>114.0.1823.37</td> <td>6/2/2023</td> <td>114.0.5735.90/91</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-2933 11655 11655 11655 Release Notes 11655 No Security Update 114.0.1823.37 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-06-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-2939 Insufficient data validation in Installer <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>114.0.1823.37</td> <td>6/2/2023</td> <td>114.0.5735.90/91</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-2939 11655 11655 11655 Release Notes 11655 No Security Update 114.0.1823.37 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-06-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-2940 Inappropriate implementation in Downloads <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>114.0.1823.37</td> <td>6/2/2023</td> <td>114.0.5735.90/91</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-2940 11655 11655 11655 Release Notes 11655 No Security Update 114.0.1823.37 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-06-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-2935 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>114.0.1823.37</td> <td>6/2/2023</td> <td>114.0.5735.90/91</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-2935 11655 11655 11655 Release Notes 11655 No Security Update 114.0.1823.37 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-06-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-2937 Inappropriate implementation in Picture In Picture <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>114.0.1823.37</td> <td>6/2/2023</td> <td>114.0.5735.90/91</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-2937 11655 11655 11655 Release Notes 11655 No Security Update 114.0.1823.37 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-06-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-2934 Out of bounds memory access in Mojo <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>114.0.1823.37</td> <td>6/2/2023</td> <td>114.0.5735.90/91</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-2934 11655 11655 11655 Release Notes 11655 No Security Update 114.0.1823.37 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-06-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-2932 Use after free in PDF <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>114.0.1823.37</td> <td>6/2/2023</td> <td>114.0.5735.90/91</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-2932 11655 11655 11655 Release Notes 11655 No Security Update 114.0.1823.37 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-06-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-2930 Use after free in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>114.0.1823.37</td> <td>6/2/2023</td> <td>114.0.5735.90/91</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-2930 11655 11655 11655 Release Notes 11655 No Security Update 114.0.1823.37 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-06-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-3079 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p>Google is aware that an exploit for CVE-2023-3079 exists in the wild.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>114.0.1823.41</td> <td>6/6/2023</td> <td>114.0.5735.110</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-3079 11655 11655 11655 Release Notes 11655 No Security Update 114.0.1823.41 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-06-06T22:35:45 <p>Information published.</p> Microsoft Office Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user needs to be tricked into running malicious files.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>Are the updates for the Microsoft Office for Mac currently available?</strong></p> <p>The security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>Where can I find more information?</strong></p> <p>Please see the Microsoft 365 Insider Blog Post relating to the temporary disablement of the ability to insert SketchUp graphics (.skp files) here: <a href="https://insider.microsoft365.com/en-us/blog/add-sketchup-files-to-office-creations">SketchUp files in Office Update</a>.</p> Microsoft Office Microsoft Yes CVE-2023-33146 Heap-based Buffer Overflow 11575 11762 11763 11951 Remote Code Execution 11575 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Important 11575 Important 11762 Important 11763 Important 11951 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11575 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Maybe Security Update 16.74.23061100 https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Release Notes Click to Run 11762 11763 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates 11762 11763 Click to Run greenbamboo <a href="https://twitter.com/threatlabz">Kai Lu</a> with <a href="https://www.zscaler.com/">Zscaler&#39;s ThreatLabz</a> Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> 1.1 2023-08-15T07:00:00 <p>Acknowledgement added. This is an informational change only.</p> Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable).</p> <p><strong>If I normally install GDR versions and have not installed the June Cumulative Update, am I affected by the vulnerability?</strong></p> <p>Yes, customers who have installed <a href="https://support.microsoft.com/help/501522">Microsoft SQL Server 2022 for x64-based Systems (GDR)</a> or <a href="https://support.microsoft.com/help/5021125">Microsoft SQL Server 2019 for x64-based Systems (GDR)</a> are vulnerable. Microsoft recommends updating to the latest cumulative update to be protected from this vulnerability.</p> SQL Server Microsoft Yes CVE-2023-29356 Use After Free 12194 12197 12193 12196 12195 12198 12051 12129 12187 12271 11935 Remote Code Execution 12194 Remote Code Execution 12197 Remote Code Execution 12193 Remote Code Execution 12196 Remote Code Execution 12195 Remote Code Execution 12198 Remote Code Execution 12051 Remote Code Execution 12129 Remote Code Execution 12187 Remote Code Execution 12271 Remote Code Execution 11935 Important 12194 Important 12197 Important 12193 Important 12196 Important 12195 Important 12198 Important 12051 Important 12129 Important 12187 Important 12271 Important 11935 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12194 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12197 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12193 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12196 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12195 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12198 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12129 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12187 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12271 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11935 Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#17 12194 Maybe Security Update 17.10.4.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17104 12194 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#18 12197 Maybe Security Update 18.2.1.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1822 12197 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/download-odbc-driver-for-sql-server#version-17 12193 Maybe Security Update 17.10.4.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17104 12193 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/download-odbc-driver-for-sql-server#download-for-windows 12196 Maybe Security Update 18.2.2.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1822 12196 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/install-microsoft-odbc-driver-sql-server-macos#17 12195 Maybe Security Update 17.10.4.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17104 12195 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/install-microsoft-odbc-driver-sql-server-macos#18 12198 Maybe Security Update 18.2.1.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1822 12198 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.23 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.15 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.11 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.4 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.33 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes <p><strong>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigating factors</a> might be helpful in your situation:</strong></p> <p>Exploitation of this vulnerability requires an attacker to trick or convince the victim into connecting to their malicious server. If your environment only connects to known, trusted servers and there is no ability to reconfigure existing connections to point to another location (for example you use TLS encryption with certificate validation), the vulnerability cannot be exploited.</p> だんご 1.0 2023-06-15T07:00:00 <p>Information published.</p> 1.2 2023-10-11T07:00:00 <p>Updated product information in the Software Update table. This is an informational change only.</p> 1.1 2023-07-11T07:00:00 <p>Added an FAQ to inform customers who have installed Microsoft SQL Server 2022 for x64-based Systems (GDR) or Microsoft SQL Server 2019 for x64-based Systems (GDR) are vulnerable. Microsoft recommends updating to the latest cumulative update to be protected from this vulnerability.</p> 2.0 2024-01-09T08:00:00 <p>In the Security Updates table, added Microsoft Visual Studio 2019 version 16.11, Visual Studio 2022 version 17.2, Visual Studio 2022 version 17.4, Visual Studio 2022 version 17.6, and Visual Studio 2022 version 17.8 because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>If I normally install GDR versions and have not installed the June Cumulative Update, am I affected by the vulnerability?</strong></p> <p>Yes, customers who have installed <a href="https://support.microsoft.com/help/501522">Microsoft SQL Server 2022 for x64-based Systems (GDR)</a> or <a href="https://support.microsoft.com/help/5021125">Microsoft SQL Server 2019 for x64-based Systems (GDR)</a> are vulnerable. Microsoft recommends updating to the latest cumulative update to be protected from this vulnerability.</p> SQL Server Microsoft Yes CVE-2023-32025 Heap-based Buffer Overflow 12194 12198 12195 12196 12197 12193 11935 12051 12129 12187 12271 Remote Code Execution 12194 Remote Code Execution 12198 Remote Code Execution 12195 Remote Code Execution 12196 Remote Code Execution 12197 Remote Code Execution 12193 Remote Code Execution 11935 Remote Code Execution 12051 Remote Code Execution 12129 Remote Code Execution 12187 Remote Code Execution 12271 Important 12194 Important 12198 Important 12195 Important 12196 Important 12197 Important 12193 Important 11935 Important 12051 Important 12129 Important 12187 Important 12271 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12194 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12198 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12195 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12196 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12197 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12193 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11935 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12129 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12187 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12271 Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#17 12194 Maybe Security Update 17.10.4.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17104 12194 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/install-microsoft-odbc-driver-sql-server-macos#18 12198 Maybe Security Update 18.2.1.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1822 12198 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/install-microsoft-odbc-driver-sql-server-macos#17 12195 Maybe Security Update 17.10.4.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17104 12195 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/download-odbc-driver-for-sql-server#download-for-windows 12196 Maybe Security Update 18.2.2.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1822 12196 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#18 12197 Maybe Security Update 18.2.1.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1822 12197 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/download-odbc-driver-for-sql-server#version-17 12193 Maybe Security Update 17.10.4.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17104 12193 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.33 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.23 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.15 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.11 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.4 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Bonda 1.0 2023-06-15T07:00:00 <p>Information published.</p> 1.2 2023-07-26T07:00:00 <p>Updated links to security updates. This is an informational change only.</p> 1.3 2023-10-11T07:00:00 <p>Updated product information in the Software Update table. This is an informational change only.</p> 1.1 2023-07-11T07:00:00 <p>Added an FAQ to inform customers who have installed Microsoft SQL Server 2022 for x64-based Systems (GDR) or Microsoft SQL Server 2019 for x64-based Systems (GDR) are vulnerable. Microsoft recommends updating to the latest cumulative update to be protected from this vulnerability.</p> 2.0 2024-01-09T08:00:00 <p>In the Security Updates table, added Microsoft Visual Studio 2019 version 16.11, Visual Studio 2022 version 17.2, Visual Studio 2022 version 17.4, Visual Studio 2022 version 17.6, and Visual Studio 2022 version 17.8 because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>If I normally install GDR versions and have not installed the June Cumulative Update, am I affected by the vulnerability?</strong></p> <p>Yes, customers who have installed <a href="https://support.microsoft.com/help/501522">Microsoft SQL Server 2022 for x64-based Systems (GDR)</a> or <a href="https://support.microsoft.com/help/5021125">Microsoft SQL Server 2019 for x64-based Systems (GDR)</a> are vulnerable. Microsoft recommends updating to the latest cumulative update to be protected from this vulnerability.</p> SQL Server Microsoft Yes CVE-2023-32026 Heap-based Buffer Overflow 12195 12194 12197 12196 12198 12193 11935 12051 12129 12187 12271 Remote Code Execution 12195 Remote Code Execution 12194 Remote Code Execution 12197 Remote Code Execution 12196 Remote Code Execution 12198 Remote Code Execution 12193 Remote Code Execution 11935 Remote Code Execution 12051 Remote Code Execution 12129 Remote Code Execution 12187 Remote Code Execution 12271 Important 12195 Important 12194 Important 12197 Important 12196 Important 12198 Important 12193 Important 11935 Important 12051 Important 12129 Important 12187 Important 12271 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12195 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12194 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12197 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12196 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12198 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12193 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11935 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12129 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12187 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12271 Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/install-microsoft-odbc-driver-sql-server-macos#17 12195 Maybe Security Update 17.10.4.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17104 12195 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#17 12194 Maybe Security Update 17.10.4.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17104 12194 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#18 12197 Maybe Security Update 18.2.1.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1822 12197 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/download-odbc-driver-for-sql-server#download-for-windows 12196 Maybe Security Update 18.2.2.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1822 12196 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/install-microsoft-odbc-driver-sql-server-macos#18 12198 Maybe Security Update 18.2.1.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1822 12198 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/download-odbc-driver-for-sql-server#version-17 12193 Maybe Security Update 17.10.4.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17104 12193 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.33 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.23 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.15 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.11 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.4 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Nezuko 1.0 2023-06-15T07:00:00 <p>Information published.</p> 1.2 2023-07-26T07:00:00 <p>Updated links to security updates. This is an informational change only.</p> 1.3 2023-10-11T07:00:00 <p>Updated product information in the Software Update table. This is an informational change only.</p> 1.1 2023-07-11T07:00:00 <p>Added an FAQ to inform customers who have installed Microsoft SQL Server 2022 for x64-based Systems (GDR) or Microsoft SQL Server 2019 for x64-based Systems (GDR) are vulnerable. Microsoft recommends updating to the latest cumulative update to be protected from this vulnerability.</p> 2.0 2024-01-09T08:00:00 <p>In the Security Updates table, added Microsoft Visual Studio 2019 version 16.11, Visual Studio 2022 version 17.2, Visual Studio 2022 version 17.4, Visual Studio 2022 version 17.6, and Visual Studio 2022 version 17.8 because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>If I normally install GDR versions and have not installed the June Cumulative Update, am I affected by the vulnerability?</strong></p> <p>Yes, customers who have installed <a href="https://support.microsoft.com/help/501522">Microsoft SQL Server 2022 for x64-based Systems (GDR)</a> or <a href="https://support.microsoft.com/help/5021125">Microsoft SQL Server 2019 for x64-based Systems (GDR)</a> are vulnerable. Microsoft recommends updating to the latest cumulative update to be protected from this vulnerability.</p> SQL Server Microsoft Yes CVE-2023-32027 Heap-based Buffer Overflow 12194 12193 12196 12198 12195 12197 11935 12051 12129 12187 12271 Remote Code Execution 12194 Remote Code Execution 12193 Remote Code Execution 12196 Remote Code Execution 12198 Remote Code Execution 12195 Remote Code Execution 12197 Remote Code Execution 11935 Remote Code Execution 12051 Remote Code Execution 12129 Remote Code Execution 12187 Remote Code Execution 12271 Important 12194 Important 12193 Important 12196 Important 12198 Important 12195 Important 12197 Important 11935 Important 12051 Important 12129 Important 12187 Important 12271 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12194 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12193 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12196 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12198 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12195 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12197 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11935 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12129 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12187 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12271 Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#17 12194 Maybe Security Update 17.10.4.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17104 12194 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/download-odbc-driver-for-sql-server#version-17 12193 Maybe Security Update 17.10.4.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17104 12193 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/download-odbc-driver-for-sql-server#download-for-windows 12196 Maybe Security Update 18.2.2.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1822 12196 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/install-microsoft-odbc-driver-sql-server-macos#18 12198 Maybe Security Update 18.2.1.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1822 12198 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/install-microsoft-odbc-driver-sql-server-macos#17 12195 Maybe Security Update 17.10.4.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17104 12195 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#18 12197 Maybe Security Update 18.2.1.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1822 12197 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.33 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.23 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.15 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.11 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.4 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Asuka 1.0 2023-06-15T07:00:00 <p>Information published.</p> 1.2 2023-07-26T07:00:00 <p>Updated links to security updates. This is an informational change only.</p> 1.3 2023-10-11T07:00:00 <p>Updated product information in the Software Update table. This is an informational change only.</p> 1.1 2023-07-11T07:00:00 <p>Added an FAQ to inform customers who have installed Microsoft SQL Server 2022 for x64-based Systems (GDR) or Microsoft SQL Server 2019 for x64-based Systems (GDR) are vulnerable. Microsoft recommends updating to the latest cumulative update to be protected from this vulnerability.</p> 2.0 2024-01-09T08:00:00 <p>In the Security Updates table, added Microsoft Visual Studio 2019 version 16.11, Visual Studio 2022 version 17.2, Visual Studio 2022 version 17.4, Visual Studio 2022 version 17.6, and Visual Studio 2022 version 17.8 because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> Microsoft ODBC and OLE DB Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable).</p> <p><strong>If I normally install GDR versions and have not installed the June Cumulative Update, am I affected by the vulnerability?</strong></p> <p>Yes, customers who have installed <a href="https://support.microsoft.com/help/501522">Microsoft SQL Server 2022 for x64-based Systems (GDR)</a> or <a href="https://support.microsoft.com/help/5021125">Microsoft SQL Server 2019 for x64-based Systems (GDR)</a> are vulnerable. Microsoft recommends updating to the latest cumulative update to be protected from this vulnerability.</p> SQL Server Microsoft Yes CVE-2023-29349 Integer Underflow (Wrap or Wraparound) 12181 12180 11935 12051 12129 12187 12271 12198 12197 12195 12194 12196 12193 Remote Code Execution 12181 Remote Code Execution 12180 Remote Code Execution 11935 Remote Code Execution 12051 Remote Code Execution 12129 Remote Code Execution 12187 Remote Code Execution 12271 Remote Code Execution 12198 Remote Code Execution 12197 Remote Code Execution 12195 Remote Code Execution 12194 Remote Code Execution 12196 Remote Code Execution 12193 Important 12181 Important 12180 Important 11935 Important 12051 Important 12129 Important 12187 Important 12271 Important 12198 Important 12197 Important 12195 Important 12194 Important 12196 Important 12193 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12181 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12180 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11935 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12129 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12187 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12271 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12198 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12197 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12195 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12194 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12196 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12193 Release Notes https://learn.microsoft.com/sql/connect/oledb/release-notes-for-oledb-driver-for-sql-server#1866 12181 Maybe Security Update 18.6.0006.0 https://learn.microsoft.com/sql/connect/oledb/release-notes-for-oledb-driver-for-sql-server#1866 12181 Release Notes Release Notes https://learn.microsoft.com/sql/connect/oledb/download-oledb-driver-for-sql-server#download 12180 Maybe Security Update 19.3.0001.0 https://learn.microsoft.com/sql/connect/oledb/release-notes-for-oledb-driver-for-sql-server#1931 12180 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.33 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.23 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.15 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.11 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.4 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/install-microsoft-odbc-driver-sql-server-macos#18 12198 Maybe Security Update 18.2.1.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1822 12198 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#18 12197 Maybe Security Update 18.2.1.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1822 12197 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/install-microsoft-odbc-driver-sql-server-macos#17 12195 Maybe Security Update 17.10.4.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17104 12195 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#17 12194 Maybe Security Update 17.10.4.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17104 12194 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/download-odbc-driver-for-sql-server#download-for-windows 12196 Maybe Security Update 18.2.2.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1822 12196 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/download-odbc-driver-for-sql-server#version-17 12193 Maybe Security Update 17.10.4.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17104 12193 Release Notes <p><strong>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigating factors</a> might be helpful in your situation:</strong></p> <p>Exploitation of this vulnerability requires an attacker to trick or convince the victim into connecting to their malicious server. If your environment only connects to known, trusted servers and there is no ability to reconfigure existing connections to point to another location (for example you use TLS encryption with certificate validation), the vulnerability cannot be exploited.</p> Yisekai Ojisan 1.2 2023-10-11T07:00:00 <p>Updated product information in the Software Update table. This is an informational change only.</p> 1.0 2023-06-15T07:00:00 <p>Information published.</p> 1.1 2023-07-11T07:00:00 <p>Added an FAQ to inform customers who have installed Microsoft SQL Server 2022 for x64-based Systems (GDR) or Microsoft SQL Server 2019 for x64-based Systems (GDR) are vulnerable. Microsoft recommends updating to the latest cumulative update to be protected from this vulnerability.</p> 2.0 2024-01-09T08:00:00 <p>In the Security Updates table, added Microsoft Visual Studio 2019 version 16.11, Visual Studio 2022 version 17.2, Visual Studio 2022 version 17.4, Visual Studio 2022 version 17.6, and Visual Studio 2022 version 17.8 because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> Microsoft SQL OLE DB Remote Code Execution Vulnerability <p><strong>If I normally install GDR versions and have not installed the June Cumulative Update, am I affected by the vulnerability?</strong></p> <p>Yes, customers who have installed <a href="https://support.microsoft.com/help/501522">Microsoft SQL Server 2022 for x64-based Systems (GDR)</a> or <a href="https://support.microsoft.com/help/5021125">Microsoft SQL Server 2019 for x64-based Systems (GDR)</a> are vulnerable. Microsoft recommends updating to the latest cumulative update to be protected from this vulnerability.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p> SQL Server Microsoft Yes CVE-2023-32028 Heap-based Buffer Overflow 12180 12181 11935 12051 12129 12187 12271 Remote Code Execution 12180 Remote Code Execution 12181 Remote Code Execution 11935 Remote Code Execution 12051 Remote Code Execution 12129 Remote Code Execution 12187 Remote Code Execution 12271 Important 12180 Important 12181 Important 11935 Important 12051 Important 12129 Important 12187 Important 12271 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12180 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12181 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11935 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12129 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12187 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12271 Release Notes https://learn.microsoft.com/sql/connect/oledb/download-oledb-driver-for-sql-server#download 12180 Maybe Security Update 19.3.0001.0 https://learn.microsoft.com/sql/connect/oledb/release-notes-for-oledb-driver-for-sql-server#1931 12180 Release Notes Release Notes https://learn.microsoft.com/sql/connect/oledb/release-notes-for-oledb-driver-for-sql-server#1866 12181 Maybe Security Update 18.6.0006.0 https://learn.microsoft.com/sql/connect/oledb/release-notes-for-oledb-driver-for-sql-server#1866 12181 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.33 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.23 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.15 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.11 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.4 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.0 2023-06-15T07:00:00 <p>Information published.</p> 1.2 2023-10-11T07:00:00 <p>Updated product information in the Software Update table. This is an informational change only.</p> 1.1 2023-07-11T07:00:00 <p>Added an FAQ to inform customers who have installed Microsoft SQL Server 2022 for x64-based Systems (GDR) or Microsoft SQL Server 2019 for x64-based Systems (GDR) are vulnerable. Microsoft recommends updating to the latest cumulative update to be protected from this vulnerability.</p> 2.0 2024-01-09T08:00:00 <p>In the Security Updates table, added Microsoft Visual Studio 2019 version 16.11, Visual Studio 2022 version 17.2, Visual Studio 2022 version 17.4, Visual Studio 2022 version 17.6, and Visual Studio 2022 version 17.8 because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> Chromium: CVE-2023-3215 Use after free in WebRTC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>114.0.1823.51</td> <td>6/15/2023</td> <td>114.0.5735.133/134</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-3215 11655 11655 11655 Release Notes 11655 No Security Update 114.0.1823.51 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-06-15T07:00:00 <p>Information published.</p> Chromium: CVE-2023-3216 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>114.0.1823.51</td> <td>6/15/2023</td> <td>114.0.5735.133/134</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-3216 11655 11655 11655 Release Notes 11655 No Security Update 114.0.1823.51 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-06-15T07:00:00 <p>Information published.</p> Chromium: CVE-2023-3214 Use after free in Autofill payments <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>114.0.1823.51</td> <td>6/15/2023</td> <td>114.0.5735.133/134</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-3214 11655 11655 11655 Release Notes 11655 No Security Update 114.0.1823.51 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-06-15T07:00:00 <p>Information published.</p> Chromium: CVE-2023-3217 Use after free in WebXR <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>114.0.1823.51</td> <td>6/15/2023</td> <td>114.0.5735.133/134</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-3217 11655 11655 11655 Release Notes 11655 No Security Update 114.0.1823.51 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-06-15T07:00:00 <p>Information published.</p> Chromium: CVE-2023-3420 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>114.0.1823.67</td> <td>6/29/2023</td> <td>114.0.5735.198/199</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-3420 11655 11655 11655 Release Notes 11655 No Security Update 114.0.1823.67 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-06-29T22:02:46 <p>Information published.</p> Chromium: CVE-2023-3422 Use after free in Guest View <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>114.0.1823.67</td> <td>6/29/2023</td> <td>114.0.5735.198/199</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-3422 11655 11655 11655 Release Notes 11655 No Security Update 114.0.1823.67 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-06-29T22:02:55 <p>Information published.</p> Chromium: CVE-2023-3421 Use after free in Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>114.0.1823.67</td> <td>6/29/2023</td> <td>114.0.5735.198/199</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-3421 11655 11655 11655 Release Notes 11655 No Security Update 114.0.1823.67 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-06-29T22:02:51 <p>Information published.</p> Windows CryptoAPI Denial of Service Vulnerability Windows CryptoAPI Microsoft Yes CVE-2023-24937 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 <a href="https://github.com/vcsjones">Kevin Jones</a> with GitHub 1.0 2023-06-13T07:00:00 <p>Information published.</p> Windows CryptoAPI Denial of Service Vulnerability Windows CryptoAPI Microsoft Yes CVE-2023-24938 NULL Pointer Dereference 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 Ashutosh Singh and Rishabh Rathore 1.0 2023-06-13T07:00:00 <p>Information published.</p> .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability .NET Core Microsoft Yes CVE-2023-29331 Uncontrolled Resource Consumption 12009 12130 11969 12051 12129 12187 11970 12131 11650-10378 11650-10816 11676-11923 11676-11571 11650-10379 11676-11572 11650-10852 11650-10855 11676-11568 11650-10543 11650-10853 11650-10051 11650-10483 11676-11569 11676-11924 11650-10049 11676-11929 11676-11927 11676-11926 11676-11930 11676-12097 11676-11931 11676-12098 11676-12099 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 11723-10852 11723-10853 11723-10816 11723-10855 11863-10051 11863-10049 11863-10379 11863-10378 11863-10483 11863-10543 12079-11923 12079-11924 12079-11927 12079-11926 12079-11929 12079-11931 12079-11930 12079-12085 12079-12086 12079-12097 12079-12098 12079-12099 12115-9312 12115-10287 12115-9318 12115-9344 12128-10729 12128-10735 9292-9318 9292-9312 9195-9312 9195-9318 2472-10379 2472-10483 2472-10378 2472-10543 9495-10051 9495-10049 Denial of Service 12009 Denial of Service 12130 Denial of Service 11969 Denial of Service 12051 Denial of Service 12129 Denial of Service 12187 Denial of Service 11970 Denial of Service 12131 Denial of Service 11650-10378 Denial of Service 11650-10816 Denial of Service 11676-11923 Denial of Service 11676-11571 Denial of Service 11650-10379 Denial of Service 11676-11572 Denial of Service 11650-10852 Denial of Service 11650-10855 Denial of Service 11676-11568 Denial of Service 11650-10543 Denial of Service 11650-10853 Denial of Service 11650-10051 Denial of Service 11650-10483 Denial of Service 11676-11569 Denial of Service 11676-11924 Denial of Service 11650-10049 Denial of Service 11676-11929 Denial of Service 11676-11927 Denial of Service 11676-11926 Denial of Service 11676-11930 Denial of Service 11676-12097 Denial of Service 11676-11931 Denial of Service 11676-12098 Denial of Service 11676-12099 Denial of Service 11677-11568 Denial of Service 11677-11569 Denial of Service 11677-11570 Denial of Service 11677-11571 Denial of Service 11677-11572 Denial of Service 11723-10852 Denial of Service 11723-10853 Denial of Service 11723-10816 Denial of Service 11723-10855 Denial of Service 11863-10051 Denial of Service 11863-10049 Denial of Service 11863-10379 Denial of Service 11863-10378 Denial of Service 11863-10483 Denial of Service 11863-10543 Denial of Service 12079-11923 Denial of Service 12079-11924 Denial of Service 12079-11927 Denial of Service 12079-11926 Denial of Service 12079-11929 Denial of Service 12079-11931 Denial of Service 12079-11930 Denial of Service 12079-12085 Denial of Service 12079-12086 Denial of Service 12079-12097 Denial of Service 12079-12098 Denial of Service 12079-12099 Denial of Service 12115-9312 Denial of Service 12115-10287 Denial of Service 12115-9318 Denial of Service 12115-9344 Denial of Service 12128-10729 Denial of Service 12128-10735 Denial of Service 9292-9318 Denial of Service 9292-9312 Denial of Service 9195-9312 Denial of Service 9195-9318 Denial of Service 2472-10379 Denial of Service 2472-10483 Denial of Service 2472-10378 Denial of Service 2472-10543 Denial of Service 9495-10051 Denial of Service 9495-10049 Important 12009 Important 12130 Important 11969 Important 12051 Important 12129 Important 12187 Important 11970 Important 12131 Important 11650-10378 Important 11650-10816 Important 11676-11923 Important 11676-11571 Important 11650-10379 Important 11676-11572 Important 11650-10852 Important 11650-10855 Important 11676-11568 Important 11650-10543 Important 11650-10853 Important 11650-10051 Important 11650-10483 Important 11676-11569 Important 11676-11924 Important 11650-10049 Important 11676-11929 Important 11676-11927 Important 11676-11926 Important 11676-11930 Important 11676-12097 Important 11676-11931 Important 11676-12098 Important 11676-12099 Important 11677-11568 Important 11677-11569 Important 11677-11570 Important 11677-11571 Important 11677-11572 Important 11723-10852 Important 11723-10853 Important 11723-10816 Important 11723-10855 Important 11863-10051 Important 11863-10049 Important 11863-10379 Important 11863-10378 Important 11863-10483 Important 11863-10543 Important 12079-11923 Important 12079-11924 Important 12079-11927 Important 12079-11926 Important 12079-11929 Important 12079-11931 Important 12079-11930 Important 12079-12085 Important 12079-12086 Important 12079-12097 Important 12079-12098 Important 12079-12099 Important 12115-9312 Important 12115-10287 Important 12115-9318 Important 12115-9344 Important 12128-10729 Important 12128-10735 Important 9292-9318 Important 9292-9312 Important 9195-9312 Important 9195-9318 Important 2472-10379 Important 2472-10483 Important 2472-10378 Important 2472-10543 Important 9495-10051 Important 9495-10049 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12009 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12130 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11969 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12051 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12129 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12187 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11970 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12131 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10378 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10816 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11923 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11571 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10379 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11572 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10852 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10855 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11568 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10543 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10853 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10051 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10483 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11569 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11924 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10049 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11929 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11927 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11926 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11930 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-12097 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11931 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-12098 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-12099 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11677-11568 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11677-11569 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11677-11570 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11677-11571 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11677-11572 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11723-10852 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11723-10853 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11723-10816 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11723-10855 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11863-10051 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11863-10049 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11863-10379 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11863-10378 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11863-10483 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11863-10543 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-11923 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-11924 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-11927 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-11926 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-11929 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-11931 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-11930 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-12085 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-12086 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-12097 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-12098 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-12099 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12115-9312 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12115-10287 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12115-9318 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12115-9344 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12128-10729 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12128-10735 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 9292-9318 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 9292-9312 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 9195-9312 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 9195-9318 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 2472-10379 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 2472-10483 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 2472-10378 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 2472-10543 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 9495-10051 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 9495-10049 5027797 https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.18 https://support.microsoft.com/help/5027797 12009 5027797 5027798 https://dotnet.microsoft.com/download/dotnet/7.0 12130 Maybe Security Update 7.0.7 https://support.microsoft.com/help/5027798 12130 5027798 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.22 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.0 11969 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.16 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.3 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://github.com/PowerShell/Announcements/issues/44 11970 Maybe Security Update 7.2.12 https://github.com/PowerShell/Announcements/issues/44 11970 Release Notes Release Notes https://github.com/PowerShell/Announcements/issues/44 12131 Maybe Security Update 7.3.5 https://github.com/PowerShell/Announcements/issues/44 12131 Release Notes 5027541 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027126 5022732 11650-10378 11650-10379 Maybe Monthly Rollup 4.8.4644.0 https://support.microsoft.com/help/5027541 11650-10378 11650-10379 5027541 5027532 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027108 11650-10378 11650-10379 Maybe Security Only 4.8.4644.0 https://support.microsoft.com/help/5027532 11650-10378 11650-10379 5027532 5027123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027123 5022503 11650-10816 11650-10852 11650-10855 11650-10853 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027123 11650-10816 11650-10852 11650-10855 11650-10853 5027123 5027544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027127 5022735, 5022726 11676-11923 11676-11924 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027544 11676-11923 11676-11924 5027544 5027536 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027124 5022782 11676-11571 11676-11572 11676-11568 11676-11569 11677-11569 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027536 11676-11571 11676-11572 11676-11568 11676-11569 11677-11569 5027536 5027542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027128 5022733 11650-10543 11650-10483 Maybe Monthly Rollup 4.8.4644.0 https://support.microsoft.com/help/5027542 11650-10543 11650-10483 5027542 5027533 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027109 11650-10543 11650-10483 Maybe Security Only 4.8.4644.0 https://support.microsoft.com/help/5027533 11650-10543 11650-10483 5027533 5027540 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027129 5022731 11650-10051 11650-10049 Maybe Monthly Rollup 4.8.4644.0 https://support.microsoft.com/help/5027540 11650-10051 11650-10049 5027540 5027531 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027110 11650-10051 11650-10049 Maybe Security Only 4.8.4644.0 https://support.microsoft.com/help/5027531 11650-10051 11650-10049 5027531 5027537 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027122 5022728, 5026958, 5022729 11676-11929 11676-11930 11676-11931 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027537 11676-11929 11676-11930 11676-11931 5027537 5027539 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027125 5026959, 5022730 11676-11927 11676-11926 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027539 11676-11927 11676-11926 5027539 5027538 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027122 5022728, 5026958, 5022729 11676-12097 11676-12098 11676-12099 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027538 11676-12097 11676-12098 11676-12099 5027538 5027536 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027131 5022782 11677-11568 11677-11570 11677-11571 11677-11572 Maybe Security Update 4.7.4050.0 https://support.microsoft.com/help/5027536 11677-11568 11677-11570 11677-11571 11677-11572 5027536 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 11723-10852 11723-10853 11723-10816 11723-10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 11723-10852 11723-10853 11723-10816 11723-10855 5027219 5027540 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027134 5022731 11863-10051 11863-10049 Maybe Monthly Rollup 4.7.04043.0 https://support.microsoft.com/help/5027540 11863-10051 11863-10049 5027540 5027531 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027113 11863-10051 11863-10049 Maybe Security Only 4.7.4050.0 https://support.microsoft.com/help/5027531 11863-10051 11863-10049 5027531 5027541 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027132 5022732 11863-10379 11863-10378 Maybe Monthly Rollup 4.7.04043.0 https://support.microsoft.com/help/5027541 11863-10379 11863-10378 5027541 5027532 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027111 11863-10379 11863-10378 Maybe Security Only 4.7.4050.0 https://support.microsoft.com/help/5027532 11863-10379 11863-10378 5027532 5027542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027133 5022733 11863-10483 11863-10543 Maybe Monthly Rollup 4.7.04043.0 https://support.microsoft.com/help/5027542 11863-10483 11863-10543 5027542 5027533 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027112 11863-10483 11863-10543 Maybe Security Only 4.7.4050.0 https://support.microsoft.com/help/5027533 11863-10483 11863-10543 5027533 5027544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027121 5022735 12079-11923 12079-11924 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027544 12079-11923 12079-11924 5027544 5027539 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027118 5026959, 5022730 12079-11927 12079-11926 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027539 12079-11927 12079-11926 5027539 5027537 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027117 5022728, 5026958, 5022729 12079-11929 12079-11931 12079-11930 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027537 12079-11929 12079-11931 12079-11930 5027537 5027119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027119 5026515, 5022497 12079-12085 12079-12086 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027119 12079-12085 12079-12086 5027119 5027538 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027117 5022728, 5026958, 5022729 12079-12097 12079-12098 12079-12099 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027538 12079-12097 12079-12098 12079-12099 5027538 5027543 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027134 5022731, 5022734 12115-9312 12115-10287 12115-9318 12115-9344 Maybe Monthly Rollup 4.7.04043.0 https://support.microsoft.com/help/5027543 12115-9312 12115-10287 12115-9318 12115-9344 5027543 5027534 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027113 12115-9312 12115-10287 12115-9318 12115-9344 9292-9318 9195-9318 Maybe Security Only 4.7.4050.0 https://support.microsoft.com/help/5027534 12115-9312 12115-10287 12115-9318 12115-9344 9292-9318 9195-9318 5027534 5027230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027230 5026382 12128-10729 12128-10735 Yes Security Update 10.0.10240.19983 https://support.microsoft.com/help/5027230 12128-10729 12128-10735 5027230 5027543 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027139 5022734 9292-9318 9292-9312 9195-9312 9195-9318 Maybe Monthly Rollup 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027543 9292-9318 9292-9312 9195-9312 9195-9318 5027543 5027534 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027114 9292-9312 9195-9312 Maybe Security Only 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027534 9292-9312 9195-9312 5027534 5027541 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027138 5022732 2472-10379 2472-10378 Maybe Monthly Rollup 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027541 2472-10379 2472-10378 5027541 5027532 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027107 2472-10379 2472-10378 Maybe Security Only 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027532 2472-10379 2472-10378 5027532 5027542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027141 5022733 2472-10483 2472-10543 Maybe Monthly Rollup 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027542 2472-10483 2472-10543 5027542 5027533 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027116 2472-10483 2472-10543 Maybe Security Only 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027533 2472-10483 2472-10543 5027533 5027540 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027140 5022731 9495-10051 9495-10049 Maybe Monthly Rollup 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027540 9495-10051 9495-10049 5027540 5027531 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027115 9495-10051 9495-10049 Maybe Security Only 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027531 9495-10051 9495-10049 5027531 Kevin Jones, GitHub 1.0 2023-06-13T07:00:00 <p>Information published.</p> 2.0 2023-06-29T07:00:00 <p>Revised the Security Updates table to include PowerShell 7.2 and PowerShell 7.3 because these versions of PowerShell 7 are affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/44">https://github.com/PowerShell/Announcements/issues/44</a> for more information.</p> NTFS Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> Windows NTFS Microsoft Yes CVE-2023-29346 Incorrect Conversion between Numeric Types 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 5027230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027230 5026382 10729 10735 Yes Security Update 10.0.10240.19983 https://support.microsoft.com/help/5027230 10729 10735 5027230 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10852 10853 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10852 10853 10816 10855 5027219 5027279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027279 5026408 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22113 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027279 5027279 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027277 9312 10287 9318 9344 Yes Security Only 6.0.6003.22113 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027277 5027277 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027275 5026413 10051 10049 Yes Monthly Rollup 6.1.7601.26564 https://support.microsoft.com/help/5027275 10051 10049 5027275 5027275 https://support.microsoft.com/help/5027275 10051 10049 5027256 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027256 10051 10049 Yes Security Only 6.1.7601.26564 https://support.microsoft.com/help/5027256 10051 10049 5027256 5027256 https://support.microsoft.com/help/5027256 10051 10049 5027283 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027283 5026419 10378 10379 Yes Monthly Rollup 6.2.9200.24314 https://support.microsoft.com/help/5027283 10378 10379 5027283 5027281 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027281 10378 10379 Yes Security Only 6.2.9200.24314 https://support.microsoft.com/help/5027281 10378 10379 5027281 5027271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027271 5026415 10483 10543 Yes Monthly Rollup 6.3.9600.21013 https://support.microsoft.com/help/5027271 10483 10543 5027271 5027282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027282 10483 10543 Yes Security Only 6.3.9600.21013 https://support.microsoft.com/help/5027282 10483 10543 5027282 Quarkslab 1.0 2023-06-13T07:00:00 <p>Information published.</p> Windows Group Policy Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>This vulnerability could allow a standard domain user to delete arbitrary files and folders with system privileges. This could be achieved when &quot;Folder preference - delete&quot; is configured and the user has write access, allowing them to set a reparse point.</p> Windows Group Policy Microsoft Yes CVE-2023-29351 Improper Link Resolution Before File Access ('Link Following') 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10543 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 5027230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027230 5026382 10729 10735 Yes Security Update 10.0.10240.19983 https://support.microsoft.com/help/5027230 10729 10735 5027230 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10852 10853 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10852 10853 10816 10855 5027219 5027279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027279 5026408 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22113 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027279 5027279 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027277 9312 10287 9318 9344 Yes Security Only 6.0.6003.22113 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027277 5027277 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027275 5026413 10051 10049 Yes Monthly Rollup 6.1.7601.26564 https://support.microsoft.com/help/5027275 10051 10049 5027275 5027275 https://support.microsoft.com/help/5027275 10051 10049 5027256 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027256 10051 10049 Yes Security Only 6.1.7601.26564 https://support.microsoft.com/help/5027256 10051 10049 5027256 5027256 https://support.microsoft.com/help/5027256 10051 10049 5027283 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027283 5026419 10378 10379 Yes Monthly Rollup 6.2.9200.24314 https://support.microsoft.com/help/5027283 10378 10379 5027283 5027281 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027281 10378 10379 Yes Security Only 6.2.9200.24314 https://support.microsoft.com/help/5027281 10378 10379 5027281 5027271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027271 5026415 10483 10543 Yes Monthly Rollup 6.3.9600.21013 https://support.microsoft.com/help/5027271 10483 10543 5027271 5027282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027282 10483 10543 Yes Security Only 6.3.9600.21013 https://support.microsoft.com/help/5027282 10483 10543 5027282 Sukriti S. and Manish Singh with Microsoft 1.0 2023-06-13T07:00:00 <p>Information published.</p> Windows Remote Desktop Security Feature Bypass Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could successfully exploit this vulnerability by creating a fraudulent .RDP file that would bypass certificate validation and warning prompts while establishing a remote desktop connection. This could create an opportunity for phishing.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could bypass certificate or private key authentication when establishing a remote desktop protocol session.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> Remote Desktop Client Microsoft Yes CVE-2023-29352 11569 11571 11572 11849 11923 11924 11926 11927 11931 12085 12086 12097 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11849 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Important 11569 Important 11571 Important 11572 Important 11849 Important 11923 Important 11924 Important 11926 Important 11927 Important 11931 Important 12085 Important 12086 Important 12097 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11849 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12097 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11569 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11569 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11569 11571 11572 Release Notes https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-client-windows#updates-for-version-124337 11849 Maybe Security Update 1.2.4337.0 https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-client-windows#updates-for-version-124337 11849 Release Notes 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11931 12097 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 5027215 Philemon Orphee Favrod and Ray Reskusich of Microsoft 1.0 2023-06-13T07:00:00 <p>Information published.</p> NuGet Client Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker must be on the machine and monitoring for actions as a step to exploit the race condition.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>A local attacker in the environment could exploit a race condition that allows a symlink attack when the victim user on the same system runs the nuget command.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), and privilege required is low (PR:L). What is the target used in the context of the remote code execution?</strong></p> <p>The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.</p> <p>The privilege requirement is low because the attacker needs to be authenticated as a normal user.</p> NuGet Client Microsoft Yes CVE-2023-29337 Time-of-check Time-of-use (TOCTOU) Race Condition 12200 12202 12203 12201 12199 12204 12220 Remote Code Execution 12200 Remote Code Execution 12202 Remote Code Execution 12203 Remote Code Execution 12201 Remote Code Execution 12199 Remote Code Execution 12204 Remote Code Execution 12220 Important 12200 Important 12202 Important 12203 Important 12201 Important 12199 Important 12204 Important 12220 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12200 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12202 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12203 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12201 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12199 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12204 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12220 Release Notes https://www.nuget.org/downloads 12200 Maybe Security Update 6.2.4 https://github.com/NuGet/Home/issues/12653 12200 Release Notes Release Notes https://www.nuget.org/downloads 12202 Maybe Security Update 6.4.2 https://github.com/NuGet/Home/issues/12653 12202 Release Notes Release Notes https://www.nuget.org/downloads 12203 Maybe Security Update 6.5.1 https://github.com/NuGet/Home/issues/12653 12203 Release Notes Release Notes https://www.nuget.org/downloads 12201 Maybe Security Update 6.3.3 https://github.com/NuGet/Home/issues/12653 12201 Release Notes Release Notes https://www.nuget.org/downloads 12199 Maybe Security Update 6.0.5 https://github.com/NuGet/Home/issues/12653 12199 Release Notes Release Notes https://www.nuget.org/downloads 12204 Maybe Security Update 6.6.0 https://github.com/NuGet/Home/issues/12653 12204 Release Notes Release Notes https://www.nuget.org/downloads 12220 Maybe Security Update 5.11.5 https://github.com/NuGet/Home/issues/12653 12220 Release Notes Kalle Niemitalo 1.0 2023-06-13T07:00:00 <p>Information published.</p> 2.0 2023-08-08T07:00:00 <p>The following revisions have been made in the Security Updates table: 1) Added Nuget 5.11.4 as it is affected by this vulnerability. See <a href="https://github.com/NuGet/Home/issues/12653">https://github.com/NuGet/Home/issues/12653</a> for more information. 2) Corrected the Build Numbers for all affected versions of Nuget.</p> DHCP Server Service Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The attacker might be able to guess the DHCP server's IP addresses pool information, which would otherwise not be disclosed.</p> Windows DHCP Server Microsoft Yes CVE-2023-29355 11571 11572 11923 11924 10816 10855 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11571 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11572 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11923 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11924 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10816 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10855 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10378 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10379 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10483 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10543 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10816 10855 5027219 5027283 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027283 5026419 10378 10379 Yes Monthly Rollup 6.2.9200.24314 https://support.microsoft.com/help/5027283 10378 10379 5027283 5027281 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027281 10378 10379 Yes Security Only 6.2.9200.24314 https://support.microsoft.com/help/5027281 10378 10379 5027281 5027271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027271 5026415 10483 10543 Yes Monthly Rollup 6.3.9600.21013 https://support.microsoft.com/help/5027271 10483 10543 5027271 5027282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027282 10483 10543 Yes Security Only 6.3.9600.21013 https://support.microsoft.com/help/5027282 10483 10543 5027282 <p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx#Mitigation">mitigating factors</a> might be helpful in your situation:</p> <p>Customers who have not configured their DHCP server as a failover are not affected by this vulnerability.</p> YanZiShuang@BigCJTeam of cyberkl 1.0 2023-06-13T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N), privilege required is none (PR:N), and user interaction is none (UI:N). What is the target used in the context of the elevation of privilege?</strong></p> <p>An attacker who has gained access to spoofed JWT authentication tokens can use them to execute a network attack which bypasses authentication and allows them to gain access to the privileges of an authenticated user.</p> <p>The attacker needs no privileges nor does the user need to perform any action.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> <p><strong>I am running SharePoint Server 2019 and there are multiple updates available. Do I need to install all the updates listed in the Security Updates table for these versions?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> Microsoft Office SharePoint Microsoft Yes CVE-2023-29357 Incorrect Implementation of Authentication Algorithm 11585 Elevation of Privilege 11585 Critical 11585 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 5002402 https://www.microsoft.com/download/details.aspx?familyid=254d91bb-b6b7-4668-b1c1-0045f769ba14 5002389 11585 Maybe Security Update 16.0.10399.20005 https://support.microsoft.com/help/5002402 11585 5002402 5002403 https://www.microsoft.com/download/details.aspx?familyid=ce540046-c17e-4999-9015-a7c0c4b345fd 5002330 11585 Maybe Security Update 16.0.10399.20005 https://support.microsoft.com/help/5002403 11585 5002403 <p><strong>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigating factors</a> might be helpful in your situation:</strong></p> <p>Customers who have enabled the AMSI integration feature and use Microsoft Defender across their SharePoint Server farm(s) are protected from this vulnerability. For more information, see <a href="https://learn.microsoft.com/sharepoint/security-for-sharepoint-server/configure-amsi-integration">Configure AMSI integration with SharePoint Server</a>.</p> <a href="https://twitter.com/testanull">Jang (Nguyễn Tiến Giang)</a> of StarLabs SG working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> 1.1 2023-06-19T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> Windows GDI Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows GDI Microsoft Yes CVE-2023-29358 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 5027230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027230 5026382 10729 10735 Yes Security Update 10.0.10240.19983 https://support.microsoft.com/help/5027230 10729 10735 5027230 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10852 10853 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10852 10853 10816 10855 5027219 5027279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027279 5026408 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22113 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027279 5027279 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027277 9312 10287 9318 9344 Yes Security Only 6.0.6003.22113 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027277 5027277 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027275 5026413 10051 10049 Yes Monthly Rollup 6.1.7601.26564 https://support.microsoft.com/help/5027275 10051 10049 5027275 5027275 https://support.microsoft.com/help/5027275 10051 10049 5027256 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027256 10051 10049 Yes Security Only 6.1.7601.26564 https://support.microsoft.com/help/5027256 10051 10049 5027256 5027256 https://support.microsoft.com/help/5027256 10051 10049 5027283 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027283 5026419 10378 10379 Yes Monthly Rollup 6.2.9200.24314 https://support.microsoft.com/help/5027283 10378 10379 5027283 5027281 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027281 10378 10379 Yes Security Only 6.2.9200.24314 https://support.microsoft.com/help/5027281 10378 10379 5027281 5027271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027271 5026415 10483 10543 Yes Monthly Rollup 6.3.9600.21013 https://support.microsoft.com/help/5027271 10483 10543 5027271 5027282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027282 10483 10543 Yes Security Only 6.3.9600.21013 https://support.microsoft.com/help/5027282 10483 10543 5027282 Anonymous 1.0 2023-06-13T07:00:00 <p>Information published.</p> GDI Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Win32K Microsoft Yes CVE-2023-29359 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 5027230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027230 5026382 10729 10735 Yes Security Update 10.0.10240.19983 https://support.microsoft.com/help/5027230 10729 10735 5027230 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10852 10853 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10852 10853 10816 10855 5027219 5027279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027279 5026408 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22113 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027279 5027279 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027277 9312 10287 9318 9344 Yes Security Only 6.0.6003.22113 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027277 5027277 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027275 5026413 10051 10049 Yes Monthly Rollup 6.1.7601.26564 https://support.microsoft.com/help/5027275 10051 10049 5027275 5027275 https://support.microsoft.com/help/5027275 10051 10049 5027256 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027256 10051 10049 Yes Security Only 6.1.7601.26564 https://support.microsoft.com/help/5027256 10051 10049 5027256 5027256 https://support.microsoft.com/help/5027256 10051 10049 5027283 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027283 5026419 10378 10379 Yes Monthly Rollup 6.2.9200.24314 https://support.microsoft.com/help/5027283 10378 10379 5027283 5027281 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027281 10378 10379 Yes Security Only 6.2.9200.24314 https://support.microsoft.com/help/5027281 10378 10379 5027281 5027271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027271 5026415 10483 10543 Yes Monthly Rollup 6.3.9600.21013 https://support.microsoft.com/help/5027271 10483 10543 5027271 5027282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027282 10483 10543 Yes Security Only 6.3.9600.21013 https://support.microsoft.com/help/5027282 10483 10543 5027282 Marcin Wiazowski working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> Microsoft Streaming Service Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Streaming Service Microsoft Yes CVE-2023-29360 Untrusted Pointer Dereference 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10852 10853 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10852 10853 10816 10855 5027219 Thomas Imbert (@masthoon) from Synacktiv (@Synacktiv) Working with <a href=https://www.zerodayinitiative.com/>Trend Micro Zero Day Initiative</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> 1.1 2023-08-10T07:00:00 <p>Corrected CVE title and updated one or more CVSS scores for the affected products. These are informational changes only.</p> Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Cloud Files Mini Filter Driver Microsoft Yes CVE-2023-29361 Use After Free 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 Anonymous <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> Remote Desktop Client Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.</p> Remote Desktop Client Microsoft Yes CVE-2023-29362 Heap-based Buffer Overflow 11569 11571 11572 11849 11923 11924 11926 11927 11931 12085 12086 12097 10735 10853 10816 10855 10051 10049 10378 10379 10483 10543 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11849 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 10735 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11569 Important 11571 Important 11572 Important 11849 Important 11923 Important 11924 Important 11926 Important 11927 Important 11931 Important 12085 Important 12086 Important 12097 Important 10735 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11849 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11569 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11569 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11569 11571 11572 Release Notes https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-client-windows#updates-for-version-124337 11849 Maybe Security Update 1.2.4337.0 https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-client-windows#updates-for-version-124337 11849 Release Notes 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11931 12097 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 5027215 5027230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027230 5026382 10735 Yes Security Update 10.0.10240.19983 https://support.microsoft.com/help/5027230 10735 5027230 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10853 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10853 10816 10855 5027219 5027275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027275 5026413 10051 10049 Yes Monthly Rollup 6.1.7601.26564 https://support.microsoft.com/help/5027275 10051 10049 5027275 5027275 https://support.microsoft.com/help/5027275 10051 10049 5027256 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027256 10051 10049 Yes Security Only 6.1.7601.26564 https://support.microsoft.com/help/5027256 10051 10049 5027256 5027256 https://support.microsoft.com/help/5027256 10051 10049 5027283 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027283 5026419 10378 10379 Yes Monthly Rollup 6.2.9200.24314 https://support.microsoft.com/help/5027283 10378 10379 5027283 5027281 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027281 10378 10379 Yes Security Only 6.2.9200.24314 https://support.microsoft.com/help/5027281 10378 10379 5027281 5027271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027271 5026415 10483 10543 Yes Monthly Rollup 6.3.9600.21013 https://support.microsoft.com/help/5027271 10483 10543 5027271 5027282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027282 10483 10543 Yes Security Only 6.3.9600.21013 https://support.microsoft.com/help/5027282 10483 10543 5027282 <a href="https://il.linkedin.com/in/dordali">Dor Dali</a> with <a href="https://cyolo.io/">Cyolo</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code.</p> Windows PGM Microsoft Yes CVE-2023-29363 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 5027230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027230 5026382 10729 10735 Yes Security Update 10.0.10240.19983 https://support.microsoft.com/help/5027230 10729 10735 5027230 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10852 10853 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10852 10853 10816 10855 5027219 5027279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027279 5026408 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22113 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027279 5027279 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027277 9312 10287 9318 9344 Yes Security Only 6.0.6003.22113 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027277 5027277 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027275 5026413 10051 10049 Yes Monthly Rollup 6.1.7601.26564 https://support.microsoft.com/help/5027275 10051 10049 5027275 5027275 https://support.microsoft.com/help/5027275 10051 10049 5027256 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027256 10051 10049 Yes Security Only 6.1.7601.26564 https://support.microsoft.com/help/5027256 10051 10049 5027256 5027256 https://support.microsoft.com/help/5027256 10051 10049 5027283 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027283 5026419 10378 10379 Yes Monthly Rollup 6.2.9200.24314 https://support.microsoft.com/help/5027283 10378 10379 5027283 5027281 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027281 10378 10379 Yes Security Only 6.2.9200.24314 https://support.microsoft.com/help/5027281 10378 10379 5027281 5027271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027271 5026415 10483 10543 Yes Monthly Rollup 6.3.9600.21013 https://support.microsoft.com/help/5027271 10483 10543 5027271 5027282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027282 10483 10543 Yes Security Only 6.3.9600.21013 https://support.microsoft.com/help/5027282 10483 10543 5027282 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p> <p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p> <a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a> Yazhi Wang working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> liubenjin with Codesafe Team of Legendsec at QI-ANXIN Group 1.1 2023-06-15T07:00:00 <p>Added acknowledgements. This is an informational change only.</p> 1.0 2023-06-13T07:00:00 <p>Information published.</p> Windows Authentication Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> Windows Authentication Methods Microsoft Yes CVE-2023-29364 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11923 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11924 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11926 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11927 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11929 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11930 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11931 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12085 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12086 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12097 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12098 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12099 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 5027230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027230 5026382 10729 10735 Yes Security Update 10.0.10240.19983 https://support.microsoft.com/help/5027230 10729 10735 5027230 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10852 10853 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10852 10853 10816 10855 5027219 5027275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027275 5026413 10051 10049 Yes Monthly Rollup 6.1.7601.26564 https://support.microsoft.com/help/5027275 10051 10049 5027275 5027275 https://support.microsoft.com/help/5027275 10051 10049 5027256 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027256 10051 10049 Yes Security Only 6.1.7601.26564 https://support.microsoft.com/help/5027256 10051 10049 5027256 5027256 https://support.microsoft.com/help/5027256 10051 10049 5027283 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027283 5026419 10378 10379 Yes Monthly Rollup 6.2.9200.24314 https://support.microsoft.com/help/5027283 10378 10379 5027283 5027281 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027281 10378 10379 Yes Security Only 6.2.9200.24314 https://support.microsoft.com/help/5027281 10378 10379 5027281 5027271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027271 5026415 10483 10543 Yes Monthly Rollup 6.3.9600.21013 https://support.microsoft.com/help/5027271 10483 10543 5027271 5027282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027282 10483 10543 Yes Security Only 6.3.9600.21013 https://support.microsoft.com/help/5027282 10483 10543 5027282 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> Windows Media Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Microsoft Windows Codecs Library Microsoft Yes CVE-2023-29365 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 5027230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027230 5026382 10729 10735 Yes Security Update 10.0.10240.19983 https://support.microsoft.com/help/5027230 10729 10735 5027230 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10852 10853 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10852 10853 10816 10855 5027219 5027275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027275 5026413 10051 10049 Yes Monthly Rollup 6.1.7601.26564 https://support.microsoft.com/help/5027275 10051 10049 5027275 5027275 https://support.microsoft.com/help/5027275 10051 10049 5027256 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027256 10051 10049 Yes Security Only 6.1.7601.26564 https://support.microsoft.com/help/5027256 10051 10049 5027256 5027256 https://support.microsoft.com/help/5027256 10051 10049 5027283 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027283 5026419 10378 10379 Yes Monthly Rollup 6.2.9200.24314 https://support.microsoft.com/help/5027283 10378 10379 5027283 5027281 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027281 10378 10379 Yes Security Only 6.2.9200.24314 https://support.microsoft.com/help/5027281 10378 10379 5027281 5027271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027271 5026415 10483 10543 Yes Monthly Rollup 6.3.9600.21013 https://support.microsoft.com/help/5027271 10483 10543 5027271 5027282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027282 10483 10543 Yes Security Only 6.3.9600.21013 https://support.microsoft.com/help/5027282 10483 10543 5027282 mainc 1.0 2023-06-13T07:00:00 <p>Information published.</p> Windows Geolocation Service Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> Windows Geolocation Service Microsoft Yes CVE-2023-29366 Double Free 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 kap0k 1.0 2023-06-13T07:00:00 <p>Information published.</p> iSCSI Target WMI Provider Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Windows OLE Microsoft Yes CVE-2023-29367 Use of Uninitialized Resource 11571 11572 11923 11924 10816 10855 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10816 10855 5027219 5027271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027271 5026415 10483 10543 Yes Monthly Rollup 6.3.9600.21013 https://support.microsoft.com/help/5027271 10483 10543 5027271 5027282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027282 10483 10543 Yes Security Only 6.3.9600.21013 https://support.microsoft.com/help/5027282 10483 10543 5027282 kap0k 1.0 2023-06-13T07:00:00 <p>Information published.</p> Windows Filtering Platform Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Filtering Microsoft Yes CVE-2023-29368 Double Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 5027230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027230 5026382 10729 10735 Yes Security Update 10.0.10240.19983 https://support.microsoft.com/help/5027230 10729 10735 5027230 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10852 10853 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10852 10853 10816 10855 5027219 5027279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027279 5026408 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22113 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027279 5027279 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027277 9312 10287 9318 9344 Yes Security Only 6.0.6003.22113 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027277 5027277 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027275 5026413 10051 10049 Yes Monthly Rollup 6.1.7601.26564 https://support.microsoft.com/help/5027275 10051 10049 5027275 5027275 https://support.microsoft.com/help/5027275 10051 10049 5027256 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027256 10051 10049 Yes Security Only 6.1.7601.26564 https://support.microsoft.com/help/5027256 10051 10049 5027256 5027256 https://support.microsoft.com/help/5027256 10051 10049 5027283 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027283 5026419 10378 10379 Yes Monthly Rollup 6.2.9200.24314 https://support.microsoft.com/help/5027283 10378 10379 5027283 5027281 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027281 10378 10379 Yes Security Only 6.2.9200.24314 https://support.microsoft.com/help/5027281 10378 10379 5027281 5027271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027271 5026415 10483 10543 Yes Monthly Rollup 6.3.9600.21013 https://support.microsoft.com/help/5027271 10483 10543 5027271 5027282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027282 10483 10543 Yes Security Only 6.3.9600.21013 https://support.microsoft.com/help/5027282 10483 10543 5027282 <a href="https://twitter.com/ezrak1e">ziming zhang</a> with Ant Security Light-Year Lab 1.0 2023-06-13T07:00:00 <p>Information published.</p> Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call Runtime Microsoft Yes CVE-2023-29369 Integer Overflow or Wraparound 11571 11572 11923 11924 10816 10855 10378 10379 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 10816 Denial of Service 10855 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10816 10855 5027219 5027283 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027283 5026419 10378 10379 Yes Monthly Rollup 6.2.9200.24314 https://support.microsoft.com/help/5027283 10378 10379 5027283 5027281 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027281 10378 10379 Yes Security Only 6.2.9200.24314 https://support.microsoft.com/help/5027281 10378 10379 5027281 5027271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027271 5026415 10483 10543 Yes Monthly Rollup 6.3.9600.21013 https://support.microsoft.com/help/5027271 10483 10543 5027271 5027282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027282 10483 10543 Yes Security Only 6.3.9600.21013 https://support.microsoft.com/help/5027282 10483 10543 5027282 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> Windows Media Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> Microsoft Windows Codecs Library Microsoft Yes CVE-2023-29370 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 5027230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027230 5026382 10729 10735 Yes Security Update 10.0.10240.19983 https://support.microsoft.com/help/5027230 10729 10735 5027230 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10852 10853 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10852 10853 10816 10855 5027219 Kim Dong-Uk(<a href="http://justlikebono.kr/">@justlikebono</a>) 1.1 2023-06-15T07:00:00 <p>Updated acknowledgment.</p> 1.0 2023-06-13T07:00:00 <p>Information published.</p> Windows GDI Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Win32K Microsoft Yes CVE-2023-29371 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 5027230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027230 5026382 10729 10735 Yes Security Update 10.0.10240.19983 https://support.microsoft.com/help/5027230 10729 10735 5027230 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10852 10853 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10852 10853 10816 10855 5027219 5027279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027279 5026408 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22113 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027279 5027279 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027277 9312 10287 9318 9344 Yes Security Only 6.0.6003.22113 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027277 5027277 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027275 5026413 10051 10049 Yes Monthly Rollup 6.1.7601.26564 https://support.microsoft.com/help/5027275 10051 10049 5027275 5027275 https://support.microsoft.com/help/5027275 10051 10049 5027256 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027256 10051 10049 Yes Security Only 6.1.7601.26564 https://support.microsoft.com/help/5027256 10051 10049 5027256 5027256 https://support.microsoft.com/help/5027256 10051 10049 5027283 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027283 5026419 10378 10379 Yes Monthly Rollup 6.2.9200.24314 https://support.microsoft.com/help/5027283 10378 10379 5027283 5027281 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027281 10378 10379 Yes Security Only 6.2.9200.24314 https://support.microsoft.com/help/5027281 10378 10379 5027281 5027271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027271 5026415 10483 10543 Yes Monthly Rollup 6.3.9600.21013 https://support.microsoft.com/help/5027271 10483 10543 5027271 5027282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027282 10483 10543 Yes Security Only 6.3.9600.21013 https://support.microsoft.com/help/5027282 10483 10543 5027282 Keqi Hu 1.0 2023-06-13T07:00:00 <p>Information published.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2023-29372 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 5027230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027230 5026382 10729 10735 Yes Security Update 10.0.10240.19983 https://support.microsoft.com/help/5027230 10729 10735 5027230 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10852 10853 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10852 10853 10816 10855 5027219 5027279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027279 5026408 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22113 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027279 5027279 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027277 9312 10287 9318 9344 Yes Security Only 6.0.6003.22113 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027277 5027277 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027275 5026413 10051 10049 Yes Monthly Rollup 6.1.7601.26564 https://support.microsoft.com/help/5027275 10051 10049 5027275 5027275 https://support.microsoft.com/help/5027275 10051 10049 5027256 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027256 10051 10049 Yes Security Only 6.1.7601.26564 https://support.microsoft.com/help/5027256 10051 10049 5027256 5027256 https://support.microsoft.com/help/5027256 10051 10049 5027283 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027283 5026419 10378 10379 Yes Monthly Rollup 6.2.9200.24314 https://support.microsoft.com/help/5027283 10378 10379 5027283 5027281 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027281 10378 10379 Yes Security Only 6.2.9200.24314 https://support.microsoft.com/help/5027281 10378 10379 5027281 5027271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027271 5026415 10483 10543 Yes Monthly Rollup 6.3.9600.21013 https://support.microsoft.com/help/5027271 10483 10543 5027271 5027282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027282 10483 10543 Yes Security Only 6.3.9600.21013 https://support.microsoft.com/help/5027282 10483 10543 5027282 Kyou Fujibayashi 1.0 2023-06-13T07:00:00 <p>Information published.</p> Microsoft ODBC Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> Windows ODBC Driver Microsoft Yes CVE-2023-29373 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 5027230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027230 5026382 10729 10735 Yes Security Update 10.0.10240.19983 https://support.microsoft.com/help/5027230 10729 10735 5027230 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10852 10853 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10852 10853 10816 10855 5027219 5027279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027279 5026408 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22113 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027279 5027279 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027277 9312 10287 9318 9344 Yes Security Only 6.0.6003.22113 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027277 5027277 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027275 5026413 10051 10049 Yes Monthly Rollup 6.1.7601.26564 https://support.microsoft.com/help/5027275 10051 10049 5027275 5027275 https://support.microsoft.com/help/5027275 10051 10049 5027256 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027256 10051 10049 Yes Security Only 6.1.7601.26564 https://support.microsoft.com/help/5027256 10051 10049 5027256 5027256 https://support.microsoft.com/help/5027256 10051 10049 5027283 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027283 5026419 10378 10379 Yes Monthly Rollup 6.2.9200.24314 https://support.microsoft.com/help/5027283 10378 10379 5027283 5027281 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027281 10378 10379 Yes Security Only 6.2.9200.24314 https://support.microsoft.com/help/5027281 10378 10379 5027281 5027271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027271 5026415 10483 10543 Yes Monthly Rollup 6.3.9600.21013 https://support.microsoft.com/help/5027271 10483 10543 5027271 5027282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027282 10483 10543 Yes Security Only 6.3.9600.21013 https://support.microsoft.com/help/5027282 10483 10543 5027282 Yousuke Shibazaki 1.0 2023-06-13T07:00:00 <p>Information published.</p> Windows Resilient File System (ReFS) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability?</strong></p> <p>An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability.</p> <p><strong>Although the CVSS metric is local (AV:L), are there additional attack vectors?</strong></p> <p>This vulnerability could also be exploited through a physical attack vector. An attacker with physical access to a vulnerable system could insert a specially crafted USB device into the machine.</p> Windows Resilient File System (ReFS) Microsoft Yes CVE-2023-32008 NULL Pointer Dereference 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 5027230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027230 5026382 10729 10735 Yes Security Update 10.0.10240.19983 https://support.microsoft.com/help/5027230 10729 10735 5027230 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10852 10853 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10852 10853 10816 10855 5027219 <a href="https://twitter.com/arudd1ck">Andrew Ruddick</a> with Microsoft Security Response Center 1.0 2023-06-13T07:00:00 <p>Information published.</p> Windows Collaborative Translation Framework Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p> Windows Collaborative Translation Framework Microsoft Yes CVE-2023-32009 Improper Access Control 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10852 10853 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10852 10853 10816 10855 5027219 1.0 2023-06-13T07:00:00 <p>Information published.</p> Windows Bus Filter Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Bus Filter Driver Microsoft Yes CVE-2023-32010 Sensitive Data Storage in Improperly Locked Memory 12085 12086 Elevation of Privilege 12085 Elevation of Privilege 12086 Important 12085 Important 12086 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> Windows iSCSI Discovery Service Denial of Service Vulnerability Windows iSCSI Microsoft Yes CVE-2023-32011 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 5027230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027230 5026382 10729 10735 Yes Security Update 10.0.10240.19983 https://support.microsoft.com/help/5027230 10729 10735 5027230 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10852 10853 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10852 10853 10816 10855 5027219 5027279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027279 5026408 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22113 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027279 5027279 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027277 9312 10287 9318 9344 Yes Security Only 6.0.6003.22113 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027277 5027277 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027275 5026413 10051 10049 Yes Monthly Rollup 6.1.7601.26564 https://support.microsoft.com/help/5027275 10051 10049 5027275 5027275 https://support.microsoft.com/help/5027275 10051 10049 5027256 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027256 10051 10049 Yes Security Only 6.1.7601.26564 https://support.microsoft.com/help/5027256 10051 10049 5027256 5027256 https://support.microsoft.com/help/5027256 10051 10049 5027283 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027283 5026419 10378 10379 Yes Monthly Rollup 6.2.9200.24314 https://support.microsoft.com/help/5027283 10378 10379 5027283 5027281 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027281 10378 10379 Yes Security Only 6.2.9200.24314 https://support.microsoft.com/help/5027281 10378 10379 5027281 5027271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027271 5026415 10483 10543 Yes Monthly Rollup 6.3.9600.21013 https://support.microsoft.com/help/5027271 10483 10543 5027271 5027282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027282 10483 10543 Yes Security Only 6.3.9600.21013 https://support.microsoft.com/help/5027282 10483 10543 5027282 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> Windows Container Manager Service Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Container Manager Service Microsoft Yes CVE-2023-32012 Improper Link Resolution Before File Access ('Link Following') 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 Naceri with MSRC Vulnerabilities and Mitigations 1.0 2023-06-13T07:00:00 <p>Information published.</p> Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code.</p> Windows PGM Microsoft Yes CVE-2023-32014 Integer Underflow (Wrap or Wraparound) 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 5027230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027230 5026382 10729 10735 Yes Security Update 10.0.10240.19983 https://support.microsoft.com/help/5027230 10729 10735 5027230 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10852 10853 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10852 10853 10816 10855 5027219 5027279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027279 5026408 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22113 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027279 5027279 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027277 9312 10287 9318 9344 Yes Security Only 6.0.6003.22113 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027277 5027277 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027275 5026413 10051 10049 Yes Monthly Rollup 6.1.7601.26564 https://support.microsoft.com/help/5027275 10051 10049 5027275 5027275 https://support.microsoft.com/help/5027275 10051 10049 5027256 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027256 10051 10049 Yes Security Only 6.1.7601.26564 https://support.microsoft.com/help/5027256 10051 10049 5027256 5027256 https://support.microsoft.com/help/5027256 10051 10049 5027283 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027283 5026419 10378 10379 Yes Monthly Rollup 6.2.9200.24314 https://support.microsoft.com/help/5027283 10378 10379 5027283 5027281 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027281 10378 10379 Yes Security Only 6.2.9200.24314 https://support.microsoft.com/help/5027281 10378 10379 5027281 5027271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027271 5026415 10483 10543 Yes Monthly Rollup 6.3.9600.21013 https://support.microsoft.com/help/5027271 10483 10543 5027271 5027282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027282 10483 10543 Yes Security Only 6.3.9600.21013 https://support.microsoft.com/help/5027282 10483 10543 5027282 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p> <p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p> Anonymous 1.0 2023-06-13T07:00:00 <p>Information published.</p> Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code.</p> Windows PGM Microsoft Yes CVE-2023-32015 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 5027230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027230 5026382 10729 10735 Yes Security Update 10.0.10240.19983 https://support.microsoft.com/help/5027230 10729 10735 5027230 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10852 10853 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10852 10853 10816 10855 5027219 5027279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027279 5026408 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22113 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027279 5027279 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027277 9312 10287 9318 9344 Yes Security Only 6.0.6003.22113 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027277 5027277 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027275 5026413 10051 10049 Yes Monthly Rollup 6.1.7601.26564 https://support.microsoft.com/help/5027275 10051 10049 5027275 5027275 https://support.microsoft.com/help/5027275 10051 10049 5027256 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027256 10051 10049 Yes Security Only 6.1.7601.26564 https://support.microsoft.com/help/5027256 10051 10049 5027256 5027256 https://support.microsoft.com/help/5027256 10051 10049 5027283 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027283 5026419 10378 10379 Yes Monthly Rollup 6.2.9200.24314 https://support.microsoft.com/help/5027283 10378 10379 5027283 5027281 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027281 10378 10379 Yes Security Only 6.2.9200.24314 https://support.microsoft.com/help/5027281 10378 10379 5027281 5027271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027271 5026415 10483 10543 Yes Monthly Rollup 6.3.9600.21013 https://support.microsoft.com/help/5027271 10483 10543 5027271 5027282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027282 10483 10543 Yes Security Only 6.3.9600.21013 https://support.microsoft.com/help/5027282 10483 10543 5027282 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p> <p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p> Anonymous 1.0 2023-06-13T07:00:00 <p>Information published.</p> Windows Installer Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.</p> Windows Installer Microsoft Yes CVE-2023-32016 Use of Uninitialized Resource 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 5027230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027230 5026382 10729 10735 Yes Security Update 10.0.10240.19983 https://support.microsoft.com/help/5027230 10729 10735 5027230 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10852 10853 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10852 10853 10816 10855 5027219 5027279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027279 5026408 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22113 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027279 5027279 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027277 9312 10287 9318 9344 Yes Security Only 6.0.6003.22113 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027277 5027277 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027275 5026413 10051 10049 Yes Monthly Rollup 6.1.7601.26564 https://support.microsoft.com/help/5027275 10051 10049 5027275 5027275 https://support.microsoft.com/help/5027275 10051 10049 5027256 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027256 10051 10049 Yes Security Only 6.1.7601.26564 https://support.microsoft.com/help/5027256 10051 10049 5027256 5027256 https://support.microsoft.com/help/5027256 10051 10049 5027283 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027283 5026419 10378 10379 Yes Monthly Rollup 6.2.9200.24314 https://support.microsoft.com/help/5027283 10378 10379 5027283 5027281 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027281 10378 10379 Yes Security Only 6.2.9200.24314 https://support.microsoft.com/help/5027281 10378 10379 5027281 5027271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027271 5026415 10483 10543 Yes Monthly Rollup 6.3.9600.21013 https://support.microsoft.com/help/5027271 10483 10543 5027271 5027282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027282 10483 10543 Yes Security Only 6.3.9600.21013 https://support.microsoft.com/help/5027282 10483 10543 5027282 <a href="https://twitter.com/a_denkiewicz">Adrian Denkiewicz</a> with <a href="https://doyensec.com/">Doyensec</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> Microsoft PostScript Printer Driver Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Microsoft Printer Drivers Microsoft Yes CVE-2023-32017 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 5027230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027230 5026382 10729 10735 Yes Security Update 10.0.10240.19983 https://support.microsoft.com/help/5027230 10729 10735 5027230 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10852 10853 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10852 10853 10816 10855 5027219 5027279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027279 5026408 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22113 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027279 5027279 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027277 9312 10287 9318 9344 Yes Security Only 6.0.6003.22113 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027277 5027277 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027275 5026413 10051 10049 Yes Monthly Rollup 6.1.7601.26564 https://support.microsoft.com/help/5027275 10051 10049 5027275 5027275 https://support.microsoft.com/help/5027275 10051 10049 5027256 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027256 10051 10049 Yes Security Only 6.1.7601.26564 https://support.microsoft.com/help/5027256 10051 10049 5027256 5027256 https://support.microsoft.com/help/5027256 10051 10049 5027283 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027283 5026419 10378 10379 Yes Monthly Rollup 6.2.9200.24314 https://support.microsoft.com/help/5027283 10378 10379 5027283 5027281 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027281 10378 10379 Yes Security Only 6.2.9200.24314 https://support.microsoft.com/help/5027281 10378 10379 5027281 5027271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027271 5026415 10483 10543 Yes Monthly Rollup 6.3.9600.21013 https://support.microsoft.com/help/5027271 10483 10543 5027271 5027282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027282 10483 10543 Yes Security Only 6.3.9600.21013 https://support.microsoft.com/help/5027282 10483 10543 5027282 kap0k 1.0 2023-06-13T07:00:00 <p>Information published.</p> Windows Hello Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Windows Hello Microsoft Yes CVE-2023-32018 Use After Free 12085 12086 Remote Code Execution 12085 Remote Code Execution 12086 Important 12085 Important 12086 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 CHEN QINGYANG with Topsec Alpha Team 1.0 2023-06-13T07:00:00 <p>Information published.</p> Windows Kernel Information Disclosure Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to coordinate an attack with another privileged process executed by another user in the system.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server.</p> Windows Kernel Microsoft Yes CVE-2023-32019 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10852 10853 10816 10855 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11568 11569 11570 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11929 11930 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11929 11930 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11929 11930 11931 12097 12098 12099 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 12098 12099 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 12098 12099 5027215 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10852 10853 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10852 10853 10816 10855 5027219 Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> Windows DNS Spoofing Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?</strong></p> <p>While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.</p> Role: DNS Server Microsoft Yes CVE-2023-32020 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Spoofing 11571 Spoofing 11572 Spoofing 11923 Spoofing 11924 Spoofing 10816 Spoofing 10855 Spoofing 9312 Spoofing 10287 Spoofing 9318 Spoofing 9344 Spoofing 10051 Spoofing 10049 Spoofing 10378 Spoofing 10379 Spoofing 10483 Spoofing 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.6 4.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11571 5.6 4.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11572 5.6 4.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11923 5.6 4.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11924 5.6 4.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 10816 5.6 4.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 10855 5.6 4.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 9312 5.6 4.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 10287 5.6 4.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 9318 5.6 4.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 9344 5.6 4.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 10051 5.6 4.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 10049 5.6 4.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 10378 5.6 4.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 10379 5.6 4.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 10483 5.6 4.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 10543 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10816 10855 5027219 5027279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027279 5026408 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22113 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027279 5027279 https://support.microsoft.com/help/5027279 9312 10287 9318 9344 5027277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027277 9312 10287 9318 9344 Yes Security Only 6.0.6003.22113 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027277 5027277 https://support.microsoft.com/help/5027277 9312 10287 9318 9344 5027275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027275 5026413 10051 10049 Yes Monthly Rollup 6.1.7601.26564 https://support.microsoft.com/help/5027275 10051 10049 5027275 5027275 https://support.microsoft.com/help/5027275 10051 10049 5027256 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027256 10051 10049 Yes Security Only 6.1.7601.26564 https://support.microsoft.com/help/5027256 10051 10049 5027256 5027256 https://support.microsoft.com/help/5027256 10051 10049 5027283 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027283 5026419 10378 10379 Yes Monthly Rollup 6.2.9200.24314 https://support.microsoft.com/help/5027283 10378 10379 5027283 5027281 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027281 10378 10379 Yes Security Only 6.2.9200.24314 https://support.microsoft.com/help/5027281 10378 10379 5027281 5027271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027271 5026415 10483 10543 Yes Monthly Rollup 6.3.9600.21013 https://support.microsoft.com/help/5027271 10483 10543 5027271 5027282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027282 10483 10543 Yes Security Only 6.3.9600.21013 https://support.microsoft.com/help/5027282 10483 10543 5027282 <a href="https://netsec.ccert.edu.cn/people/lx19">Xiang Li</a> with <a href="https://netsec.ccert.edu.cn/">NISL Lab @Tsinghua University</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> Windows SMB Witness Service Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could execute RPC procedures that are restricted to privileged accounts, bypassing the access check for the RPC procedures.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker could execute a specially crafted malicious script which executes an RPC call to a Windows SMB Witness Service.</p> Windows SMB Microsoft Yes CVE-2023-32021 11571 11572 11923 11924 10816 10855 10483 10543 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C 11571 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C 11572 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C 11923 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C 11924 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C 10816 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C 10855 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C 10483 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C 10543 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10816 10855 5027219 5027271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027271 5026415 10483 10543 Yes Monthly Rollup 6.3.9600.21013 https://support.microsoft.com/help/5027271 10483 10543 5027271 5027282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027282 10483 10543 Yes Security Only 6.3.9600.21013 https://support.microsoft.com/help/5027282 10483 10543 5027282 <p><strong>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigating factors</a> might be helpful in your situation:</strong></p> <ul> <li>Only AD-detached clusters with Scale-out File server role installed are affected by this vulnerability. <a href="https://learn.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn265970(v=ws.11)">https://learn.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn265970(v=ws.11)</a></li> <li>Version: AD-detached cluster is available on Windows Server 2012 R2 and above.</li> </ul> Anonymous 1.0 2023-06-13T07:00:00 <p>Information published.</p> Windows Server Service Security Feature Bypass Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker could execute a specially crafted malicious script which executes an RPC call to a Windows SMB Server Service.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could execute RPC procedures that are restricted to privileged accounts, bypassing the access check for the RPC procedures.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L), and have a high impact on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>Abuse of the affected RPC procedures can lead directly to a loss of the availability (A:H) of this service. At the same time we cannot rule out the potential impact that successful exploitation could have on Confidentiality and Integrity,</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The attacker must be authenticated to be able to exploit this vulnerability.</p> Windows Server Service Microsoft Yes CVE-2023-32022 Improper Authorization 11571 11572 11923 11924 10816 10855 10483 10543 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C 11571 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C 11572 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C 11923 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C 11924 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C 10816 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C 10855 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C 10483 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C 10543 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 10816 10855 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 10816 10855 5027219 5027271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027271 5026415 10483 10543 Yes Monthly Rollup 6.3.9600.21013 https://support.microsoft.com/help/5027271 10483 10543 5027271 5027282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027282 10483 10543 Yes Security Only 6.3.9600.21013 https://support.microsoft.com/help/5027282 10483 10543 5027282 <p><strong>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigating factors</a> might be helpful in your situation:</strong></p> <ul> <li>Only AD-detached clusters are affected by this vulnerability. <a href="https://learn.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn265970(v=ws.11)">https://learn.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn265970(v=ws.11)</a></li> <li>Version: AD-detached cluster is available with Windows Server 2012 R2 and above.</li> </ul> Anonymous 1.0 2023-06-13T07:00:00 <p>Information published.</p> .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Microsoft Yes CVE-2023-32030 11650-10852 11650-10853 11650-10816 11650-10855 11650-10051 11650-10049 11650-10378 11650-10379 11650-10483 11650-10543 11676-11568 11676-11569 11676-11571 11676-11572 11676-11923 11676-11924 11676-11926 11676-11927 11676-11929 11676-11930 11676-11931 11676-12097 11676-12098 11676-12099 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 11723-10852 11723-10853 11723-10816 11723-10855 11863-10051 11863-10049 11863-10378 11863-10379 11863-10483 11863-10543 12079-11923 12079-11924 12079-11926 12079-11927 12079-11929 12079-11930 12079-11931 12079-12085 12079-12086 12079-12097 12079-12098 12079-12099 12115-9312 12115-10287 12115-9318 12115-9344 12128-10729 12128-10735 9292-9312 9292-9318 9195-9312 9195-9318 2472-10378 2472-10379 2472-10483 2472-10543 9495-10051 9495-10049 Denial of Service 11650-10852 Denial of Service 11650-10853 Denial of Service 11650-10816 Denial of Service 11650-10855 Denial of Service 11650-10051 Denial of Service 11650-10049 Denial of Service 11650-10378 Denial of Service 11650-10379 Denial of Service 11650-10483 Denial of Service 11650-10543 Denial of Service 11676-11568 Denial of Service 11676-11569 Denial of Service 11676-11571 Denial of Service 11676-11572 Denial of Service 11676-11923 Denial of Service 11676-11924 Denial of Service 11676-11926 Denial of Service 11676-11927 Denial of Service 11676-11929 Denial of Service 11676-11930 Denial of Service 11676-11931 Denial of Service 11676-12097 Denial of Service 11676-12098 Denial of Service 11676-12099 Denial of Service 11677-11568 Denial of Service 11677-11569 Denial of Service 11677-11570 Denial of Service 11677-11571 Denial of Service 11677-11572 Denial of Service 11723-10852 Denial of Service 11723-10853 Denial of Service 11723-10816 Denial of Service 11723-10855 Denial of Service 11863-10051 Denial of Service 11863-10049 Denial of Service 11863-10378 Denial of Service 11863-10379 Denial of Service 11863-10483 Denial of Service 11863-10543 Denial of Service 12079-11923 Denial of Service 12079-11924 Denial of Service 12079-11926 Denial of Service 12079-11927 Denial of Service 12079-11929 Denial of Service 12079-11930 Denial of Service 12079-11931 Denial of Service 12079-12085 Denial of Service 12079-12086 Denial of Service 12079-12097 Denial of Service 12079-12098 Denial of Service 12079-12099 Denial of Service 12115-9312 Denial of Service 12115-10287 Denial of Service 12115-9318 Denial of Service 12115-9344 Denial of Service 12128-10729 Denial of Service 12128-10735 Denial of Service 9292-9312 Denial of Service 9292-9318 Denial of Service 9195-9312 Denial of Service 9195-9318 Denial of Service 2472-10378 Denial of Service 2472-10379 Denial of Service 2472-10483 Denial of Service 2472-10543 Denial of Service 9495-10051 Denial of Service 9495-10049 Important 11650-10852 Important 11650-10853 Important 11650-10816 Important 11650-10855 Important 11650-10051 Important 11650-10049 Important 11650-10378 Important 11650-10379 Important 11650-10483 Important 11650-10543 Important 11676-11568 Important 11676-11569 Important 11676-11571 Important 11676-11572 Important 11676-11923 Important 11676-11924 Important 11676-11926 Important 11676-11927 Important 11676-11929 Important 11676-11930 Important 11676-11931 Important 11676-12097 Important 11676-12098 Important 11676-12099 Important 11677-11568 Important 11677-11569 Important 11677-11570 Important 11677-11571 Important 11677-11572 Important 11723-10852 Important 11723-10853 Important 11723-10816 Important 11723-10855 Important 11863-10051 Important 11863-10049 Important 11863-10378 Important 11863-10379 Important 11863-10483 Important 11863-10543 Important 12079-11923 Important 12079-11924 Important 12079-11926 Important 12079-11927 Important 12079-11929 Important 12079-11930 Important 12079-11931 Important 12079-12085 Important 12079-12086 Important 12079-12097 Important 12079-12098 Important 12079-12099 Important 12115-9312 Important 12115-10287 Important 12115-9318 Important 12115-9344 Important 12128-10729 Important 12128-10735 Important 9292-9312 Important 9292-9318 Important 9195-9312 Important 9195-9318 Important 2472-10378 Important 2472-10379 Important 2472-10483 Important 2472-10543 Important 9495-10051 Important 9495-10049 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10852 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10853 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10816 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10855 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10051 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10049 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10378 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10379 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10483 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10543 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11568 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11569 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11571 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11572 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11923 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11924 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11926 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11927 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11929 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11930 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11931 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-12097 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-12098 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-12099 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11677-11568 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11677-11569 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11677-11570 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11677-11571 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11677-11572 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11723-10852 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11723-10853 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11723-10816 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11723-10855 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11863-10051 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11863-10049 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11863-10378 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11863-10379 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11863-10483 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11863-10543 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-11923 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-11924 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-11926 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-11927 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-11929 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-11930 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-11931 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-12085 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-12086 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-12097 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-12098 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-12099 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12115-9312 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12115-10287 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12115-9318 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12115-9344 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12128-10729 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12128-10735 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 9292-9312 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 9292-9318 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 9195-9312 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 9195-9318 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 2472-10378 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 2472-10379 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 2472-10483 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 2472-10543 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 9495-10051 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 9495-10049 5027123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027123 5022503 11650-10852 11650-10853 11650-10816 11650-10855 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027123 11650-10852 11650-10853 11650-10816 11650-10855 5027123 5027540 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027129 5022731 11650-10051 11650-10049 Maybe Monthly Rollup 4.8.4644.0 https://support.microsoft.com/help/5027540 11650-10051 11650-10049 5027540 5027531 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027110 11650-10051 11650-10049 Maybe Security Only 4.8.4644.0 https://support.microsoft.com/help/5027531 11650-10051 11650-10049 5027531 5027541 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027126 5022732 11650-10378 11650-10379 Maybe Monthly Rollup 4.8.4644.0 https://support.microsoft.com/help/5027541 11650-10378 11650-10379 5027541 5027532 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027108 11650-10378 11650-10379 Maybe Security Only 4.8.4644.0 https://support.microsoft.com/help/5027532 11650-10378 11650-10379 5027532 5027542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027128 5022733 11650-10483 11650-10543 Maybe Monthly Rollup 4.8.4644.0 https://support.microsoft.com/help/5027542 11650-10483 11650-10543 5027542 5027533 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027109 11650-10483 11650-10543 Maybe Security Only 4.8.4644.0 https://support.microsoft.com/help/5027533 11650-10483 11650-10543 5027533 5027536 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027124 5022782 11676-11568 11676-11569 11676-11571 11676-11572 11677-11569 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027536 11676-11568 11676-11569 11676-11571 11676-11572 11677-11569 5027536 5027219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027219 5026363 11676-11923 11676-11924 11723-10852 11723-10853 11723-10816 11723-10855 9292-9312 Yes Security Update 10.0.14393.5989 https://support.microsoft.com/help/5027219 11676-11923 11676-11924 11723-10852 11723-10853 11723-10816 11723-10855 9292-9312 5027219 5027539 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027125 5026959, 5022730 11676-11926 11676-11927 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027539 11676-11926 11676-11927 5027539 5027537 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027122 5022728, 5026958, 5022729 11676-11929 11676-11930 11676-11931 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027537 11676-11929 11676-11930 11676-11931 5027537 5027538 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027122 5022728, 5026958, 5022729 11676-12097 11676-12098 11676-12099 Maybe Security Update 4.8.4644.0 https://support.microsoft.com/help/5027538 11676-12097 11676-12098 11676-12099 5027538 5027536 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027131 5022782 11677-11568 11677-11570 11677-11571 11677-11572 Maybe Security Update 4.7.4050.0 https://support.microsoft.com/help/5027536 11677-11568 11677-11570 11677-11571 11677-11572 5027536 5027540 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027134 5022731 11863-10051 11863-10049 Maybe Monthly Rollup 4.7.04043.0 https://support.microsoft.com/help/5027540 11863-10051 11863-10049 5027540 5027531 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027113 11863-10051 11863-10049 Maybe Security Only 4.7.4050.0 https://support.microsoft.com/help/5027531 11863-10051 11863-10049 5027531 5027541 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027132 5022732 11863-10378 11863-10379 Maybe Monthly Rollup 4.7.04043.0 https://support.microsoft.com/help/5027541 11863-10378 11863-10379 5027541 5027532 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027111 11863-10378 11863-10379 Maybe Security Only 4.7.4050.0 https://support.microsoft.com/help/5027532 11863-10378 11863-10379 5027532 5027542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027133 5022733 11863-10483 11863-10543 Maybe Monthly Rollup 4.7.04043.0 https://support.microsoft.com/help/5027542 11863-10483 11863-10543 5027542 5027533 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027112 11863-10483 11863-10543 Maybe Security Only 4.7.4050.0 https://support.microsoft.com/help/5027533 11863-10483 11863-10543 5027533 5027544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027121 5022735 12079-11923 12079-11924 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027544 12079-11923 12079-11924 5027544 5027539 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027118 5026959, 5022730 12079-11926 12079-11927 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027539 12079-11926 12079-11927 5027539 5027537 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027117 5022728, 5026958, 5022729 12079-11929 12079-11930 12079-11931 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027537 12079-11929 12079-11930 12079-11931 5027537 5027119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027119 5026515, 5022497 12079-12085 12079-12086 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027119 12079-12085 12079-12086 5027119 5027538 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027117 5022728, 5026958, 5022729 12079-12097 12079-12098 12079-12099 Maybe Security Update 4.8.9166.0 https://support.microsoft.com/help/5027538 12079-12097 12079-12098 12079-12099 5027538 5027543 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027134 5022731, 5022734 12115-9312 12115-10287 12115-9318 12115-9344 Maybe Monthly Rollup 4.7.04043.0 https://support.microsoft.com/help/5027543 12115-9312 12115-10287 12115-9318 12115-9344 5027543 5027534 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027113 12115-9312 12115-10287 12115-9318 12115-9344 9292-9318 9195-9318 Maybe Security Only 4.7.4050.0 https://support.microsoft.com/help/5027534 12115-9312 12115-10287 12115-9318 12115-9344 9292-9318 9195-9318 5027534 5027230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027230 5026382 12128-10729 12128-10735 Yes Security Update 10.0.10240.19983 https://support.microsoft.com/help/5027230 12128-10729 12128-10735 5027230 5027534 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027114 9292-9312 9195-9312 Maybe Security Only 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027534 9292-9312 9195-9312 5027534 5027543 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027139 5022734 9292-9318 9195-9312 9195-9318 Maybe Monthly Rollup 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027543 9292-9318 9195-9312 9195-9318 5027543 5027541 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027138 5022732 2472-10378 2472-10379 Maybe Monthly Rollup 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027541 2472-10378 2472-10379 5027541 5027532 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027107 2472-10378 2472-10379 Maybe Security Only 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027532 2472-10378 2472-10379 5027532 5027542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027141 5022733 2472-10483 2472-10543 Maybe Monthly Rollup 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027542 2472-10483 2472-10543 5027542 5027533 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027116 2472-10483 2472-10543 Maybe Security Only 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027533 2472-10483 2472-10543 5027533 5027540 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027140 5022731 9495-10051 9495-10049 Maybe Monthly Rollup 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027540 9495-10051 9495-10049 5027540 5027531 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027115 9495-10051 9495-10049 Maybe Security Only 3.0.6920.8954; 2.0.50727.8970 https://support.microsoft.com/help/5027531 9495-10051 9495-10049 5027531 1.0 2023-06-13T07:00:00 <p>Information published.</p> .NET and Visual Studio Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could overwrite arbitrary file content in the security context of the local system.</p> <p><strong>According to the CVSS metrics, the attack vector is local (AV:L) and privilege required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An attacker must have access to the targeted worker role and the ability to deploy a malicious application within the worker. The attack itself is carried out locally on the worker role where a malicious application has been deployed.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability might be able to gain some understanding of the filesystem layout, but nothing confidential. The attacker would be able to write files, and thus impact Integrity of files if they were overwritten, and similarly cause a Denial of Service if required files, configurations, or both were overwritten.</p> .NET and Visual Studio Microsoft Yes CVE-2023-32032 Improper Input Validation 12130 12051 11969 12129 12187 12131 Elevation of Privilege 12130 Elevation of Privilege 12051 Elevation of Privilege 11969 Elevation of Privilege 12129 Elevation of Privilege 12187 Elevation of Privilege 12131 Important 12130 Important 12051 Important 11969 Important 12129 Important 12187 Important 12131 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H/E:P/RL:O/RC:C 12130 6.5 5.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H/E:P/RL:O/RC:C 12051 6.5 5.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H/E:P/RL:O/RC:C 11969 6.5 5.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H/E:P/RL:O/RC:C 12129 6.5 5.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H/E:P/RL:O/RC:C 12187 6.5 5.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H/E:P/RL:O/RC:C 12131 5027798 https://dotnet.microsoft.com/download/dotnet/7.0 12130 Maybe Security Update 7.0.7 https://support.microsoft.com/help/5027798 12130 5027798 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.16 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.22 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.0 11969 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.3 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://github.com/PowerShell/Announcements/issues/45 12131 Maybe Security Update 7.3.5 https://github.com/PowerShell/Announcements/issues/45 12131 Release Notes Tom Deseyn of <a href="https://www.redhat.com/">Red Hat</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> 2.0 2023-06-29T07:00:00 <p>Revised the Security Updates table to include PowerShell 7.3 because this version of PowerShell 7 is affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/45">https://github.com/PowerShell/Announcements/issues/45</a> for more information.</p> .NET and Visual Studio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required  is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker must send the user a malicious file and convince the user to open it.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of this vulnerability requires that a user trigger the payload in the application.</p> .NET and Visual Studio Microsoft Yes CVE-2023-33126 12009 12130 12051 11969 12129 12187 11970 Remote Code Execution 12009 Remote Code Execution 12130 Remote Code Execution 12051 Remote Code Execution 11969 Remote Code Execution 12129 Remote Code Execution 12187 Remote Code Execution 11970 Important 12009 Important 12130 Important 12051 Important 11969 Important 12129 Important 12187 Important 11970 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12009 7.3 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12130 7.3 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12051 7.3 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11969 7.3 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12129 7.3 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12187 7.3 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11970 5027797 https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.18 https://support.microsoft.com/help/5027797 12009 5027797 5027798 https://dotnet.microsoft.com/download/dotnet/7.0 12130 Maybe Security Update 7.0.7 https://support.microsoft.com/help/5027798 12130 5027798 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.16 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.22 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.0 11969 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.3 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://github.com/PowerShell/Announcements/issues/46 11970 Maybe Security Update 7.2.12 https://github.com/PowerShell/Announcements/issues/46 11970 Release Notes <a href="https://github.com/ycdxsb">ycdxsb</a> with <a href="http://www.iie.ac.cn/">VARAS@IIE</a> <a href="https://github.com/ycdxsb">ycdxsb</a> with <a href="http://www.iie.ac.cn/">VARAS@IIE</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> 2.0 2023-06-29T07:00:00 <p>Revised the Security Updates table to include PowerShell 7.2 because this version of PowerShell 7 is affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/46">https://github.com/PowerShell/Announcements/issues/46</a> for more information.</p> .NET and Visual Studio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required  is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker must send the user a malicious file and convince the user to open it.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of this vulnerability requires that a user trigger the payload in the application.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). What does this mean for this vulnerability?</strong></p> <p>The attacker would have to be an authenticated user logged on to the vulnerable system to be able to exploit this vulnerability.</p> .NET and Visual Studio Microsoft Yes CVE-2023-33128 Use After Free 12009 12130 11969 12051 12129 12187 12131 Remote Code Execution 12009 Remote Code Execution 12130 Remote Code Execution 11969 Remote Code Execution 12051 Remote Code Execution 12129 Remote Code Execution 12187 Remote Code Execution 12131 Important 12009 Important 12130 Important 11969 Important 12051 Important 12129 Important 12187 Important 12131 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12009 7.3 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12130 7.3 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11969 7.3 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12051 7.3 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12129 7.3 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12187 7.3 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12131 5027797 https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.18 https://support.microsoft.com/help/5027797 12009 5027797 5027798 https://dotnet.microsoft.com/download/dotnet/7.0 12130 Maybe Security Update 7.0.7 https://support.microsoft.com/help/5027798 12130 5027798 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.22 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.0 11969 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.16 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.3 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://github.com/PowerShell/Announcements/issues/47 12131 Maybe Security Update 7.3.5 https://github.com/PowerShell/Announcements/issues/47 12131 Release Notes 1.0 2023-06-13T07:00:00 <p>Information published.</p> 2.0 2023-06-29T07:00:00 <p>Revised the Security Updates table to include PowerShell 7.3 because this version of PowerShell 7 is affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/47">https://github.com/PowerShell/Announcements/issues/47</a> for more information.</p> Microsoft SharePoint Server Denial of Service Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The attacker must be authenticated to the target site, with the permission to use Manage Lists within SharePoint.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N). How could an attacker exploit this vulnerability?</strong></p> <p>As an authenticated user, the attacker could send a specially crafted string of data over the network, causing the application to crash.</p> <p><strong>I am running SharePoint Server 2019 and there are multiple updates available. Do I need to install all the updates listed in the Security Updates table for these versions?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> Microsoft Office SharePoint Microsoft Yes CVE-2023-33129 Heap-based Buffer Overflow 10950 11585 11961 Denial of Service 10950 Denial of Service 11585 Denial of Service 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10950 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11585 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11961 5002404 https://www.microsoft.com/download/details.aspx?familyid=9e258554-8cfa-4616-84c9-a4fa1e26bf86 5002397 10950 Maybe Security Update 16.0.5400.1001 https://support.microsoft.com/help/5002404 10950 5002404 5002402 https://www.microsoft.com/download/details.aspx?familyid=254d91bb-b6b7-4668-b1c1-0045f769ba14 5002389 11585 Maybe Security Update 16.0.10399.20005 https://support.microsoft.com/help/5002402 11585 5002402 5002403 https://www.microsoft.com/download/details.aspx?familyid=ce540046-c17e-4999-9015-a7c0c4b345fd 5002330 11585 Maybe Security Update 16.0.10399.20005 https://support.microsoft.com/help/5002403 11585 5002403 5002416 https://www.microsoft.com/download/details.aspx?familyid=d5afe0e7-7490-485f-82e4-da5a385658b8 5002390 11961 Maybe Security Update 16.0.16130.20548 https://support.microsoft.com/help/5002416 11961 5002416 <a href="https://twitter.com/ivagunin">Ivan Vagunin</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> 1.1 2023-06-19T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> Microsoft SharePoint Server Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p> <p><strong>I am running SharePoint Server 2019 and there are multiple updates available. Do I need to install all the updates listed in the Security Updates table for these versions?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> Microsoft Office SharePoint Microsoft Yes CVE-2023-33130 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11585 11961 Spoofing 11585 Spoofing 11961 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11585 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11961 5002402 https://www.microsoft.com/download/details.aspx?familyid=254d91bb-b6b7-4668-b1c1-0045f769ba14 5002389 11585 Maybe Security Update 16.0.10399.20005 https://support.microsoft.com/help/5002402 11585 5002402 5002403 https://www.microsoft.com/download/details.aspx?familyid=ce540046-c17e-4999-9015-a7c0c4b345fd 5002330 11585 Maybe Security Update 16.0.10399.20005 https://support.microsoft.com/help/5002403 11585 5002403 5002416 https://www.microsoft.com/download/details.aspx?familyid=d5afe0e7-7490-485f-82e4-da5a385658b8 5002390 11961 Maybe Security Update 16.0.16130.20548 https://support.microsoft.com/help/5002416 11961 5002416 Chris81 1.0 2023-06-13T07:00:00 <p>Information published.</p> 1.1 2023-06-19T07:00:00 <p>Added an FAQ. This is an information change only.</p> Microsoft Outlook Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and privilege required is none (PR:N). What is the target used in the context of the remote code execution?</strong></p> <p>An attacker who successfully exploits this vulnerability could perform remote code execution in the context of the victim user. The attacker does not need privileges to attempt to exploit this vulnerability.</p> Microsoft Office Outlook Microsoft Yes CVE-2023-33131 11573 11574 11762 11763 11952 11953 10765 10766 10317 10318 10407 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 10765 Remote Code Execution 10766 Remote Code Execution 10317 Remote Code Execution 10318 Remote Code Execution 10407 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 10765 Important 10766 Important 10317 Important 10318 Important 10407 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10765 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10766 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10317 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10407 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run 5002387 https://www.microsoft.com/download/details.aspx?familyid=843b4dbd-4ed2-4788-888e-e93e5048ded0 5002254 10765 Maybe Security Update 16.0.5400.1000 https://support.microsoft.com/help/5002387 10765 5002387 5002387 https://www.microsoft.com/download/details.aspx?familyid=ac025dd0-d94a-4d1f-8f89-bdd027981cb2 5002254 10766 Maybe Security Update 16.0.5400.1000 https://support.microsoft.com/help/5002387 10766 5002387 5002382 https://www.microsoft.com/download/details.aspx?familyid=315cfec4-02de-4a56-b179-e5869fcab206 5002265 10317 Maybe Security Update 15.0.5563.1000 https://support.microsoft.com/help/5002382 10317 5002382 5002382 https://www.microsoft.com/download/details.aspx?familyid=4859cdfe-b783-4d2e-8cc8-6d65ec770270 5002254 10318 Maybe Security Update 15.0.5563.1000 https://support.microsoft.com/help/5002382 10318 5002382 5002382 5002265 10407 Maybe Security Update 15.0.5563.1000 https://support.microsoft.com/help/5002382 10407 5002382 Eduardo Braun Prado 1.1 2023-08-21T07:00:00 <p>Corrected Download and Article links in the Security Updates table. This is an informational change only.</p> 1.0 2023-06-13T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The attacker must be authenticated to the target site as at least a Site Member.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>Integrity is impacted as XSS allows an attacker to add their malicious script to fetch victim's sensitive info or to change DOM execution.</p> <p><strong>I am running SharePoint Server 2019 and there are multiple updates available. Do I need to install all the updates listed in the Security Updates table for these versions?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> Microsoft Office SharePoint Microsoft Yes CVE-2023-33132 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11585 11961 Spoofing 11585 Spoofing 11961 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.3 5.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11585 6.3 5.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11961 5002402 https://www.microsoft.com/download/details.aspx?familyid=254d91bb-b6b7-4668-b1c1-0045f769ba14 5002389 11585 Maybe Security Update 16.0.10399.20005 https://support.microsoft.com/help/5002402 11585 5002402 5002403 https://www.microsoft.com/download/details.aspx?familyid=ce540046-c17e-4999-9015-a7c0c4b345fd 5002330 11585 Maybe Security Update 16.0.10399.20005 https://support.microsoft.com/help/5002403 11585 5002403 5002416 https://www.microsoft.com/download/details.aspx?familyid=d5afe0e7-7490-485f-82e4-da5a385658b8 5002390 11961 Maybe Security Update 16.0.16130.20548 https://support.microsoft.com/help/5002416 11961 5002416 Chris81 1.0 2023-06-13T07:00:00 <p>Information published.</p> 1.1 2023-06-19T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> Microsoft Excel Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> Microsoft Office Excel Microsoft Yes CVE-2023-33133 Heap-based Buffer Overflow 11573 11574 11575 11605 11762 11763 11951 11952 11953 10739 10740 10656 10654 10655 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11575 Remote Code Execution 11605 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 10739 Remote Code Execution 10740 Remote Code Execution 10656 Remote Code Execution 10654 Remote Code Execution 10655 Important 11573 Important 11574 Important 11575 Important 11605 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 10739 Important 10740 Important 10656 Important 10654 Important 10655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11575 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11605 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10656 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10654 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10655 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Maybe Security Update 16.74.23061100 https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Release Notes 5002401 https://www.microsoft.com/download/details.aspx?familyid=c4ea9a4f-1c8e-43b5-af8f-ce298bf97f14 5002372 11605 Maybe Security Update 16.0.10399.20000 https://support.microsoft.com/help/5002401 11605 5002401 5002405 https://www.microsoft.com/download/details.aspx?familyid=0204046f-b4a1-47a1-a985-307c34e92ebe 5002386 10739 Maybe Security Update 16.0.5400.1000 https://support.microsoft.com/help/5002405 10739 5002405 5002405 https://www.microsoft.com/download/details.aspx?familyid=832c1bf7-27f6-4845-8ff5-6ff460381ec6 5002386 10740 Maybe Security Update 16.0.5400.1000 https://support.microsoft.com/help/5002405 10740 5002405 5002414 5002384 10656 Maybe Security Update 15.0.5563.1000 https://support.microsoft.com/help/5002414 10656 5002414 5002414 https://www.microsoft.com/download/details.aspx?familyid=1a60905c-9b77-4df7-944a-aeeff2ebc55f 5002384 10654 Maybe Security Update 15.0.5563.1000 https://support.microsoft.com/help/5002414 10654 5002414 5002414 https://www.microsoft.com/download/details.aspx?familyid=4f333af6-b5f9-499d-a4d9-32670c821cee 5002384 10655 Maybe Security Update 15.0.5563.1000 https://support.microsoft.com/help/5002414 10655 5002414 <a href="https://www.talosintelligence.com/">Marcin &#39;icewall&#39; Noga</a> with <a href="https://www.talosintelligence.com/">Cisco Talos</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> .NET and Visual Studio Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>Low-privilege attackers who successfully exploited the vulnerability could potentially write malicious configurations and download malicious files.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required  is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker must send the user a malicious file and convince the user to open it.</p> .NET and Visual Studio Microsoft Yes CVE-2023-33135 12009 12130 12051 11969 12129 12187 Elevation of Privilege 12009 Elevation of Privilege 12130 Elevation of Privilege 12051 Elevation of Privilege 11969 Elevation of Privilege 12129 Elevation of Privilege 12187 Important 12009 Important 12130 Important 12051 Important 11969 Important 12129 Important 12187 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12009 7.3 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12130 7.3 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12051 7.3 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11969 7.3 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12129 7.3 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12187 5027797 https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.18 https://support.microsoft.com/help/5027797 12009 5027797 5027798 https://dotnet.microsoft.com/download/dotnet/7.0 12130 Maybe Security Update 7.0.7 https://support.microsoft.com/help/5027798 12130 5027798 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.16 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.22 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.0 11969 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.3 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes <a href="https://github.com/ycdxsb">ycdxsb</a> with <a href="http://www.iie.ac.cn/">VARAS@IIE</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> Microsoft OneNote Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft OneNote and then click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability enables an attacker to obtain a victim's NetNTLMv2 hashes thus impact to Confidentiality is High. Integrity and Availability are not impacted because the hashes do not directly enable an attacker to modify data or impact the victim's application or server runtime.</p> Microsoft Office OneNote Microsoft Yes CVE-2023-33140 12192 Spoofing 12192 Important 12192 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12192 Release Notes https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 12192 Maybe Security Update 16.0.14326.21450 https://learn.microsoft.com/en-us/officeupdates/current-channel 12192 Release Notes Jordan Hopkins - Rootshell Security 1.1 2023-08-01T07:00:00 <p>Added an FAQ. This is an information change only.</p> 1.0 2023-06-13T07:00:00 <p>Information published.</p> AutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior <p><strong>Why is this AutoDesk CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in AutoDesk software which is consumed by the Microsoft products listed in the Security Updates table. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> Visual Studio AutoDesk Yes CVE-2023-27911 Heap-based Buffer Overflow 12271 12309 11573 11574 11762 11763 11952 11953 10743 10744 11760 11600 12051 11935 11969 10566 10577 12129 12187 Remote Code Execution 12271 Remote Code Execution 12309 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 10743 Remote Code Execution 10744 Remote Code Execution 11760 Remote Code Execution 11600 Remote Code Execution 12051 Remote Code Execution 11935 Remote Code Execution 11969 Remote Code Execution 10566 Remote Code Execution 10577 Remote Code Execution 12129 Remote Code Execution 12187 Important 12271 Important 12309 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 10743 Important 10744 Important 11760 Important 11600 Important 12051 Important 11935 Important 11969 Important 10566 Important 10577 Important 12129 Important 12187 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12271 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12309 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10743 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10744 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.9 12309 Maybe Security Update 17.9.3 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12309 Release Notes Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run 5002565 5002491 10743 10744 Maybe Other 5439.1000 https://support.microsoft.com/help/5002565 10743 10744 5002565 Release Notes https://www.microsoft.com/en-us/p/3d-viewer/9nblggh42ths?activetab=pivot:overviewtab 11760 Maybe Security Update 7.2306.12012.0 https://www.microsoft.com/en-us/p/3d-viewer/9nblggh42ths?activetab=pivot:overviewtab 11760 Release Notes Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.55 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.16 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.27 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.22 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.0 11969 Release Notes 5026454 https://aka.ms/vs/12/release/5026454 10566 Maybe Security Update 12.0.40702.0 https://support.microsoft.com/help/5026454 10566 5026454 5026455 https://aka.ms/vs/14/release/5026455 10577 Maybe Security Update 14.0.27554.0 https://support.microsoft.com/help/5026455 10577 5026455 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.17 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.13 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Mat Powell & Michael DePlante (@izobashi) of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> HAO LI of VenusTech ADLab 3.0 2024-03-12T07:00:00 <p>In the Security Updates table, made the following changes: 1) Added Microsoft Visual Studio 2022 version 17.8 and Microsoft Visual Studio 2022 version 17.9 as these versions are affected by this vulnerability. 2) Microsoft has released security updates on March 12, 2024 to comprehensively address this vulnerability for Microsoft Visual Studio 2022 version 17.4 and Microsoft Visual Studio 2022 version 17.6. Microsoft recommends customers install the updates to be fully protected from the vulnerability.</p> 1.0 2023-06-13T07:00:00 <p>Information published.</p> 2.0 2023-09-14T07:00:00 <p>In the Security Updates table, added all supported versions of 3D Viewer, Microsoft Office 2019, Microsoft Office LTSC 2021, and Microsoft 365 Apps for Enterprise because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> AutoDesk: CVE-2023-27910 stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior <p><strong>Why is this AutoDesk CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in AutoDesk software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> Visual Studio AutoDesk Yes CVE-2023-27910 11600 12051 11935 11969 12129 10566 10577 12187 Information Disclosure 11600 Information Disclosure 12051 Information Disclosure 11935 Information Disclosure 11969 Information Disclosure 12129 Information Disclosure 10566 Information Disclosure 10577 Information Disclosure 12187 Important 11600 Important 12051 Important 11935 Important 11969 Important 12129 Important 10566 Important 10577 Important 12187 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.55 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.16 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.27 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.22 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.0 11969 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes 5026454 https://aka.ms/vs/12/release/5026454 10566 Maybe Security Update 12.0.40702.0 https://support.microsoft.com/help/5026454 10566 5026454 5026455 https://aka.ms/vs/14/release/5026455 10577 Maybe Security Update 14.0.27554.0 https://support.microsoft.com/help/5026455 10577 5026455 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.3 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes HAO LI of VenusTech ADLab 1.0 2023-06-13T07:00:00 <p>Information published.</p> AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or prior <p><strong>Why is this AutoDesk CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in AutoDesk software which is consumed by the Microsoft products listed in the Security Updates table. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> Visual Studio AutoDesk Yes CVE-2023-27909 Heap-based Buffer Overflow 11573 11574 11762 11763 11952 11953 11600 12051 11935 11969 12129 10566 10577 12187 11760 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 11600 Remote Code Execution 12051 Remote Code Execution 11935 Remote Code Execution 11969 Remote Code Execution 12129 Remote Code Execution 10566 Remote Code Execution 10577 Remote Code Execution 12187 Remote Code Execution 11760 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 11600 Important 12051 Important 11935 Important 11969 Important 12129 Important 10566 Important 10577 Important 12187 Important 11760 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.55 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.16 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.27 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.22 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.0 11969 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes 5026454 https://aka.ms/vs/12/release/5026454 10566 Maybe Security Update 12.0.40702.0 https://support.microsoft.com/help/5026454 10566 5026454 5026455 https://aka.ms/vs/14/release/5026455 10577 Maybe Security Update 14.0.27554.0 https://support.microsoft.com/help/5026455 10577 5026455 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.3 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://www.microsoft.com/en-us/p/3d-viewer/9nblggh42ths?activetab=pivot:overviewtab 11760 Maybe Security Update 7.2306.12012.0 https://www.microsoft.com/en-us/p/3d-viewer/9nblggh42ths?activetab=pivot:overviewtab 11760 Release Notes keqi hu HAO LI of VenusTech ADLab Anonymous Anonymous working with Trend Micro Zero Day Initiative 1.0 2023-06-13T07:00:00 <p>Information published.</p> 2.0 2023-09-14T07:00:00 <p>In the Security Updates table, added all supported versions of 3D Viewer, Microsoft Office 2019, Microsoft Office LTSC 2021, and Microsoft 365 Apps for Enterprise because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability <p><strong>Is the update for YARP 2.0 currently available?</strong></p> <p>The security update for YARP 2.0 is not immediately available. The update will be released as soon as possible, and when it is available, customers will be notified via a revision to this CVE information.</p> ASP.NET Microsoft Yes CVE-2023-33141 Uncontrolled Resource Consumption 12029 12188 Denial of Service 12029 Denial of Service 12188 Important 12029 Important 12188 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12029 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12188 Release Notes https://www.nuget.org/packages/Yarp.ReverseProxy/1.1.2 12029 Maybe Security Update 1.1.2 https://github.com/microsoft/reverse-proxy/security/advisories/GHSA-jrjw-qgr2-wfcg 12029 Release Notes Release Notes https://www.nuget.org/packages/Yarp.ReverseProxy/2.0.1 12188 Maybe Security Update 2.0.1 https://github.com/microsoft/reverse-proxy/security/advisories/GHSA-jrjw-qgr2-wfcg 12188 Release Notes 1.0 2023-06-13T07:00:00 <p>Information published.</p> 1.1 2023-06-14T07:00:00 <p>FAQ added to explain that the YARP 2.0 is not immediately available. The update will be released as soon as possible, and when it is available, customers will be notified via a revision to this CVE information.</p> 2.0 2023-06-22T07:00:00 <p>The following revisions have been made in the Security Updates table: 1) Added YARP 1.0 as it is also affected by this vulnerability and an update is available. 2) The security update for YARP 2.0 is now available. Customers running these affected versions of YARP should install the update for their product to be protected from this vulnerability.</p> Microsoft SharePoint Server Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability would be able to create a list or document library in the targeted SharePoint site.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to a major loss of integrity (I:H) but no loss of confidentiality (C:N), or have any effect on availability (A:N). How could an attacker affect the SharePoint site?</strong></p> <p>An attacker who successfully exploited this vulnerability could create a list or document library in the targeted SharePoint site thus affecting the integrity. However, an attacker could not edit or delete a list or document library from the SharePoint site.</p> <p><strong>I am running SharePoint Server 2019 and there are multiple updates available. Do I need to install all the updates listed in the Security Updates table for these versions?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> Microsoft Office SharePoint Microsoft Yes CVE-2023-33142 Improper Authorization 11585 11961 Elevation of Privilege 11585 Elevation of Privilege 11961 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11585 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11961 5002402 https://www.microsoft.com/download/details.aspx?familyid=254d91bb-b6b7-4668-b1c1-0045f769ba14 5002389 11585 Maybe Security Update 16.0.10399.20005 https://support.microsoft.com/help/5002402 11585 5002402 5002403 https://www.microsoft.com/download/details.aspx?familyid=ce540046-c17e-4999-9015-a7c0c4b345fd 5002330 11585 Maybe Security Update 16.0.10399.20005 https://support.microsoft.com/help/5002403 11585 5002403 5002416 https://www.microsoft.com/download/details.aspx?familyid=d5afe0e7-7490-485f-82e4-da5a385658b8 5002390 11961 Maybe Security Update 16.0.16130.20548 https://support.microsoft.com/help/5002416 11961 5002416 Anonymous 1.0 2023-06-13T07:00:00 <p>Information published.</p> 1.1 2023-06-19T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> Visual Studio Code Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker would have to send the victim a malicious file that the victim would have to open with Visual Studio Code.</p> Visual Studio Code Microsoft Yes CVE-2023-33144 Relative Path Traversal 11622 Spoofing 11622 Important 11622 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.6 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11622 Release Notes https://code.visualstudio.com/Download 11622 Maybe Security Update 1.79 https://code.visualstudio.com/updates/v1_79 11622 Release Notes <a href="https://twitter.com/justinsteven">Justin Steven</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is data inside the targeted website like IDs, tokens, cryptographic nonces, and other sensitive information.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-33145 11655 Information Disclosure 11655 Important 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 114.0.1823.51 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes <a href="https://twitter.com/shhnjk">Jun Kokatsu</a> 1.0 2023-06-13T07:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 Mariner security-advisories@github.com Yes CVE-2023-31124 12137 12138 12137 12138 12137 12138 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 12137 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 12138 c-ares 12137 c-ares-1.19.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 c-ares-devel-1.19.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 c-ares-debuginfo-1.19.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.19.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 12137 c-ares c-ares 12138 c-ares-1.19.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 c-ares-devel-1.19.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 c-ares-debuginfo-1.19.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.19.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 12138 c-ares 1.0 2023-06-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-28772 https://nvd.nist.gov/vuln/detail/CVE-2023-28772 Mariner cve@mitre.org Yes CVE-2023-28772 12137 12138 12137 12138 12137 12138 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 12137 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 12138 kernel 12137 kernel-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.174.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-28772 12137 kernel kernel 12138 kernel-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.174.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-28772 12138 kernel 1.0 2023-03-30T00:00:00 <p>Information published.</p> 1.1 2023-06-07T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-46457 https://nvd.nist.gov/vuln/detail/CVE-2022-46457 https://nvd.nist.gov/vuln/detail/CVE-2022-46457 Mariner cve@mitre.org Yes CVE-2022-46457 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12140 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12138 nasm 12139 nasm-2.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 nasm-debuginfo-2.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.16-1 https://nvd.nist.gov/vuln/detail/CVE-2022-46457 12139 nasm nasm 12140 12138 CBL-Mariner 2.16-1 https://nvd.nist.gov/vuln/detail/CVE-2022-46457 12140 12138 nasm nasm 12137 nasm-2.16-1.cm1.x86_64.rpm 0001-01-01T00:00:00 nasm-debuginfo-2.16-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.16-1 https://nvd.nist.gov/vuln/detail/CVE-2022-46457 12137 nasm 1.0 2023-01-12T00:00:00 <p>Information published.</p> 1.1 2023-06-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-44370 https://nvd.nist.gov/vuln/detail/CVE-2022-44370 https://nvd.nist.gov/vuln/detail/CVE-2022-44370 Mariner cve@mitre.org Yes CVE-2022-44370 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12140 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12137 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12138 nasm 12139 nasm-2.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 nasm-debuginfo-2.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.16-1 https://nvd.nist.gov/vuln/detail/CVE-2022-44370 12139 nasm nasm 12140 12138 CBL-Mariner 2.16-1 https://nvd.nist.gov/vuln/detail/CVE-2022-44370 12140 12138 nasm nasm 12137 nasm-2.16-1.cm1.x86_64.rpm 0001-01-01T00:00:00 nasm-debuginfo-2.16-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.16-1 https://nvd.nist.gov/vuln/detail/CVE-2022-44370 12137 nasm 1.0 2023-04-05T00:00:00 <p>Information published.</p> 1.1 2023-04-03T00:00:00 <p>Information published.</p> 1.2 2023-06-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-30612 https://nvd.nist.gov/vuln/detail/CVE-2023-30612 Mariner security-advisories@github.com Yes CVE-2023-30612 12139 12140 12139 12140 12139 12140 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12139 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12140 cloud-hypervisor 12139 cloud-hypervisor-31.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 31.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-30612 12139 cloud-hypervisor cloud-hypervisor 12140 CBL-Mariner 31.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-30612 12140 cloud-hypervisor 1.0 2023-04-25T00:00:00 <p>Information published.</p> 1.1 2023-06-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-32269 https://nvd.nist.gov/vuln/detail/CVE-2023-32269 https://nvd.nist.gov/vuln/detail/CVE-2023-32269 https://nvd.nist.gov/vuln/detail/CVE-2023-32269 Mariner cve@mitre.org Yes CVE-2023-32269 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 12139 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 12140 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 12137 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 12138 kernel 12139 kernel-5.15.112.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.112.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.112.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.112.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.112.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.112.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.112.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.112.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.112.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.112.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.112.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-32269 12139 kernel kernel 12140 kernel-5.15.112.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.112.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.112.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.112.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.112.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.112.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.112.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.112.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.112.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.112.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.112.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.112.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-32269 12140 kernel kernel 12137 kernel-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.181.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-32269 12137 kernel kernel 12138 CBL-Mariner 5.10.181.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-32269 12138 kernel 1.0 2023-05-12T00:00:00 <p>Information published.</p> 1.1 2023-06-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-32233 https://nvd.nist.gov/vuln/detail/CVE-2023-32233 https://nvd.nist.gov/vuln/detail/CVE-2023-32233 https://nvd.nist.gov/vuln/detail/CVE-2023-32233 Mariner cve@mitre.org Yes CVE-2023-32233 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 kernel 12139 kernel-5.15.112.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.112.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.112.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.112.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.112.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.112.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.112.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.112.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.112.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.112.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.112.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-32233 12139 kernel kernel 12140 kernel-5.15.112.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.112.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.112.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.112.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.112.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.112.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.112.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.112.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.112.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.112.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.112.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.112.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-32233 12140 kernel kernel 12137 kernel-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.181.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-32233 12137 kernel kernel 12138 CBL-Mariner 5.10.181.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-32233 12138 kernel 1.0 2023-05-16T00:00:00 <p>Information published.</p> 1.1 2023-06-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-31490 https://nvd.nist.gov/vuln/detail/CVE-2023-31490 Mariner cve@mitre.org Yes CVE-2023-31490 12139 12140 12139 12140 12139 12140 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 frr 12139 frr-8.5.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 frr-debuginfo-8.5.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.5.1-2 https://nvd.nist.gov/vuln/detail/CVE-2023-31490 12139 frr frr 12140 frr-8.5.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 frr-debuginfo-8.5.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.5.1-2 https://nvd.nist.gov/vuln/detail/CVE-2023-31490 12140 frr 1.0 2023-05-17T00:00:00 <p>Information published.</p> 1.1 2023-06-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-2731 https://nvd.nist.gov/vuln/detail/CVE-2023-2731 https://nvd.nist.gov/vuln/detail/CVE-2023-2731 https://nvd.nist.gov/vuln/detail/CVE-2023-2731 Mariner secalert@redhat.com Yes CVE-2023-2731 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12140 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12138 libtiff 12139 libtiff-4.5.0-3.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.0-3.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.0-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.0-3 https://nvd.nist.gov/vuln/detail/CVE-2023-2731 12139 libtiff libtiff 12140 libtiff-4.5.0-3.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.0-3.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.0-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.0-3 https://nvd.nist.gov/vuln/detail/CVE-2023-2731 12140 libtiff libtiff 12137 libtiff-4.5.0-3.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.0-3.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.0-3.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.0-3 https://nvd.nist.gov/vuln/detail/CVE-2023-2731 12137 libtiff libtiff 12138 CBL-Mariner 4.5.0-3 https://nvd.nist.gov/vuln/detail/CVE-2023-2731 12138 libtiff 1.0 2023-05-23T00:00:00 <p>Information published.</p> 1.1 2023-06-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-33204 https://nvd.nist.gov/vuln/detail/CVE-2023-33204 Mariner cve@mitre.org Yes CVE-2023-33204 12139 12140 12139 12140 12139 12140 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12140 sysstat 12139 sysstat-12.7.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 sysstat-debuginfo-12.7.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 12.7.1-2 https://nvd.nist.gov/vuln/detail/CVE-2023-33204 12139 sysstat sysstat 12140 sysstat-12.7.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 sysstat-debuginfo-12.7.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 12.7.1-2 https://nvd.nist.gov/vuln/detail/CVE-2023-33204 12140 sysstat 1.0 2023-05-26T00:00:00 <p>Information published.</p> 1.1 2023-06-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-1859 https://nvd.nist.gov/vuln/detail/CVE-2023-1859 https://nvd.nist.gov/vuln/detail/CVE-2023-1859 https://nvd.nist.gov/vuln/detail/CVE-2023-1859 Mariner secalert@redhat.com Yes CVE-2023-1859 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12137 kernel-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.181.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-1859 12137 kernel kernel 12138 CBL-Mariner 5.10.181.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-1859 12138 kernel kernel 12139 kernel-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.116.1-2 https://nvd.nist.gov/vuln/detail/CVE-2023-1859 12139 kernel kernel 12140 kernel-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.116.1-2 https://nvd.nist.gov/vuln/detail/CVE-2023-1859 12140 kernel 1.0 2023-05-26T00:00:00 <p>Information published.</p> 1.1 2023-06-13T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-33288 https://nvd.nist.gov/vuln/detail/CVE-2023-33288 Mariner cve@mitre.org Yes CVE-2023-33288 12137 12138 12137 12138 12137 12138 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 kernel 12137 kernel-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.181.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-33288 12137 kernel kernel 12138 CBL-Mariner 5.10.181.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-33288 12138 kernel 1.0 2023-05-26T00:00:00 <p>Information published.</p> 1.1 2023-06-13T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-33203 https://nvd.nist.gov/vuln/detail/CVE-2023-33203 Mariner cve@mitre.org Yes CVE-2023-33203 12137 12138 12137 12138 12137 12138 6.4 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12137 6.4 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12138 kernel 12137 kernel-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.181.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-33203 12137 kernel kernel 12138 CBL-Mariner 5.10.181.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-33203 12138 kernel 1.0 2023-05-29T00:00:00 <p>Information published.</p> 1.1 2023-06-13T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-25725 https://nvd.nist.gov/vuln/detail/CVE-2023-25725 https://nvd.nist.gov/vuln/detail/CVE-2023-25725 https://nvd.nist.gov/vuln/detail/CVE-2023-25725 Mariner cve@mitre.org Yes CVE-2023-25725 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 12137 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 12138 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 12139 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 12140 haproxy 12137 haproxy-2.1.5-2.cm1.x86_64.rpm 0001-01-01T00:00:00 haproxy-doc-2.1.5-2.cm1.x86_64.rpm 0001-01-01T00:00:00 haproxy-debuginfo-2.1.5-2.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.1.5-2 https://nvd.nist.gov/vuln/detail/CVE-2023-25725 12137 haproxy haproxy 12138 haproxy-2.1.5-2.cm1.aarch64.rpm 0001-01-01T00:00:00 haproxy-doc-2.1.5-2.cm1.aarch64.rpm 0001-01-01T00:00:00 haproxy-debuginfo-2.1.5-2.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.1.5-2 https://nvd.nist.gov/vuln/detail/CVE-2023-25725 12138 haproxy haproxy 12139 haproxy-2.4.22-1.cm2.x86_64.rpm 0001-01-01T00:00:00 haproxy-doc-2.4.22-1.cm2.x86_64.rpm 0001-01-01T00:00:00 haproxy-debuginfo-2.4.22-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.4.22-1 https://nvd.nist.gov/vuln/detail/CVE-2023-25725 12139 haproxy haproxy 12140 haproxy-2.4.22-1.cm2.aarch64.rpm 0001-01-01T00:00:00 haproxy-doc-2.4.22-1.cm2.aarch64.rpm 0001-01-01T00:00:00 haproxy-debuginfo-2.4.22-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.4.22-1 https://nvd.nist.gov/vuln/detail/CVE-2023-25725 12140 haproxy 1.0 2023-02-20T00:00:00 <p>Information published.</p> 1.1 2023-06-28T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-32763 https://nvd.nist.gov/vuln/detail/CVE-2023-32763 https://nvd.nist.gov/vuln/detail/CVE-2023-32763 https://nvd.nist.gov/vuln/detail/CVE-2023-32763 Mariner cve@mitre.org Yes CVE-2023-32763 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12137 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12138 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 qt5-qtbase 12137 qt5-qtbase-5.12.11-7.cm1.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-common-5.12.11-7.cm1.noarch.rpm 0001-01-01T00:00:00 qt5-qtbase-devel-5.12.11-7.cm1.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-private-devel-5.12.11-7.cm1.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-examples-5.12.11-7.cm1.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-static-5.12.11-7.cm1.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-gui-5.12.11-7.cm1.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-debuginfo-5.12.11-7.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.12.11-7 https://nvd.nist.gov/vuln/detail/CVE-2023-32763 12137 qt5-qtbase qt5-qtbase 12138 qt5-qtbase-5.12.11-7.cm1.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-common-5.12.11-7.cm1.noarch.rpm 0001-01-01T00:00:00 qt5-qtbase-devel-5.12.11-7.cm1.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-private-devel-5.12.11-7.cm1.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-examples-5.12.11-7.cm1.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-static-5.12.11-7.cm1.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-gui-5.12.11-7.cm1.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-debuginfo-5.12.11-7.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.12.11-7 https://nvd.nist.gov/vuln/detail/CVE-2023-32763 12138 qt5-qtbase qt5-qtbase 12139 qt5-qtbase-5.15.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-common-5.15.9-1.cm2.noarch.rpm 0001-01-01T00:00:00 qt5-qtbase-devel-5.15.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-private-devel-5.15.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-examples-5.15.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-static-5.15.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-gui-5.15.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-debuginfo-5.15.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.12.11-8 https://nvd.nist.gov/vuln/detail/CVE-2023-32763 12139 qt5-qtbase qt5-qtbase 12140 qt5-qtbase-5.15.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-common-5.15.9-1.cm2.noarch.rpm 0001-01-01T00:00:00 qt5-qtbase-devel-5.15.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-private-devel-5.15.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-examples-5.15.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-static-5.15.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-gui-5.15.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-debuginfo-5.15.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.12.11-8 https://nvd.nist.gov/vuln/detail/CVE-2023-32763 12140 qt5-qtbase 1.0 2023-05-29T00:00:00 <p>Information published.</p> 1.1 2023-06-28T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-32762 https://nvd.nist.gov/vuln/detail/CVE-2023-32762 https://nvd.nist.gov/vuln/detail/CVE-2023-32762 https://nvd.nist.gov/vuln/detail/CVE-2023-32762 Mariner cve@mitre.org Yes CVE-2023-32762 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 12137 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 12138 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 12139 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 12140 qt5-qtbase 12137 qt5-qtbase-5.12.11-7.cm1.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-common-5.12.11-7.cm1.noarch.rpm 0001-01-01T00:00:00 qt5-qtbase-devel-5.12.11-7.cm1.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-private-devel-5.12.11-7.cm1.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-examples-5.12.11-7.cm1.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-static-5.12.11-7.cm1.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-gui-5.12.11-7.cm1.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-debuginfo-5.12.11-7.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.12.11-7 https://nvd.nist.gov/vuln/detail/CVE-2023-32762 12137 qt5-qtbase qt5-qtbase 12138 qt5-qtbase-5.12.11-7.cm1.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-common-5.12.11-7.cm1.noarch.rpm 0001-01-01T00:00:00 qt5-qtbase-devel-5.12.11-7.cm1.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-private-devel-5.12.11-7.cm1.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-examples-5.12.11-7.cm1.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-static-5.12.11-7.cm1.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-gui-5.12.11-7.cm1.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-debuginfo-5.12.11-7.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.12.11-7 https://nvd.nist.gov/vuln/detail/CVE-2023-32762 12138 qt5-qtbase qt5-qtbase 12139 qt5-qtbase-5.15.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-common-5.15.9-1.cm2.noarch.rpm 0001-01-01T00:00:00 qt5-qtbase-devel-5.15.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-private-devel-5.15.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-examples-5.15.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-static-5.15.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-gui-5.15.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-debuginfo-5.15.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.12.11-8 https://nvd.nist.gov/vuln/detail/CVE-2023-32762 12139 qt5-qtbase qt5-qtbase 12140 qt5-qtbase-5.15.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-common-5.15.9-1.cm2.noarch.rpm 0001-01-01T00:00:00 qt5-qtbase-devel-5.15.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-private-devel-5.15.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-examples-5.15.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-static-5.15.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-gui-5.15.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-debuginfo-5.15.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.12.11-8 https://nvd.nist.gov/vuln/detail/CVE-2023-32762 12140 qt5-qtbase 1.0 2023-05-30T00:00:00 <p>Information published.</p> 1.1 2023-05-31T00:00:00 <p>Added qt5-qtbase to CBL-Mariner 2.0</p> 1.2 2023-06-28T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-0459 https://nvd.nist.gov/vuln/detail/CVE-2023-0459 https://nvd.nist.gov/vuln/detail/CVE-2023-0459 https://nvd.nist.gov/vuln/detail/CVE-2023-0459 Mariner security@google.com Yes CVE-2023-0459 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12140 kernel 12137 kernel-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.181.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-0459 12137 kernel kernel 12138 CBL-Mariner 5.10.181.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-0459 12138 kernel kernel 12139 kernel-5.15.116.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.116.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.116.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.116.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.116.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.116.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.116.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.116.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.116.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.116.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.116.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-0459 12139 kernel kernel 12140 kernel-5.15.116.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.116.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.116.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.116.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.116.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.116.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.116.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.116.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.116.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.116.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.116.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.116.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-0459 12140 kernel 1.0 2023-06-02T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 Mariner security-advisories@github.com Yes CVE-2023-32681 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 6.1 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N 12137 6.1 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N 12138 6.1 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N 12139 6.1 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N 12140 python-requests 12137 12138 python-requests-2.22.0-3.cm1.noarch.rpm 0001-01-01T00:00:00 python3-requests-2.22.0-3.cm1.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 2.22.0-3 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 12137 12138 python-requests python-requests 12139 12140 python3-requests-2.27.1-6.cm2.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 2.27.1-6 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 12139 12140 python-requests 1.0 2023-06-03T00:00:00 <p>Information published.</p> 1.1 2023-06-05T00:00:00 <p>Added python-requests to CBL-Mariner 2.0</p> https://nvd.nist.gov/vuln/detail/CVE-2023-34256 https://nvd.nist.gov/vuln/detail/CVE-2023-34256 https://nvd.nist.gov/vuln/detail/CVE-2023-34256 https://nvd.nist.gov/vuln/detail/CVE-2023-34256 Mariner cve@mitre.org Yes CVE-2023-34256 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 kernel 12139 kernel-5.15.116.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.116.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.116.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.116.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.116.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.116.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.116.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.116.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.116.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.116.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.116.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-34256 12139 kernel kernel 12140 kernel-5.15.116.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.116.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.116.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.116.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.116.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.116.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.116.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.116.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.116.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.116.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.116.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.116.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-34256 12140 kernel kernel 12137 kernel-5.10.183.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.183.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.183.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.183.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.183.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.183.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.183.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.183.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.183.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.183.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-34256 12137 kernel kernel 12138 kernel-5.10.183.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.183.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.183.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.183.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.183.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.183.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.183.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.183.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.183.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.183.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-34256 12138 kernel 1.0 2023-06-08T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-44964 https://nvd.nist.gov/vuln/detail/CVE-2021-44964 Mariner cve@mitre.org Yes CVE-2021-44964 12139 12140 12139 12140 12139 12140 6.3 6.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H 12139 6.3 6.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H 12140 lua 12139 lua-5.4.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 lua-devel-5.4.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 lua-libs-5.4.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 lua-static-5.4.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 lua-debuginfo-5.4.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.4.4-1 https://nvd.nist.gov/vuln/detail/CVE-2021-44964 12139 lua lua 12140 lua-5.4.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 lua-devel-5.4.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 lua-libs-5.4.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 lua-static-5.4.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 lua-debuginfo-5.4.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.4.4-1 https://nvd.nist.gov/vuln/detail/CVE-2021-44964 12140 lua 1.0 2022-03-21T00:00:00 <p>Information published.</p> 1.1 2023-06-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-29194 https://nvd.nist.gov/vuln/detail/CVE-2023-29194 Mariner security-advisories@github.com Yes CVE-2023-29194 12139 12140 12139 12140 12139 12140 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 12139 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 12140 vitess 12139 vitess-16.0.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 vitess-debuginfo-16.0.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.0.2-1 https://nvd.nist.gov/vuln/detail/CVE-2023-29194 12139 vitess vitess 12140 vitess-16.0.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 vitess-debuginfo-16.0.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.0.2-1 https://nvd.nist.gov/vuln/detail/CVE-2023-29194 12140 vitess 1.0 2023-04-25T00:00:00 <p>Information published.</p> 1.1 2023-06-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-29195 https://nvd.nist.gov/vuln/detail/CVE-2023-29195 Mariner security-advisories@github.com Yes CVE-2023-29195 12139 12140 12139 12140 12139 12140 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 12139 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 12140 vitess 12139 vitess-16.0.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 vitess-debuginfo-16.0.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.0.2-1 https://nvd.nist.gov/vuln/detail/CVE-2023-29195 12139 vitess vitess 12140 vitess-16.0.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 vitess-debuginfo-16.0.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.0.2-1 https://nvd.nist.gov/vuln/detail/CVE-2023-29195 12140 vitess 1.0 2023-05-16T00:00:00 <p>Information published.</p> 1.1 2023-06-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2020-10735 https://nvd.nist.gov/vuln/detail/CVE-2020-10735 Mariner secalert@redhat.com Yes CVE-2020-10735 12137 12138 12137 12138 12137 12138 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12137 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12138 python3 12137 python3-3.7.16-1.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-libs-3.7.16-1.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-xml-3.7.16-1.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-curses-3.7.16-1.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-devel-3.7.16-1.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-tools-3.7.16-1.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-pip-3.7.16-1.cm1.noarch.rpm 0001-01-01T00:00:00 python3-setuptools-3.7.16-1.cm1.noarch.rpm 0001-01-01T00:00:00 python3-test-3.7.16-1.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-debuginfo-3.7.16-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.7.16-1 https://nvd.nist.gov/vuln/detail/CVE-2020-10735 12137 python3 python3 12138 CBL-Mariner 3.7.16-1 https://nvd.nist.gov/vuln/detail/CVE-2020-10735 12138 python3 1.0 2023-01-20T00:00:00 <p>Information published.</p> 1.1 2023-06-13T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-4696 https://nvd.nist.gov/vuln/detail/CVE-2022-4696 Mariner security@google.com Yes CVE-2022-4696 12137 12138 12137 12138 12137 12138 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 kernel 12137 kernel-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.181.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-4696 12137 kernel kernel 12138 CBL-Mariner 5.10.181.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-4696 12138 kernel 1.0 2023-05-13T00:00:00 <p>Information published.</p> 1.1 2023-06-13T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-1195 https://nvd.nist.gov/vuln/detail/CVE-2023-1195 Mariner secalert@redhat.com Yes CVE-2023-1195 12137 12138 12137 12138 12137 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 kernel 12137 kernel-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.181.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.181.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-1195 12137 kernel kernel 12138 CBL-Mariner 5.10.181.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-1195 12138 kernel 1.0 2023-05-29T00:00:00 <p>Information published.</p> 1.1 2023-06-13T00:00:00 <p>Information published.</p> Windows Hyper-V Denial of Service Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p> Windows Hyper-V Microsoft Yes CVE-2023-32013 Uncontrolled Resource Consumption 11569 11571 11572 11923 11924 11926 11927 11931 12085 12086 12097 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 5027222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 5026362 11569 11571 11572 Yes Security Update 10.0.17763.4499 https://support.microsoft.com/help/5027222 11569 11571 11572 5027222 5027222 https://support.microsoft.com/help/5027222 11569 11571 11572 5027225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225 5026370 11923 11924 Yes Security Update 10.0.20348.1787 https://support.microsoft.com/help/5027225 11923 11924 5027225 5027225 https://support.microsoft.com/help/5027225 11923 11924 5027319 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027319 11923 11924 Yes Security Hotpatch Update 10.0.20348.1784 https://support.microsoft.com/help/5027319 11923 11924 5027319 5027223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027223 5026368 11926 11927 Yes Security Update 10.0.22000.2057 https://support.microsoft.com/help/5027223 11926 11927 5027223 5027223 https://support.microsoft.com/help/5027223 11926 11927 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 11931 Yes Security Update 10.0.19044.3086 https://support.microsoft.com/help/5027215 11931 5027215 5027215 https://support.microsoft.com/help/5027215 11931 12097 5027231 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027231 5026372 12085 12086 Yes Security Update 10.0.22621.1848 https://support.microsoft.com/help/5027231 12085 12086 5027231 5027231 https://support.microsoft.com/help/5027231 12085 12086 5027215 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027215 5026361 12097 Yes Security Update 10.0.19045.3086 https://support.microsoft.com/help/5027215 12097 5027215 Maxime Villard, of M.O.R.S.E. 1.0 2023-06-13T07:00:00 <p>Information published.</p>