November 2023 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2023-Nov 2023-Nov Final 1.0 98 2026-02-21T03:39:10 November 2023 Security Updates 2023-11-14T08:00:00 2026-02-21T03:39:10 <h2 id="this-release-consists-of-the-following-63-microsoft-cves">This release consists of the following 63 Microsoft CVEs:</h2> <table> <thead> <tr> <th>Tag</th> <th>CVE</th> <th>Base Score</th> <th>CVSS Vector</th> <th>Exploitability</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Microsoft Dynamics</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36007">CVE-2023-36007</a></td> <td>7.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36014">CVE-2023-36014</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36016">CVE-2023-36016</a></td> <td>6.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Scripting</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36017">CVE-2023-36017</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Visual Studio Code</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36018">CVE-2023-36018</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36021">CVE-2023-36021</a></td> <td>8.0</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36022">CVE-2023-36022</a></td> <td>6.6</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36024">CVE-2023-36024</a></td> <td>7.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows SmartScreen</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36025">CVE-2023-36025</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36027">CVE-2023-36027</a></td> <td>7.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Protected EAP (PEAP)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36028">CVE-2023-36028</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36029">CVE-2023-36029</a></td> <td>4.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:T/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics 365 Sales</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36030">CVE-2023-36030</a></td> <td>6.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36031">CVE-2023-36031</a></td> <td>7.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM Core Library</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36033">CVE-2023-36033</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36034">CVE-2023-36034</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36035">CVE-2023-36035</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cloud Files Mini Filter Driver</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36036">CVE-2023-36036</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36037">CVE-2023-36037</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>ASP.NET</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36038">CVE-2023-36038</a></td> <td>8.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36039">CVE-2023-36039</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36041">CVE-2023-36041</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36042">CVE-2023-36042</a></td> <td>6.2</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Open Management Infrastructure</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36043">CVE-2023-36043</a></td> <td>6.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:T/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36045">CVE-2023-36045</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Authentication Methods</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36046">CVE-2023-36046</a></td> <td>7.1</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Authentication Methods</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36047">CVE-2023-36047</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET Framework</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36049">CVE-2023-36049</a></td> <td>7.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36050">CVE-2023-36050</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36052">CVE-2023-36052</a></td> <td>8.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DHCP Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36392">CVE-2023-36392</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Tablet Windows User Interface</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36393">CVE-2023-36393</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows Search Component</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36394">CVE-2023-36394</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Deployment Services</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36395">CVE-2023-36395</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Compressed Folder</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36396">CVE-2023-36396</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Internet Connection Sharing (ICS)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36397">CVE-2023-36397</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows NTFS</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36398">CVE-2023-36398</a></td> <td>6.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Storage</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36399">CVE-2023-36399</a></td> <td>7.1</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows HMAC Key Derivation</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36400">CVE-2023-36400</a></td> <td>8.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Remote Registry Service</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36401">CVE-2023-36401</a></td> <td>7.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC OLE DB provider for SQL</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36402">CVE-2023-36402</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36403">CVE-2023-36403</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36404">CVE-2023-36404</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36405">CVE-2023-36405</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Hyper-V</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36406">CVE-2023-36406</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Hyper-V</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36407">CVE-2023-36407</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Hyper-V</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36408">CVE-2023-36408</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36410">CVE-2023-36410</a></td> <td>7.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36413">CVE-2023-36413</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Defender</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36422">CVE-2023-36422</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Remote Registry Service</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36423">CVE-2023-36423</a></td> <td>7.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Common Log File System Driver</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36424">CVE-2023-36424</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Distributed File System (DFS)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36425">CVE-2023-36425</a></td> <td>8.0</td> <td>CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Hyper-V</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36427">CVE-2023-36427</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Authentication Methods</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36428">CVE-2023-36428</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure DevOps</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36437">CVE-2023-36437</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36439">CVE-2023-36439</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>ASP.NET</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36558">CVE-2023-36558</a></td> <td>6.2</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>ASP.NET</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36560">CVE-2023-36560</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Installer</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36705">CVE-2023-36705</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows Speech</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36719">CVE-2023-36719</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38151">CVE-2023-38151</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38177">CVE-2023-38177</a></td> <td>6.1</td> <td>CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="we-are-republishing-15-non-microsoft-cves">We are republishing 15 non-Microsoft CVEs:</h2> <table> <thead> <tr> <th>CNA</th> <th>Tag</th> <th>CVE</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Mitre</td> <td>Microsoft Bluetooth Driver</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24023">CVE-2023-24023</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-5480">CVE-2023-5480</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-5482">CVE-2023-5482</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-5849">CVE-2023-5849</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-5850">CVE-2023-5850</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-5851">CVE-2023-5851</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-5852">CVE-2023-5852</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-5853">CVE-2023-5853</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-5854">CVE-2023-5854</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-5855">CVE-2023-5855</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-5856">CVE-2023-5856</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-5857">CVE-2023-5857</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-5858">CVE-2023-5858</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-5859">CVE-2023-5859</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-5996">CVE-2023-5996</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-resources">Relevant Resources</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5032189">5032189</a></td> <td>Windows 10, version 21H2, Windows 10, version 22H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5032190">5032190</a></td> <td>Windows 11, version 22H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5032192">5032192</a></td> <td>Windows 11, version 21H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5032196">5032196</a></td> <td>Windows 10, version 1809, Windows Server 2019</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5032248">5032248</a></td> <td>Windows Server 2008 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5032250">5032250</a></td> <td>Windows Server 2008 R2 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5032252">5032252</a></td> <td>Windows Server 2008 R2 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5032254">5032254</a></td> <td>Windows Server 2008 (Monthly Rollup)</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019 Microsoft SharePoint Server Subscription Edition Microsoft Office LTSC for Mac 2021 Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 11 Version 23H2 for ARM64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 13 Microsoft Exchange Server 2019 Cumulative Update 12 Microsoft OLE DB Provider for DB2 V7 Host Integration Server 2020 Azure Pipelines Agent az staticwebapp appsettings set az functionapp config appsettings set az staticwebapp appsettings delete az functionapp config appsettings delete az webapp config appsettings delete az webapp config appsettings set az logicapp config appsettings delete az logicapp config appsettings set On-Prem Data Gateway Microsoft Dynamics 365 (on-premises) version 9.1 Send Customer Voice survey from Dynamics 365 app Microsoft Dynamics 365 (on-premises) version 9.0 System Center Operations Manager (SCOM) 2022 System Center Operations Manager (SCOM) 2019 System Center Operations Manager (SCOM) 2016 Windows Defender Antimalware Platform Microsoft Edge (Chromium-based) Microsoft Edge (Chromium-based) Extended Stable Microsoft Edge for Android Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022, 23H2 Edition (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2016 Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 R2 Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.6/4.6.2 on Windows 10 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.6/4.6.2 on Windows 10 for x64-based Systems Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.5 on Windows Server 2012 Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5 on Windows Server 2012 R2 Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Visual Studio 2022 version 17.6 Microsoft Visual Studio 2022 version 17.7 Jupyter Extension for Visual Studio Code PowerShell 7.2 PowerShell 7.3 PowerShell 7.4 .NET 6.0 ASP.NET Core 6.0 .NET 7.0 Microsoft Visual Studio 2022 version 17.2 .NET 8.0 Microsoft Visual Studio 2022 version 17.4 ASP.NET Core 7.0 ASP.NET Core 8.0 CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Windows Server 2016 Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Microsoft SharePoint Enterprise Server 2016 Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft SharePoint Server 2019 Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows Server 2012 Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 R2 Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2016 Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) Microsoft Edge (Chromium-based) Microsoft Dynamics 365 (on-premises) version 9.0 Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation) Windows Defender Antimalware Platform Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Edge for Android Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Microsoft Dynamics 365 (on-premises) version 9.1 Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft SharePoint Server Subscription Edition ASP.NET Core 6.0 PowerShell 7.2 .NET 6.0 Microsoft Exchange Server 2019 Cumulative Update 12 Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Visual Studio 2022 version 17.2 System Center Operations Manager (SCOM) 2016 System Center Operations Manager (SCOM) 2019 System Center Operations Manager (SCOM) 2022 Azure Pipelines Agent Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Jupyter Extension for Visual Studio Code Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Visual Studio 2022 version 17.4 .NET 7.0 PowerShell 7.3 Microsoft .NET Framework 3.5 AND 4.6/4.6.2 on Windows 10 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.6/4.6.2 on Windows 10 for x64-based Systems CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM Microsoft Edge (Chromium-based) Extended Stable Microsoft Visual Studio 2022 version 17.6 Microsoft Exchange Server 2019 Cumulative Update 13 Microsoft Visual Studio 2022 version 17.7 ASP.NET Core 7.0 Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Host Integration Server 2020 az webapp config appsettings set az webapp config appsettings delete az logicapp config appsettings set az logicapp config appsettings delete az functionapp config appsettings set az functionapp config appsettings delete az staticwebapp appsettings set az staticwebapp appsettings delete ASP.NET Core 8.0 Microsoft OLE DB Provider for DB2 V7 On-Prem Data Gateway .NET 8.0 Send Customer Voice survey from Dynamics 365 app PowerShell 7.4 Azure Linux 3.0 x64 Azure Linux 3.0 ARM cbl2 kernel 5.15.153.1-1 on CBL Mariner 2.0 cbl2 cloud-hypervisor-cvm 38.0.72.2-1 on CBL Mariner 2.0 azl3 cloud-hypervisor-cvm 38.0.72.2-1 on Azure Linux 3.0 azl3 kernel 6.6.29.1-4 on Azure Linux 3.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 cbl2 haproxy 2.4.24-1 on CBL Mariner 2.0 cbl2 libtiff 4.6.0-3 on CBL Mariner 2.0 cbl2 kernel 5.15.158.2-1 on CBL Mariner 2.0 cbl2 hvloader 1.0.1-9 on CBL Mariner 2.0 cbl2 golang 1.21.6-1 on CBL Mariner 2.0 cbl2 gnutls 3.7.11-1 on CBL Mariner 2.0 cbl2 opensc 0.23.0-4 on CBL Mariner 2.0 azl3 qemu 8.2.0-16 on Azure Linux 3.0 azl3 moby-containerd-cc 1.7.7-9 on Azure Linux 3.0 azl3 containerd 1.7.13-8 on Azure Linux 3.0 azl3 avahi 0.8-5 on Azure Linux 3.0 azl3 kernel 6.6.47.1-1 on Azure Linux 3.0 azl3 tensorflow 2.16.1-9 on Azure Linux 3.0 azl3 exiv2 0.28.3-1 on Azure Linux 3.0 azl3 kata-containers 3.2.0.azl1-1 on Azure Linux 3.0 azl3 ig 0.29.0-1 on Azure Linux 3.0 azl3 kube-vip-cloud-provider 0.0.10-1 on Azure Linux 3.0 azl3 docker-compose 2.27.0-1 on Azure Linux 3.0 azl3 docker-buildx 0.14.0-1 on Azure Linux 3.0 azl3 cri-tools 1.30.1-1 on Azure Linux 3.0 azl3 opensc 0.25.1-3 on Azure Linux 3.0 cbl2 hyperv-daemons 5.15.145.2-1 on CBL Mariner 2.0 azl3 edk2 20230301gitf80f052277c8-37 on Azure Linux 3.0 azl3 python-cryptography 3.3.2-5 on Azure Linux 3.0 cbl2 openssl 1.1.1k-28 on CBL Mariner 2.0 cbl2 edk2 20230301gitf80f052277c8-38 on CBL Mariner 2.0 azl3 openssl 1.1.1k-28 on Azure Linux 3.0 azl3 edk2 20230301gitf80f052277c8-38 on Azure Linux 3.0 cbl2 qemu 6.2.0-21 on CBL Mariner 2.0 azl3 kubernetes 1.29.1-2 on Azure Linux 3.0 cbl2 msft-golang 1.20.11-1 on CBL Mariner 2.0 azl3 python-cryptography 42.0.5-1 on Azure Linux 3.0 cbl2 busybox 1.35.0-11 on CBL Mariner 2.0 azl3 busybox 1.36.1-7 on Azure Linux 3.0 cbl2 busybox 1.35.0-12 on CBL Mariner 2.0 azl3 busybox 1.36.1-9 on Azure Linux 3.0 cbl2 kernel 5.15.143.1-1 on CBL Mariner 2.0 azl3 libtiff 4.6.0-6 on Azure Linux 3.0 cbl2 hyperv-daemons 5.15.143.1-1 on CBL Mariner 2.0 cbl2 fluent-bit 2.1.10-2 on CBL Mariner 2.0 cbl2 python-cryptography 3.3.2-6 on CBL Mariner 2.0 cbl2 packer 1.8.7-1 on CBL Mariner 2.0 azl3 libtiff 4.6.0-3 on Azure Linux 3.0 cbl2 vim 9.0.2121-1 on CBL Mariner 2.0 cbl2 giflib 5.2.1-7 on CBL Mariner 2.0 azl3 giflib 5.2.1-7 on Azure Linux 3.0 cbl2 vim 9.0.2112-1 on CBL Mariner 2.0 cbl2 kubernetes 1.28.4-1 on CBL Mariner 2.0 azl3 kubernetes 1.28.7-2 on Azure Linux 3.0 cbl2 kernel 5.15.138.1-4 on CBL Mariner 2.0 cbl2 opensc 0.23.0-2 on CBL Mariner 2.0 cbl2 moby-containerd-cc 1.7.2-3 on CBL Mariner 2.0 azl3 ig 0.30.0-1 on Azure Linux 3.0 azl3 moby-containerd-cc 1.7.7-3 on Azure Linux 3.0 azl3 containerd 1.7.13-3 on Azure Linux 3.0 cbl2 kernel 5.15.137.1-1 on CBL Mariner 2.0 cbl2 hyperv-daemons 5.15.137.1-1 on CBL Mariner 2.0 cbl2 avahi 0.8-3 on CBL Mariner 2.0 azl3 avahi 0.8-4 on Azure Linux 3.0 cbl2 kubernetes 1.28.4-5 on CBL Mariner 2.0 cbl2 frr 8.5.3-4 on CBL Mariner 2.0 azl3 frr 9.1-2 on Azure Linux 3.0 cbl2 libtiff 4.6.0-5 on CBL Mariner 2.0 azl3 libtiff 4.6.0-5 on Azure Linux 3.0 azl3 gcc 13.2.0-7 on Azure Linux 3.0 azl3 kata-containers 3.2.0.azl0-2 on Azure Linux 3.0 azl3 mozjs 102.15.1-1 on Azure Linux 3.0 azl3 giflib 5.2.1-10 on Azure Linux 3.0 azl3 kubernetes 1.28.3-2 on Azure Linux 3.0 azl3 kube-vip-cloud-provider 0.0.10-4 on Azure Linux 3.0 azl3 kubernetes 1.30.10-7 on Azure Linux 3.0 cbl2 moby-engine 24.0.9-16 on CBL Mariner 2.0 azl3 etcd 3.5.21-1 on Azure Linux 3.0 azl3 cert-manager 1.12.15-3 on Azure Linux 3.0 cbl2 busybox 1.35.0-13 on CBL Mariner 2.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0 azl3 rust 1.75.0-14 on Azure Linux 3.0 cbl2 hvloader 1.0.1-11 on CBL Mariner 2.0 azl3 golang 1.23.9-1 on Azure Linux 3.0 azl3 rust 1.86.0-1 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 azl3 golang 1.24.3-1 on Azure Linux 3.0 cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0 azl3 moby-engine 25.0.3-13 on Azure Linux 3.0 azl3 nodejs 20.10.0-2 on Azure Linux 3.0 cbl2 cri-o 1.22.3-14 on CBL Mariner 2.0 cbl2 golang 1.17.13-2 on CBL Mariner 2.0 azl3 cloud-hypervisor 37.0-2 on Azure Linux 3.0 cbl2 golang 1.18.8-7 on CBL Mariner 2.0 azl3 openssl 3.1.4-9 on Azure Linux 3.0 cbl2 moby-engine 24.0.9-16 on CBL Mariner 2.0 cbl2 cloud-hypervisor-cvm 38.0.72-1 on CBL Mariner 2.0 azl3 cloud-hypervisor-cvm 38.0.72-2 on Azure Linux 3.0 azl3 docker-buildx 0.12.1-1 on Azure Linux 3.0 azl3 docker-compose 2.24.6-2 on Azure Linux 3.0 azl3 opensc 0.23.0-1 on Azure Linux 3.0 azl3 busybox 1.36.1-12 on Azure Linux 3.0 azl3 prometheus-adapter 0.11.2-1 on Azure Linux 3.0 azl3 cloud-provider-kubevirt 0.5.1-1 on Azure Linux 3.0 cbl2 busybox 1.35.0-13 on CBL Mariner 2.0 azl3 frr 8.5.3-2 on Azure Linux 3.0 azl3 squid 6.13-1 on Azure Linux 3.0 azl3 kata-containers-cc 3.2.0.azl0-3 on Azure Linux 3.0 cbl2 kata-containers 3.2.0.azl0-2 on CBL Mariner 2.0 azl3 golang 1.24.11-1 on Azure Linux 3.0 Microsoft .NET Framework 3.5 on Windows Server 2012 Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5 on Windows Server 2012 R2 Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Use-after-free in setup_async_work() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-1193 Use After Free 18220-16823 17828-16823 18220-16823 17828-16823 Moderate 18220-16823 Moderate 17828-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18220-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17828-16823 CBL-Mariner Releases 18220-16823 No Security Update 5.15.143.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18220-16823 CBL-Mariner Releases CBL-Mariner Releases 17828-16823 No Security Update 5.15.145.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17828-16823 CBL-Mariner Releases 1.0 2023-11-08T00:00:00 <p>Information published.</p> 1.1 2023-11-10T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> Opensc: potential pin bypass when card tracks its own login state <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-40660 Improper Authentication 17437-16823 17819-17084 19857-17084 17437-16823 17819-17084 19857-17084 Moderate 17437-16823 Moderate 17819-17084 Moderate 19857-17084 6.6 6.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17437-16823 6.6 6.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17819-17084 6.6 6.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19857-17084 CBL-Mariner Releases 17437-16823 No Security Update 0.23.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17437-16823 CBL-Mariner Releases CBL-Mariner Releases 17819-17084 19857-17084 No Security Update 0.25.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17819-17084 19857-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2025-03-04T00:00:00 <p>Added opensc to CBL-Mariner 2.0 Added opensc to Azure Linux 3.0</p> 1.2 2026-02-18T01:19:19 <p>Information published.</p> A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-42365 Use After Free 20038-17086 19943-17084 19516-17086 18180-16823 18181-17084 20038-17086 19943-17084 19516-17086 18180-16823 18181-17084 20038-17086 Moderate 19943-17084 Moderate 19516-17086 Moderate 18180-16823 Moderate 18181-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20038-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19943-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19516-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18180-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18181-17084 CBL-Mariner Releases 20038-17086 19516-17086 18180-16823 No Security Update 1.35.0-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20038-17086 19516-17086 18180-16823 CBL-Mariner Releases CBL-Mariner Releases 19943-17084 18181-17084 No Security Update 1.36.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19943-17084 18181-17084 CBL-Mariner Releases 1.0 2024-08-18T00:00:00 <p>Information published.</p> 1.1 2024-08-25T00:00:00 <p>Information published.</p> 1.2 2024-08-26T00:00:00 <p>Information published.</p> 1.3 2024-08-27T00:00:00 <p>Information published.</p> 1.4 2024-08-28T00:00:00 <p>Information published.</p> 1.5 2024-08-29T00:00:00 <p>Information published.</p> 1.6 2024-08-30T00:00:00 <p>Information published.</p> 1.7 2024-08-31T00:00:00 <p>Information published.</p> 1.8 2024-09-01T00:00:00 <p>Information published.</p> 1.9 2024-09-02T00:00:00 <p>Information published.</p> 2.0 2024-09-03T00:00:00 <p>Information published.</p> 2.1 2024-09-05T00:00:00 <p>Information published.</p> 2.2 2024-09-06T00:00:00 <p>Information published.</p> 2.3 2024-09-07T00:00:00 <p>Information published.</p> 2.4 2024-09-08T00:00:00 <p>Information published.</p> 2.5 2024-09-11T00:00:00 <p>Information published.</p> 3.0 2026-02-18T03:07:36 <p>Information published.</p> Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-4535 Out-of-bounds Read 18254-16823 17819-17084 19857-17084 18254-16823 17819-17084 19857-17084 Low 18254-16823 Low 17819-17084 Low 19857-17084 3.8 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 18254-16823 3.8 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 17819-17084 4.5 4.5 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L 19857-17084 CBL-Mariner Releases 18254-16823 No Security Update 0.23.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18254-16823 CBL-Mariner Releases CBL-Mariner Releases 17819-17084 19857-17084 No Security Update 0.25.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17819-17084 19857-17084 CBL-Mariner Releases 1.2 2026-02-18T01:20:39 <p>Information published.</p> 1.0 2023-11-16T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-47233 Use After Free 17310-16823 17310-16823 Moderate 17310-16823 4.3 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17310-16823 CBL-Mariner Releases 17310-16823 No Security Update 5.15.158.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17310-16823 CBL-Mariner Releases 1.0 2023-11-16T00:00:00 <p>Information published.</p> Use-After-Free in win_close() in vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-48231 Use After Free 18250-16823 18250-16823 Moderate 18250-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 18250-16823 CBL-Mariner Releases 18250-16823 No Security Update 9.0.2112-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18250-16823 CBL-Mariner Releases 1.0 2023-11-25T00:00:00 <p>Information published.</p> overflow in ex address parsing in vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-48235 Integer Overflow or Wraparound 18250-16823 18250-16823 Moderate 18250-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 18250-16823 CBL-Mariner Releases 18250-16823 No Security Update 9.0.2112-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18250-16823 CBL-Mariner Releases 1.0 2023-11-25T00:00:00 <p>Information published.</p> overflow in shift_line in vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-48237 Integer Overflow or Wraparound 18250-16823 18250-16823 Moderate 18250-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 18250-16823 CBL-Mariner Releases 18250-16823 No Security Update 9.0.2112-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18250-16823 CBL-Mariner Releases 1.0 2023-11-21T00:00:00 <p>Information published.</p> Kernel: use after free in nvmet_tcp_free_crypto in nvme <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-5178 Use After Free 18253-16823 18260-16823 18253-16823 18260-16823 Important 18253-16823 Important 18260-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18253-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18260-16823 CBL-Mariner Releases 18253-16823 No Security Update 5.15.138.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18253-16823 CBL-Mariner Releases CBL-Mariner Releases 18260-16823 No Security Update 5.15.137.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18260-16823 CBL-Mariner Releases 1.0 2023-11-06T00:00:00 <p>Information published.</p> 1.1 2023-11-10T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> Kernel: the nfta_inner_num and nfta_expr_name netlink attributes accessed without checking its presence in nft_inner.c <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-5972 NULL Pointer Dereference 18236-16823 18236-16823 Important 18236-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18236-16823 CBL-Mariner Releases 18236-16823 No Security Update 5.15.143.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18236-16823 CBL-Mariner Releases 1.0 2023-12-05T00:00:00 <p>Information published.</p> Gnutls: timing side-channel in the rsa-psk authentication <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-5981 Observable Discrepancy 17380-16823 17380-16823 Moderate 17380-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17380-16823 CBL-Mariner Releases 17380-16823 No Security Update 3.7.11-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17380-16823 CBL-Mariner Releases 1.0 2024-11-01T00:00:00 <p>Information published.</p> Use-after-free in Linux kernel's netfilter: nf_tables component <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-6111 Use After Free 18236-16823 17062-17084 17651-17084 18236-16823 17062-17084 17651-17084 Important 18236-16823 Important 17062-17084 Important 17651-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18236-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17062-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17651-17084 CBL-Mariner Releases 18236-16823 No Security Update 5.15.143.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18236-16823 CBL-Mariner Releases CBL-Mariner Releases 17062-17084 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17062-17084 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 No Security Update 6.6.29.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 CBL-Mariner Releases 1.0 2023-12-12T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2026-02-19T01:10:53 <p>Information published.</p> Libtiff: out-of-memory in tiffopen via a craft file <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-6277 Uncontrolled Resource Consumption 18229-17084 17258-16823 18246-17084 18229-17084 17258-16823 18246-17084 Moderate 18229-17084 Moderate 17258-16823 Moderate 18246-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18229-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17258-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18246-17084 CBL-Mariner Releases 18229-17084 17258-16823 18246-17084 No Security Update 4.6.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18229-17084 17258-16823 18246-17084 CBL-Mariner Releases 3.2 2024-12-03T00:00:00 <p>Added libtiff to CBL-Mariner 2.0 Added libtiff to Azure Linux 3.0</p> 1.0 2024-08-18T00:00:00 <p>Information published.</p> 1.1 2024-08-19T00:00:00 <p>Information published.</p> 1.2 2024-08-20T00:00:00 <p>Information published.</p> 1.3 2024-08-21T00:00:00 <p>Information published.</p> 1.4 2024-08-22T00:00:00 <p>Information published.</p> 1.5 2024-08-23T00:00:00 <p>Information published.</p> 1.6 2024-08-24T00:00:00 <p>Information published.</p> 1.7 2024-08-25T00:00:00 <p>Information published.</p> 1.8 2024-08-26T00:00:00 <p>Information published.</p> 1.9 2024-08-27T00:00:00 <p>Information published.</p> 2.0 2024-08-28T00:00:00 <p>Information published.</p> 2.1 2024-08-29T00:00:00 <p>Information published.</p> 2.2 2024-08-30T00:00:00 <p>Information published.</p> 2.3 2024-08-31T00:00:00 <p>Information published.</p> 2.4 2024-09-01T00:00:00 <p>Information published.</p> 2.5 2024-09-02T00:00:00 <p>Information published.</p> 2.6 2024-09-03T00:00:00 <p>Information published.</p> 2.7 2024-09-05T00:00:00 <p>Information published.</p> 2.8 2024-09-06T00:00:00 <p>Information published.</p> 2.9 2024-09-07T00:00:00 <p>Information published.</p> 3.0 2024-09-08T00:00:00 <p>Information published.</p> 3.1 2024-09-11T00:00:00 <p>Information published.</p> 3.3 2026-02-19T01:20:09 <p>Information published.</p> Incorrect detection of reserved device names on Windows in path/filepath <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2023-45284 19778-17086 19712-17086 17667-17084 19697-17084 17375-16823 18315-17084 19785-17086 19668-17086 19693-17084 20750-17084 19778-17086 19712-17086 17667-17084 19697-17084 17375-16823 18315-17084 19785-17086 19668-17086 19693-17084 20750-17084 Moderate 19778-17086 Moderate 19712-17086 Moderate 17667-17084 Moderate 19697-17084 Moderate 17375-16823 Moderate 18315-17084 Moderate 19785-17086 Moderate 19668-17086 Moderate 19693-17084 Moderate 20750-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 19778-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 19712-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 17667-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 19697-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 17375-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 18315-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 19785-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 19668-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 19693-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 20750-17084 CBL-Mariner Releases 19778-17086 19785-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19778-17086 19785-17086 CBL-Mariner Releases CBL-Mariner Releases 17375-16823 No Security Update 1.21.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17375-16823 CBL-Mariner Releases 2.0 2025-12-12T01:03:18 <p>Information published.</p> 2.1 2026-02-18T02:47:02 <p>Information published.</p> 1.0 2025-09-04T00:55:21 <p>Information published.</p> Reachable assertion in avahi_dns_packet_append_record <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-38469 Reachable Assertion 17556-17084 18261-16823 18262-17084 17556-17084 18261-16823 18262-17084 Moderate 17556-17084 Moderate 18261-16823 Moderate 18262-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17556-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18261-16823 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18262-17084 CBL-Mariner Releases 17556-17084 18262-17084 No Security Update 0.8-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17556-17084 18262-17084 CBL-Mariner Releases CBL-Mariner Releases 18261-16823 No Security Update 0.8-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18261-16823 CBL-Mariner Releases 1.0 2024-12-13T00:00:00 <p>Information published.</p> 2.0 2024-12-27T00:00:00 <p>Information published.</p> 2.1 2026-02-18T14:59:32 <p>Information published.</p> Reachable assertion in avahi_escape_label <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-38470 Reachable Assertion 18261-16823 18262-17084 17556-17084 18261-16823 18262-17084 17556-17084 Moderate 18261-16823 Moderate 18262-17084 Moderate 17556-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18261-16823 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18262-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17556-17084 CBL-Mariner Releases 18261-16823 No Security Update 0.8-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18261-16823 CBL-Mariner Releases CBL-Mariner Releases 18262-17084 17556-17084 No Security Update 0.8-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18262-17084 17556-17084 CBL-Mariner Releases 2.1 2026-02-18T14:59:56 <p>Information published.</p> 1.0 2024-12-13T00:00:00 <p>Information published.</p> 2.0 2024-12-27T00:00:00 <p>Information published.</p> Reachable assertion in avahi_alternative_host_name <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-38473 Reachable Assertion 18261-16823 18262-17084 17556-17084 18261-16823 18262-17084 17556-17084 Moderate 18261-16823 Moderate 18262-17084 Moderate 17556-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18261-16823 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18262-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17556-17084 CBL-Mariner Releases 18261-16823 No Security Update 0.8-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18261-16823 CBL-Mariner Releases CBL-Mariner Releases 18262-17084 17556-17084 No Security Update 0.8-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18262-17084 17556-17084 CBL-Mariner Releases 2.0 2024-12-27T00:00:00 <p>Information published.</p> 2.1 2026-02-18T15:01:08 <p>Information published.</p> 1.0 2024-12-13T00:00:00 <p>Information published.</p> Out-of-bounds write in exiv2 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-44398 Out-of-bounds Write 17692-17084 17692-17084 Important 17692-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17692-17084 CBL-Mariner Releases 17692-17084 No Security Update 0.28.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17692-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> Squid: dos against http and https <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-5824 Improper Handling of Exceptional Conditions 20164-17084 20164-17084 Important 20164-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20164-17084 CBL-Mariner Releases 20164-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20164-17084 CBL-Mariner Releases 1.1 2026-02-21T03:37:13 <p>Information published.</p> 1.0 2025-09-03T22:25:30 <p>Information published.</p> Squid: denial of service in http digest authentication <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-46847 Buffer Copy without Checking Size of Input (&#39;Classic Buffer Overflow&#39;) 20164-17084 20164-17084 Important 20164-17084 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 20164-17084 CBL-Mariner Releases 20164-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20164-17084 CBL-Mariner Releases 1.0 2025-09-03T22:27:21 <p>Information published.</p> 1.1 2026-02-21T03:39:10 <p>Information published.</p> An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-45857 Cross-Site Request Forgery (CSRF) 19693-17084 19693-17084 Moderate 19693-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 19693-17084 1.0 2025-09-03T22:38:03 <p>Information published.</p> 1.1 2026-02-18T03:09:19 <p>Information published.</p> Use-after-free in smb2_is_status_io_timeout() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-1192 Use After Free 18259-16823 18259-16823 Moderate 18259-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18259-16823 CBL-Mariner Releases 18259-16823 No Security Update 5.15.137.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18259-16823 CBL-Mariner Releases 1.0 2023-11-10T00:00:00 <p>Information published.</p> Use-after-free in parse_lease_state() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-1194 Out-of-bounds Read 18220-16823 18220-16823 Important 18220-16823 8.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 18220-16823 CBL-Mariner Releases 18220-16823 No Security Update 5.15.143.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18220-16823 CBL-Mariner Releases 1.0 2023-11-14T00:00:00 <p>Information published.</p> Kernel: qxl: race condition leading to use-after-free in qxl_mode_dumb_create() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-39198 Use After Free 18253-16823 18253-16823 Moderate 18253-16823 6.4 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 18253-16823 CBL-Mariner Releases 18253-16823 No Security Update 5.15.138.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18253-16823 CBL-Mariner Releases 1.0 2023-11-17T00:00:00 <p>Information published.</p> Opensc: multiple memory issues with pkcs15-init (enrollment tool) <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-40661 Improper Restriction of Operations within the Bounds of a Memory Buffer 19857-17084 17819-17084 19857-17084 17819-17084 Moderate 19857-17084 Moderate 17819-17084 6.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 19857-17084 6.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 17819-17084 CBL-Mariner Releases 19857-17084 17819-17084 No Security Update 0.25.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19857-17084 17819-17084 CBL-Mariner Releases 2.1 2026-02-18T01:20:00 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> 2.0 2025-07-11T00:00:00 <p>Added opensc to CBL-Mariner 2.0 Added opensc to Azure Linux 3.0</p> A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-42363 Use After Free 20038-17086 19943-17084 19516-17086 18180-16823 18181-17084 20038-17086 19943-17084 19516-17086 18180-16823 18181-17084 20038-17086 Moderate 19943-17084 Moderate 19516-17086 Moderate 18180-16823 Moderate 18181-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20038-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19943-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19516-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18180-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18181-17084 CBL-Mariner Releases 20038-17086 19516-17086 18180-16823 No Security Update 1.35.0-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20038-17086 19516-17086 18180-16823 CBL-Mariner Releases CBL-Mariner Releases 19943-17084 18181-17084 No Security Update 1.36.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19943-17084 18181-17084 CBL-Mariner Releases 3.0 2026-02-18T02:45:44 <p>Information published.</p> 1.0 2024-08-18T00:00:00 <p>Information published.</p> 1.1 2024-08-25T00:00:00 <p>Information published.</p> 1.2 2024-08-26T00:00:00 <p>Information published.</p> 1.3 2024-08-27T00:00:00 <p>Information published.</p> 1.4 2024-08-28T00:00:00 <p>Information published.</p> 1.5 2024-08-29T00:00:00 <p>Information published.</p> 1.6 2024-08-30T00:00:00 <p>Information published.</p> 1.7 2024-08-31T00:00:00 <p>Information published.</p> 1.8 2024-09-01T00:00:00 <p>Information published.</p> 1.9 2024-09-02T00:00:00 <p>Information published.</p> 2.0 2024-09-03T00:00:00 <p>Information published.</p> 2.1 2024-09-05T00:00:00 <p>Information published.</p> 2.2 2024-09-06T00:00:00 <p>Information published.</p> 2.3 2024-09-07T00:00:00 <p>Information published.</p> 2.4 2024-09-08T00:00:00 <p>Information published.</p> 2.5 2024-09-11T00:00:00 <p>Information published.</p> A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner MITRE Yes CVE-2023-42366 19943-17084 19516-17086 18182-16823 18183-17084 20038-17086 19943-17084 19516-17086 18182-16823 18183-17084 20038-17086 Moderate 19943-17084 Moderate 19516-17086 Moderate 18182-16823 Moderate 18183-17084 20038-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19943-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19516-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18182-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18183-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20038-17086 CBL-Mariner Releases 19943-17084 18183-17084 No Security Update 1.36.1-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19943-17084 18183-17084 CBL-Mariner Releases CBL-Mariner Releases 19516-17086 18182-16823 20038-17086 No Security Update 1.35.0-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19516-17086 18182-16823 20038-17086 CBL-Mariner Releases 2.0 2026-02-18T03:06:28 <p>Information published.</p> 1.0 2024-11-20T00:00:00 <p>Information published.</p> 1.1 2024-12-07T00:00:00 <p>Added busybox to Azure Linux 3.0 Added busybox to CBL-Mariner 2.0</p> HTTP request body disclosure in github.com/go-resty/resty/v2 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2023-45286 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 18245-16823 18245-16823 Moderate 18245-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 18245-16823 CBL-Mariner Releases 18245-16823 No Security Update 1.8.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18245-16823 CBL-Mariner Releases 1.0 2023-12-04T00:00:00 <p>Information published.</p> DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-47108 Allocation of Resources Without Limits or Throttling 19432-17084 19431-17084 19332-17084 19966-17084 19808-17084 19729-17084 17726-17084 19422-17086 18255-16823 18256-17084 17799-17084 17801-17084 18257-17084 17795-17084 18258-17084 17468-17084 17802-17084 19340-17084 17461-17084 19815-17084 19798-17086 20001-17084 19432-17084 19431-17084 19332-17084 19966-17084 19808-17084 19729-17084 17726-17084 19422-17086 18255-16823 18256-17084 17799-17084 17801-17084 18257-17084 17795-17084 18258-17084 17468-17084 17802-17084 19340-17084 17461-17084 19815-17084 19798-17086 20001-17084 Important 19432-17084 Important 19431-17084 Important 19332-17084 Important 19966-17084 Important 19808-17084 Important 19729-17084 Important 17726-17084 Important 19422-17086 Important 18255-16823 Important 18256-17084 Important 17799-17084 Important 17801-17084 Important 18257-17084 Important 17795-17084 Important 18258-17084 Important 17468-17084 Important 17802-17084 Important 19340-17084 Important 17461-17084 Important 19815-17084 19798-17086 Important 20001-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19432-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19431-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19332-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19966-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19808-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19729-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17726-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19422-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18255-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18256-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17799-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17801-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18257-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17795-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18258-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17468-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17802-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19340-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17461-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19815-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19798-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20001-17084 CBL-Mariner Releases 19332-17084 17795-17084 No Security Update 0.0.10-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19332-17084 17795-17084 CBL-Mariner Releases CBL-Mariner Releases 19966-17084 No Security Update 0.12.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19966-17084 CBL-Mariner Releases CBL-Mariner Releases 19808-17084 17801-17084 No Security Update 0.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19808-17084 17801-17084 CBL-Mariner Releases CBL-Mariner Releases 17726-17084 18256-17084 No Security Update 0.30.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17726-17084 18256-17084 CBL-Mariner Releases CBL-Mariner Releases 18255-16823 No Security Update 1.7.2-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18255-16823 CBL-Mariner Releases CBL-Mariner Releases 17799-17084 19815-17084 No Security Update 2.27.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17799-17084 19815-17084 CBL-Mariner Releases CBL-Mariner Releases 18257-17084 17461-17084 No Security Update 1.7.7-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18257-17084 17461-17084 CBL-Mariner Releases CBL-Mariner Releases 18258-17084 17468-17084 No Security Update 1.7.13-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18258-17084 17468-17084 CBL-Mariner Releases CBL-Mariner Releases 17802-17084 No Security Update 1.32.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17802-17084 CBL-Mariner Releases CBL-Mariner Releases 19340-17084 No Security Update 1.30.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19340-17084 CBL-Mariner Releases 3.0 2026-02-18T15:09:42 <p>Information published.</p> 1.0 2023-11-14T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-08-29T00:00:00 <p>Information published.</p> 1.3 2024-08-30T00:00:00 <p>Information published.</p> 1.4 2024-08-31T00:00:00 <p>Information published.</p> 1.5 2024-09-01T00:00:00 <p>Information published.</p> 1.6 2024-09-02T00:00:00 <p>Information published.</p> 1.7 2024-09-03T00:00:00 <p>Information published.</p> 1.8 2024-09-05T00:00:00 <p>Information published.</p> 1.9 2024-09-06T00:00:00 <p>Information published.</p> 2.0 2024-09-07T00:00:00 <p>Information published.</p> 2.1 2024-09-08T00:00:00 <p>Information published.</p> 2.2 2024-09-11T00:00:00 <p>Information published.</p> 2.3 2025-02-11T00:00:00 <p>Added cri-tools to Azure Linux 3.0 Added containerd to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added moby-containerd-cc to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added moby-containerd-cc to CBL-Mariner 2.0</p> An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-47234 18266-16823 18267-17084 20139-17084 18266-16823 18267-17084 20139-17084 Important 18266-16823 Important 18267-17084 Important 20139-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18266-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18267-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20139-17084 CBL-Mariner Releases 18266-16823 No Security Update 8.5.3-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18266-16823 CBL-Mariner Releases CBL-Mariner Releases 18267-17084 20139-17084 No Security Update 9.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18267-17084 20139-17084 CBL-Mariner Releases 1.2 2026-02-18T02:12:27 <p>Information published.</p> 1.0 2023-11-07T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed because the presence of EOR does not lead to a treat-as-withdraw outcome. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-47235 18266-16823 18267-17084 20139-17084 18266-16823 18267-17084 20139-17084 Important 18266-16823 Important 18267-17084 Important 20139-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18266-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18267-17084 6.8 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H 20139-17084 CBL-Mariner Releases 18266-16823 No Security Update 8.5.3-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18266-16823 CBL-Mariner Releases CBL-Mariner Releases 18267-17084 20139-17084 No Security Update 9.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18267-17084 20139-17084 CBL-Mariner Releases 1.2 2026-02-18T02:13:27 <p>Information published.</p> 1.0 2023-11-07T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-48105 Out-of-bounds Write 18243-16823 18243-16823 Important 18243-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18243-16823 CBL-Mariner Releases 18243-16823 No Security Update 2.1.10-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18243-16823 CBL-Mariner Releases 1.0 2023-12-05T00:00:00 <p>Information published.</p> Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-48161 Out-of-bounds Write 17667-17084 19085-17084 18248-16823 18249-17084 19668-17086 17667-17084 19085-17084 18248-16823 18249-17084 19668-17086 Important 17667-17084 Important 19085-17084 Important 18248-16823 Important 18249-17084 Important 19668-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17667-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19085-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 18248-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 18249-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19668-17086 CBL-Mariner Releases 19085-17084 18248-16823 18249-17084 No Security Update 5.2.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19085-17084 18248-16823 18249-17084 CBL-Mariner Releases 1.1 2024-11-09T00:00:00 <p>Added giflib to Azure Linux 3.0 Added giflib to CBL-Mariner 2.0</p> 2.0 2026-02-18T03:09:24 <p>Information published.</p> 1.0 2024-10-16T00:00:00 <p>Information published.</p> Floating point Exception in adjust_plines_for_skipcol() in vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-48232 Improper Handling of Exceptional Conditions 18250-16823 18250-16823 Moderate 18250-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 18250-16823 CBL-Mariner Releases 18250-16823 No Security Update 9.0.2112-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18250-16823 CBL-Mariner Releases 1.0 2023-11-20T00:00:00 <p>Information published.</p> overflow with count for :s command in vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-48233 Integer Overflow or Wraparound 18250-16823 18250-16823 Moderate 18250-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 18250-16823 CBL-Mariner Releases 18250-16823 No Security Update 9.0.2112-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18250-16823 CBL-Mariner Releases 1.0 2023-11-20T00:00:00 <p>Information published.</p> overflow in nv_z_get_count in vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-48234 Integer Overflow or Wraparound 18250-16823 18250-16823 Moderate 18250-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 18250-16823 CBL-Mariner Releases 18250-16823 No Security Update 9.0.2112-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18250-16823 CBL-Mariner Releases 1.0 2023-11-25T00:00:00 <p>Information published.</p> overflow in get_number in vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-48236 Integer Overflow or Wraparound 18250-16823 18250-16823 Moderate 18250-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 18250-16823 CBL-Mariner Releases 18250-16823 No Security Update 9.0.2112-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18250-16823 CBL-Mariner Releases 1.0 2023-11-21T00:00:00 <p>Information published.</p> Vim has heap-use-after-free at /src/charset.c:1770:12 in skipwhite <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-48706 Use After Free 18247-16823 18247-16823 Moderate 18247-16823 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H 18247-16823 CBL-Mariner Releases 18247-16823 No Security Update 9.0.2121-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18247-16823 CBL-Mariner Releases 1.0 2023-12-03T00:00:00 <p>Information published.</p> cryptography vulnerable to NULL-dereference when loading PKCS7 certificates <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-49083 NULL Pointer Dereference 17984-17084 18244-16823 18171-17084 17984-17084 18244-16823 18171-17084 Important 17984-17084 Important 18244-16823 Important 18171-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17984-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18244-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18171-17084 CBL-Mariner Releases 17984-17084 18171-17084 No Security Update 42.0.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17984-17084 18171-17084 CBL-Mariner Releases CBL-Mariner Releases 18244-16823 No Security Update 3.3.2-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18244-16823 CBL-Mariner Releases 1.0 2023-12-04T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2026-02-18T01:30:17 <p>Information published.</p> Kernel: kvm: svm: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-5090 Improper Handling of Exceptional Conditions 16838-16823 16838-16823 Moderate 16838-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16838-16823 CBL-Mariner Releases 16838-16823 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16838-16823 CBL-Mariner Releases 1.0 2023-11-16T00:00:00 <p>Information published.</p> Openshift: modification of node role labels <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-5408 Improper Privilege Management 18265-16823 18126-17084 18252-17084 18265-16823 18126-17084 18252-17084 Important 18265-16823 Important 18126-17084 Important 18252-17084 7.2 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 18265-16823 7.2 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 18126-17084 7.2 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 18252-17084 CBL-Mariner Releases 18265-16823 No Security Update 1.28.4-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18265-16823 CBL-Mariner Releases CBL-Mariner Releases 18126-17084 18252-17084 No Security Update 1.29.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18126-17084 18252-17084 CBL-Mariner Releases 1.0 2023-11-07T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2026-02-19T01:13:10 <p>Information published.</p> Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner kubernetes Yes CVE-2023-5528 Improper Input Validation 19103-17084 18251-16823 18252-17084 19777-17086 19103-17084 18251-16823 18252-17084 19777-17086 Important 19103-17084 Important 18251-16823 Important 18252-17084 Important 19777-17086 7.2 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 19103-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18251-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18252-17084 7.2 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 19777-17086 CBL-Mariner Releases 19103-17084 18252-17084 No Security Update 1.28.7-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19103-17084 18252-17084 CBL-Mariner Releases CBL-Mariner Releases 18251-16823 No Security Update 1.28.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18251-16823 CBL-Mariner Releases CBL-Mariner Releases 19777-17086 No Security Update 1.22.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19777-17086 CBL-Mariner Releases 1.2 2026-02-19T01:12:58 <p>Information published.</p> 1.0 2023-11-20T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> Excessive time spent in DH check / generation with large Q parameter value <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openssl Yes CVE-2023-5678 Improper Check for Unusual or Exceptional Conditions 17859-17084 20273-17084 19740-17084 19671-17084 19712-17086 18370-17084 19801-17086 16977-16823 17374-16823 18093-16823 18113-16823 16982-17084 17716-17084 18114-17084 18115-17084 19783-17084 20276-17086 19678-17086 19693-17084 19807-17084 19662-17086 17459-17084 19686-17084 19786-17084 17093-17086 17859-17084 20273-17084 19740-17084 19671-17084 19712-17086 18370-17084 19801-17086 16977-16823 17374-16823 18093-16823 18113-16823 16982-17084 17716-17084 18114-17084 18115-17084 19783-17084 20276-17086 19678-17086 19693-17084 19807-17084 19662-17086 17459-17084 19686-17084 19786-17084 17093-17086 Moderate 17859-17084 Moderate 20273-17084 Moderate 19740-17084 Moderate 19671-17084 Moderate 19712-17086 Moderate 18370-17084 Moderate 19801-17086 Moderate 16977-16823 Moderate 17374-16823 Moderate 18093-16823 Moderate 18113-16823 Moderate 16982-17084 Moderate 17716-17084 Moderate 18114-17084 Moderate 18115-17084 Moderate 19783-17084 Moderate 20276-17086 Moderate 19678-17086 Moderate 19693-17084 Moderate 19807-17084 19662-17086 Moderate 17459-17084 Moderate 19686-17084 Moderate 19786-17084 Moderate 17093-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17859-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20273-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19740-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19671-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19712-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 18370-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19801-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 16977-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17374-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 18093-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 18113-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 16982-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17716-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 18114-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 18115-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19783-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20276-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19678-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19693-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19807-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19662-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17459-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19686-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19786-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17093-17086 CBL-Mariner Releases 17859-17084 No Security Update 20240223gitedc6681206c1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17859-17084 CBL-Mariner Releases CBL-Mariner Releases 20273-17084 18370-17084 17716-17084 20276-17086 No Security Update 3.2.0.azl1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20273-17084 18370-17084 17716-17084 20276-17086 CBL-Mariner Releases CBL-Mariner Releases 19740-17084 No Security Update 20.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19740-17084 CBL-Mariner Releases CBL-Mariner Releases 19801-17086 19807-17084 No Security Update 38.0.72.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19801-17086 19807-17084 CBL-Mariner Releases CBL-Mariner Releases 16977-16823 16982-17084 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16977-16823 16982-17084 CBL-Mariner Releases CBL-Mariner Releases 17374-16823 No Security Update 1.0.1-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17374-16823 CBL-Mariner Releases CBL-Mariner Releases 18093-16823 18114-17084 No Security Update 1.1.1k-28 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18093-16823 18114-17084 CBL-Mariner Releases CBL-Mariner Releases 18113-16823 18115-17084 No Security Update 20230301gitf80f052277c8-38 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18113-16823 18115-17084 CBL-Mariner Releases CBL-Mariner Releases 19678-17086 No Security Update 1.0.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19678-17086 CBL-Mariner Releases CBL-Mariner Releases 19786-17084 No Security Update 3.3.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19786-17084 CBL-Mariner Releases 3.0 2026-02-18T15:11:35 <p>Information published.</p> 1.0 2023-11-13T00:00:00 <p>Information published.</p> 1.1 2024-03-07T00:00:00 <p>Added kata-containers to CBL-Mariner 2.0</p> 1.2 2024-04-06T00:00:00 <p>Added hvloader to CBL-Mariner 2.0</p> 1.3 2024-06-30T07:00:00 <p>Information published.</p> 1.4 2024-07-13T00:00:00 <p>Information published.</p> 1.5 2024-08-29T00:00:00 <p>Information published.</p> 1.6 2024-08-30T00:00:00 <p>Information published.</p> 1.7 2024-08-31T00:00:00 <p>Information published.</p> 1.8 2024-09-01T00:00:00 <p>Information published.</p> 1.9 2024-09-02T00:00:00 <p>Information published.</p> 2.0 2024-09-03T00:00:00 <p>Information published.</p> 2.1 2024-09-05T00:00:00 <p>Information published.</p> 2.2 2024-09-06T00:00:00 <p>Information published.</p> 2.3 2024-09-07T00:00:00 <p>Information published.</p> 2.4 2024-09-08T00:00:00 <p>Information published.</p> 2.5 2024-09-11T00:00:00 <p>Information published.</p> Kernel: nvme: info leak due to out-of-bounds read in nvmet_ctrl_find_get <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-6121 Out-of-bounds Read 17828-16823 17828-16823 Moderate 17828-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 17828-16823 CBL-Mariner Releases 17828-16823 No Security Update 5.15.145.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17828-16823 CBL-Mariner Releases 1.1 2024-12-18T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0</p> 1.0 2024-07-12T00:00:00 <p>Information published.</p> 1.2 2025-03-12T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0</p> Insecure parsing of Windows paths with a \??\ prefix in path/filepath <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2023-45283 Improper Limitation of a Pathname to a Restricted Directory (&#39;Path Traversal&#39;) 18315-17084 19679-17084 19785-17086 19712-17086 19693-17084 17667-17084 19697-17084 17375-16823 18136-16823 19778-17086 19668-17086 18315-17084 19679-17084 19785-17086 19712-17086 19693-17084 17667-17084 19697-17084 17375-16823 18136-16823 19778-17086 19668-17086 Important 18315-17084 Important 19679-17084 Important 19785-17086 Important 19712-17086 Important 19693-17084 Important 17667-17084 Important 19697-17084 Important 17375-16823 Important 18136-16823 Important 19778-17086 Important 19668-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 18315-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19679-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19785-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19712-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17667-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19697-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17375-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 18136-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19778-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19668-17086 CBL-Mariner Releases 19679-17084 19785-17086 19778-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19679-17084 19785-17086 19778-17086 CBL-Mariner Releases CBL-Mariner Releases 17375-16823 No Security Update 1.21.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17375-16823 CBL-Mariner Releases CBL-Mariner Releases 18136-16823 No Security Update 1.20.11-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18136-16823 CBL-Mariner Releases 1.0 2025-09-04T03:15:18 <p>Information published.</p> 1.1 2026-02-18T03:03:43 <p>Information published.</p> A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-42364 Use After Free 20038-17086 19943-17084 19516-17086 18180-16823 18181-17084 20038-17086 19943-17084 19516-17086 18180-16823 18181-17084 20038-17086 Moderate 19943-17084 Moderate 19516-17086 Moderate 18180-16823 Moderate 18181-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20038-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19943-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19516-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18180-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18181-17084 CBL-Mariner Releases 20038-17086 19943-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20038-17086 19943-17084 CBL-Mariner Releases CBL-Mariner Releases 18180-16823 No Security Update 1.35.0-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18180-16823 CBL-Mariner Releases CBL-Mariner Releases 18181-17084 No Security Update 1.36.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18181-17084 CBL-Mariner Releases 1.0 2025-09-03T23:14:03 <p>Information published.</p> 2.0 2026-02-18T03:07:00 <p>Information published.</p> HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-45539 17219-16823 17219-16823 Important 17219-16823 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 17219-16823 CBL-Mariner Releases 17219-16823 No Security Update 2.4.24-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17219-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:33 <p>Information published.</p> Heap-buffer-overflow in extractimagesection() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3164 Buffer Copy without Checking Size of Input (&#39;Classic Buffer Overflow&#39;) 18229-17084 18269-16823 18270-17084 18229-17084 18269-16823 18270-17084 Moderate 18229-17084 Moderate 18269-16823 Moderate 18270-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18229-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18269-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18270-17084 CBL-Mariner Releases 18229-17084 18269-16823 18270-17084 No Security Update 4.6.0-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18229-17084 18269-16823 18270-17084 CBL-Mariner Releases 1.0 2025-01-23T00:00:00 <p>Information published.</p> 2.0 2025-02-21T00:00:00 <p>Information published.</p> 2.1 2026-02-19T01:19:38 <p>Information published.</p> Reachable assertion in dbus_set_host_name <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-38471 Reachable Assertion 18261-16823 18262-17084 17556-17084 18261-16823 18262-17084 17556-17084 Moderate 18261-16823 Moderate 18262-17084 Moderate 17556-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18261-16823 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18262-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17556-17084 CBL-Mariner Releases 18261-16823 No Security Update 0.8-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18261-16823 CBL-Mariner Releases CBL-Mariner Releases 18262-17084 17556-17084 No Security Update 0.8-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18262-17084 17556-17084 CBL-Mariner Releases 2.1 2026-02-18T15:00:22 <p>Information published.</p> 1.0 2024-12-13T00:00:00 <p>Information published.</p> 2.0 2024-12-27T00:00:00 <p>Information published.</p> Reachable assertion in avahi_rdata_parse <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-38472 Reachable Assertion 18261-16823 18262-17084 17556-17084 18261-16823 18262-17084 17556-17084 Moderate 18261-16823 Moderate 18262-17084 Moderate 17556-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18261-16823 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18262-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17556-17084 CBL-Mariner Releases 18261-16823 No Security Update 0.8-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18261-16823 CBL-Mariner Releases CBL-Mariner Releases 18262-17084 17556-17084 No Security Update 0.8-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18262-17084 17556-17084 CBL-Mariner Releases 1.0 2024-12-13T00:00:00 <p>Information published.</p> 2.0 2024-12-27T00:00:00 <p>Information published.</p> 2.1 2026-02-18T15:00:46 <p>Information published.</p> Qemu: improper ide controller reset can lead to mbr overwrite <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-5088 Incorrect Synchronization 19662-17086 18121-16823 17093-17086 19662-17086 18121-16823 17093-17086 19662-17086 Moderate 18121-16823 Moderate 17093-17086 6.4 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 19662-17086 6.4 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 18121-16823 6.4 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 17093-17086 CBL-Mariner Releases 19662-17086 18121-16823 17093-17086 No Security Update 6.2.0-21 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19662-17086 18121-16823 17093-17086 CBL-Mariner Releases 2.0 2026-02-18T14:52:59 <p>Information published.</p> 1.0 2025-03-26T00:00:00 <p>Information published.</p> Out-of-bounds Read in Wireshark https://nvd.nist.gov/vuln/detail/CVE-2023-6174 https://nvd.nist.gov/vuln/detail/CVE-2023-6174 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2023-6174 Out-of-bounds Read 12357 12356 12357 12356 12357 12356 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12357 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12356 wireshark 12357 wireshark-4.4.7-1.azl3.aarch64.rpm 0001-01-01T00:00:00 wireshark-cli-4.4.7-1.azl3.aarch64.rpm 0001-01-01T00:00:00 wireshark-devel-4.4.7-1.azl3.aarch64.rpm 0001-01-01T00:00:00 wireshark-debuginfo-4.4.7-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.7-1 https://nvd.nist.gov/vuln/detail/CVE-2023-6174 12357 wireshark wireshark 12356 wireshark-4.4.7-1.azl3.x86_64.rpm 0001-01-01T00:00:00 wireshark-cli-4.4.7-1.azl3.x86_64.rpm 0001-01-01T00:00:00 wireshark-devel-4.4.7-1.azl3.x86_64.rpm 0001-01-01T00:00:00 wireshark-debuginfo-4.4.7-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.7-1 https://nvd.nist.gov/vuln/detail/CVE-2023-6174 12356 wireshark 1.0 2025-07-11T00:00:00 <p>Information published.</p> Request smuggling in aiohttp <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-47627 Inconsistent Interpretation of HTTP Requests (&#39;HTTP Request/Response Smuggling&#39;) 18469-17084 18469-17084 Important 18469-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 18469-17084 1.0 2025-09-03T21:59:16 <p>Information published.</p> 1.1 2026-02-18T15:16:14 <p>Information published.</p> Microsoft Office Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode.</p> Microsoft Office Microsoft Yes CVE-2023-36413 11573 11574 11762 11763 11952 11953 10753 10754 Security Feature Bypass 11573 Security Feature Bypass 11574 Security Feature Bypass 11762 Security Feature Bypass 11763 Security Feature Bypass 11952 Security Feature Bypass 11953 Security Feature Bypass 10753 Security Feature Bypass 10754 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 10753 Important 10754 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11573 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11574 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11762 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11763 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11952 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11953 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10753 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10754 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run 5002521 https://www.microsoft.com/download/details.aspx?familyid=5519f585-5df4-4a3c-90c9-4aa775aee1ca 10753 Maybe Security Update 16.0.5422.1000 https://support.microsoft.com/help/5002521 10753 5002521 5002521 https://www.microsoft.com/download/details.aspx?familyid=55a52ff9-aaf8-47fc-97e4-f93e4982a660 10754 Maybe Security Update 16.0.5422.1000 https://support.microsoft.com/help/5002521 10754 5002521 <a href="https://twitter.com/Edu_Braun_0day">Eduardo Braun Prado</a> <a href="https://twitter.com/wdormann">Will Dormann</a> with <a href="https://vu.ls/">Vul Labs</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Cloud Files Mini Filter Driver Microsoft Yes CVE-2023-36036 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 12242 12244 12243 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 12242 Elevation of Privilege 12244 Elevation of Privilege 12243 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 12242 Important 12244 Important 12243 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11568 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11569 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11570 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11571 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11572 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11923 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11924 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11926 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11927 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11929 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11930 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11931 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12085 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12086 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12097 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12098 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12099 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10729 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10735 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10852 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10853 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10816 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10855 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9312 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10287 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9318 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9344 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10051 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10049 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10378 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10379 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10483 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10543 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12242 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12244 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12243 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11929 11930 11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 11929 11930 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11929 11930 11931 12097 12098 12099 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 12098 12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 12098 12099 5032189 5032199 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032199 5031377 10729 10735 Yes Security Update 10.0.10240.20308 https://support.microsoft.com/help/5032199 10729 10735 5032199 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 10852 10853 10816 10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 10852 10853 10816 10855 5032197 5032254 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032254 5031416 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22367 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032254 5032254 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032248 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032248 9312 10287 9318 9344 Yes Security Only 6.0.6003.22367 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032248 5032248 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032252 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032252 5031408 10051 10049 Yes Monthly Rollup 6.1.7601.26816 https://support.microsoft.com/help/5032252 10051 10049 5032252 5032252 https://support.microsoft.com/help/5032252 10051 10049 5032250 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032250 10051 10049 Yes Security Only 6.1.7601.26816 https://support.microsoft.com/help/5032250 10051 10049 5032250 5032250 https://support.microsoft.com/help/5032250 10051 10049 5032247 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032247 5031442 10378 10379 Yes Monthly Rollup 6.2.9200.24569 https://support.microsoft.com/help/5032247 10378 10379 5032247 5032249 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032249 5031419 10483 10543 Yes Monthly Rollup 6.3.9600.21668 https://support.microsoft.com/help/5032249 10483 10543 5032249 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 Microsoft Threat Intelligence Microsoft Security Response Center 1.0 2023-11-14T08:00:00 <p>Information published.</p> Microsoft SharePoint Server Remote Code Execution Vulnerability <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by exploiting vulnerable APIs through a deserialization of unsafe data input vulnerability. Exploitation of this vulnerability requires that a user access a susceptible API on an affected version of SharePoint with a specially-formatted input file resulting in possible remote code execution on the SharePoint Server.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>In a network-based attack, an authenticated attacker could execute code remotely within the SharePoint Server.</p> Microsoft Office SharePoint Microsoft Yes CVE-2023-38177 Deserialization of Untrusted Data 10950 11585 11961 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 6.1 5.3 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10950 6.1 5.3 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11585 6.1 5.3 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11961 5002517 https://www.microsoft.com/download/details.aspx?familyid=e4282197-50eb-4374-a0cb-673fedcaefcd 10950 Maybe Security Update 16.0.5422.1000 https://support.microsoft.com/help/5002517 10950 5002517 5002517 https://support.microsoft.com/help/5002517 10950 5002526 https://www.microsoft.com/download/details.aspx?familyid=8535debd-1561-4a47-b60a-f92c426e0f4a 11585 Maybe Security Update 16.0.10404.20003 https://support.microsoft.com/help/5002526 11585 5002526 5002526 https://support.microsoft.com/help/5002526 11585 5002527 https://www.microsoft.com/download/details.aspx?familyid=76bb0325-13a2-44d8-9846-89cf939867d8 11961 Maybe Security Update 16.0.16731.20350 https://support.microsoft.com/help/5002527 11961 5002527 5002527 https://support.microsoft.com/help/5002527 11961 Anonymous 1.0 2023-11-14T08:00:00 <p>Information published.</p> Microsoft Exchange Server Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>For the vulnerability to be exploited, the attacker would need to be authenticated as a valid exchange user.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An authenticated attacker could gain remote code execution rights on the server mailbox backend as NT AUTHORITY\SYSTEM.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker could exploit this vulnerability with LAN access.</p> <p><strong>Are there any more actions I need to take to be protected from this vulnerability?</strong></p> <p>Yes. Customers running an affected version of Microsoft Exchange need to download the November 2023 Security Update and ensure the <a href="https://aka.ms/ExchangeSDS#november-2023-su">Serialized Data Signing feature</a> is enabled to be protected from this vulnerability. Disabling certificate signing of Powershell serialization payloads makes your server vulnerable to known Exchange vulnerabilities and weakens protection against unknown threats. We recommend leaving this feature enabled.</p> Microsoft Exchange Server Microsoft Yes CVE-2023-36439 Deserialization of Untrusted Data 12039 12191 12038 Remote Code Execution 12039 Remote Code Execution 12191 Remote Code Execution 12038 Important 12039 Important 12191 Important 12038 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12191 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12038 5032147 https://www.microsoft.com/download/details.aspx?familyid=f15bf797-0ac3-4bff-9483-d8afeef5bdfc 5030877 12039 Yes Security Update 15.01.2507.035 https://support.microsoft.com/help/5032147 12039 5032147 5032147 https://support.microsoft.com/help/5032147 12039 5032146 https://www.microsoft.com/download/details.aspx?familyid=abd1dd17-c0c1-434f-8929-5f129956700d 5030877 12191 Yes Security Update 15.02.1258.028 https://support.microsoft.com/help/5032146 12191 5032146 5032146 https://support.microsoft.com/help/5032146 12191 12038 5032146 https://www.microsoft.com/download/details.aspx?familyid=1341ffc6-c9ca-49b0-a560-16c0e6a914cd 5030877 12038 Yes Security Update 15.02.1118.040 https://support.microsoft.com/help/5032146 12038 5032146 m4yfly with TianGong Team of Legendsec at Qi&#39;anxin Group 1.0 2023-11-14T08:00:00 <p>Information published.</p> Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.</p> Windows Authentication Methods Microsoft Yes CVE-2023-36428 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11929 11930 11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 11929 11930 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11929 11930 11931 12097 12098 12099 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 12098 12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 12098 12099 5032189 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 5032199 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032199 5031377 10729 10735 Yes Security Update 10.0.10240.20308 https://support.microsoft.com/help/5032199 10729 10735 5032199 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 10852 10853 10816 10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 10852 10853 10816 10855 5032197 5032254 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032254 5031416 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22367 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032254 5032254 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032248 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032248 9312 10287 9318 9344 Yes Security Only 6.0.6003.22367 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032248 5032248 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032252 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032252 5031408 10051 10049 Yes Monthly Rollup 6.1.7601.26816 https://support.microsoft.com/help/5032252 10051 10049 5032252 5032252 https://support.microsoft.com/help/5032252 10051 10049 5032250 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032250 10051 10049 Yes Security Only 6.1.7601.26816 https://support.microsoft.com/help/5032250 10051 10049 5032250 5032250 https://support.microsoft.com/help/5032250 10051 10049 5032247 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032247 5031442 10378 10379 Yes Monthly Rollup 6.2.9200.24569 https://support.microsoft.com/help/5032247 10378 10379 5032247 5032249 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032249 5031419 10483 10543 Yes Monthly Rollup 6.3.9600.21668 https://support.microsoft.com/help/5032249 10483 10543 5032249 Anonymous 1.0 2023-11-14T08:00:00 <p>Information published.</p> Windows Hyper-V Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Real-world exploitability of this attack is very low. Successful exploitation of this vulnerability requires an attacker to obtain 12th+ generation hardware to trigger the vulnerability. In addition, the attacker can only populate data at the beginning of a page, and its contents are mostly uncontrollable.</p> Windows Hyper-V Microsoft Yes CVE-2023-36427 11569 11571 11572 11923 11924 11926 11931 12086 12097 12243 12244 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11931 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12243 Elevation of Privilege 12244 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11931 Important 12086 Important 12097 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11569 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11569 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11569 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 5032192 5032192 https://support.microsoft.com/help/5032192 11926 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11931 12097 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12086 12243 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 5032189 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 <a href="https://twitter.com/standa_t">Satoshi Tanda</a> with <a href="https://tandasat.github.io/">System Programming Lab</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> Windows Distributed File System (DFS) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker or targeted user to have both domain user and delegate management permissions on a non-default DFS namespace.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit a DFS namespace (non-default) out-of-bound write vulnerability that results in heap corruption, which could then be used to perform arbitrary code execution on the server's dfssvc.exe process which runs as SYSTEM user.</p> <p><strong>According to the CVSS metric, attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>In a real-world attack scenario, a domain admin would have to configure their DFS namespace in such a way to add a low privileged domain user to the delegate management permission on a certain DFS namespace.</p> <p>In essence, a successful exploitation of this vulnerability would require a non-default and unlikely configuration.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p> Windows Distributed File System (DFS) Microsoft Yes CVE-2023-36425 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11929 11930 11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 11929 11930 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11929 11930 11931 12097 12098 12099 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 12098 12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 12098 12099 5032189 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 5032199 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032199 5031377 10729 10735 Yes Security Update 10.0.10240.20308 https://support.microsoft.com/help/5032199 10729 10735 5032199 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 10852 10853 10816 10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 10852 10853 10816 10855 5032197 5032254 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032254 5031416 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22367 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032254 5032254 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032248 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032248 9312 10287 9318 9344 Yes Security Only 6.0.6003.22367 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032248 5032248 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032252 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032252 5031408 10051 10049 Yes Monthly Rollup 6.1.7601.26816 https://support.microsoft.com/help/5032252 10051 10049 5032252 5032252 https://support.microsoft.com/help/5032252 10051 10049 5032250 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032250 10051 10049 Yes Security Only 6.1.7601.26816 https://support.microsoft.com/help/5032250 10051 10049 5032250 5032250 https://support.microsoft.com/help/5032250 10051 10049 5032247 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032247 5031442 10378 10379 Yes Monthly Rollup 6.2.9200.24569 https://support.microsoft.com/help/5032247 10378 10379 5032247 5032249 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032249 5031419 10483 10543 Yes Monthly Rollup 6.3.9600.21668 https://support.microsoft.com/help/5032249 10483 10543 5032249 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> Windows Common Log File System Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker could use this vulnerability to elevate privileges from Medium Integrity Level to a High Integrity Level.</p> Windows Common Log File System Driver Microsoft Yes CVE-2023-36424 Out-of-bounds Read 12242 12244 12243 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 12242 Elevation of Privilege 12244 Elevation of Privilege 12243 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 12242 Important 12244 Important 12243 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032190 https://support.microsoft.com/help/5032190 12242 12243 12085 12086 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11929 11930 11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 11929 11930 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11929 11930 11931 12097 12098 12099 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 12098 12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 12098 12099 5032189 5032199 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032199 5031377 10729 10735 Yes Security Update 10.0.10240.20308 https://support.microsoft.com/help/5032199 10729 10735 5032199 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 10852 10853 10816 10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 10852 10853 10816 10855 5032197 5032254 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032254 5031416 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22367 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032254 5032254 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032248 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032248 9312 10287 9318 9344 Yes Security Only 6.0.6003.22367 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032248 5032248 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032252 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032252 5031408 10051 10049 Yes Monthly Rollup 6.1.7601.26816 https://support.microsoft.com/help/5032252 10051 10049 5032252 5032252 https://support.microsoft.com/help/5032252 10051 10049 5032250 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032250 10051 10049 Yes Security Only 6.1.7601.26816 https://support.microsoft.com/help/5032250 10051 10049 5032250 5032250 https://support.microsoft.com/help/5032250 10051 10049 5032247 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032247 5031442 10378 10379 Yes Monthly Rollup 6.2.9200.24569 https://support.microsoft.com/help/5032247 10378 10379 5032247 5032249 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032249 5031419 10483 10543 Yes Monthly Rollup 6.3.9600.21668 https://support.microsoft.com/help/5032249 10483 10543 5032249 <a href="https://twitter.com/securiteam_ssd">Anonymous</a> with <a href="https://ssd-disclosure.com/">SSD Secure Disclosure</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> Microsoft Remote Registry Service Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>A remote, authenticated attacker who is on the domain could exploit an out of bounds write vulnerability within regsvc to execute arbitrary code on the server.</p> Microsoft Remote Registry Service Microsoft Yes CVE-2023-36423 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11929 11930 11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 11929 11930 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11929 11930 11931 12097 12098 12099 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 12098 12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 12098 12099 5032189 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 5032199 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032199 5031377 10729 10735 Yes Security Update 10.0.10240.20308 https://support.microsoft.com/help/5032199 10729 10735 5032199 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 10852 10853 10816 10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 10852 10853 10816 10855 5032197 5032254 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032254 5031416 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22367 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032254 5032254 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032248 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032248 9312 10287 9318 9344 Yes Security Only 6.0.6003.22367 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032248 5032248 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032252 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032252 5031408 10051 10049 Yes Monthly Rollup 6.1.7601.26816 https://support.microsoft.com/help/5032252 10051 10049 5032252 5032252 https://support.microsoft.com/help/5032252 10051 10049 5032250 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032250 10051 10049 Yes Security Only 6.1.7601.26816 https://support.microsoft.com/help/5032250 10051 10049 5032250 5032250 https://support.microsoft.com/help/5032250 10051 10049 5032247 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032247 5031442 10378 10379 Yes Monthly Rollup 6.2.9200.24569 https://support.microsoft.com/help/5032247 10378 10379 5032247 5032249 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032249 5031419 10483 10543 Yes Monthly Rollup 6.3.9600.21668 https://support.microsoft.com/help/5032249 10483 10543 5032249 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> 1.1 2023-11-16T08:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the target machine if the victim connects to the attacker's malicious DB2 server and they execute a specially crafted query.</p> Azure Microsoft Yes CVE-2023-38151 Use of Uninitialized Resource 12257 12247 Remote Code Execution 12257 Remote Code Execution 12247 Important 12257 Important 12247 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12257 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12247 5032921 https://www.microsoft.com/en-us/download/details.aspx?id=105670 12257 Yes Security Update KB5032921 https://www.microsoft.com/en-us/download/details.aspx?id=105670 12257 5032921 5032921 https://www.microsoft.com/en-us/download/details.aspx?id=105670 12247 Maybe Security Update KB5032921 https://www.microsoft.com/en-us/download/details.aspx?id=105670 12247 5032921 <p>The following mitigating factors might be helpful in your situation:</p> <p>The victim must have installed Microsoft OLE DB Provider for DB2 Server Version 7.0 for the target machine to be vulnerable.</p> bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> Azure DevOps Server Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit an integer overflow vulnerability that results in arbitrary heap writes, which could be used to perform arbitrary code execution.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on ADO?</strong></p> <p>Yes, the attacker needs to be authenticated to Azure DevOps server.</p> Azure DevOps Microsoft Yes CVE-2023-36437 Improper Control of Generation of Code ('Code Injection') 12072 Remote Code Execution 12072 Important 12072 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12072 Pull Request https://github.com/microsoft/azure-pipelines-agent/releases/tag/v2.217.2 12072 Maybe Security Update 2.39.1 https://github.com/microsoft/azure-pipelines-agent/releases/tag/v2.217.2 12072 Pull Request Anonymous 1.0 2023-11-14T08:00:00 <p>Information published.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Microsoft Dynamics Microsoft Yes CVE-2023-36410 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11921 Spoofing 11921 Important 11921 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11921 5032297 https://www.microsoft.com/en-us/download/details.aspx?id=105717 11921 Maybe Security Update 9.1.23.10 https://support.microsoft.com/help/5032297 11921 5032297 <a href="https://batr.am/">batram</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> Azure CLI REST Command Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker that successfully exploited this vulnerability could recover plaintext passwords and usernames from log files created by the affected CLI commands and published by Azure DevOps and/or GitHub Actions.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker can search and discover credentials contained in log files which have been stored in open-source repositories.</p> <p><strong>Where can I find more information?</strong></p> <p>Please see the MSRC Blog Post relating to this vulnerability here: <a href="https://msrc.microsoft.com/blog/2023/11/microsoft-guidance-regarding-credentials-leaked-to-github-actions-logs-through-azure-cli/">Microsoft guidance regarding credentials leaked to Github Actions logs through Azure CLI</a>.</p> <p><strong>What actions do customers need to take to protect themselves from this vulnerability?</strong></p> <p>Customers using the affected CLI commands must update their Azure CLI version to 2.53.1 or above to be protected against the risks of this vulnerability. This also applies to customers with log files created by using these commands through Azure DevOps and/or GitHub Actions.</p> Azure Microsoft Yes CVE-2023-36052 Exposure of Private Personal Information to an Unauthorized Actor 12254 12252 12255 12253 12249 12248 12251 12250 Information Disclosure 12254 Information Disclosure 12252 Information Disclosure 12255 Information Disclosure 12253 Information Disclosure 12249 Information Disclosure 12248 Information Disclosure 12251 Information Disclosure 12250 Critical 12254 Critical 12252 Critical 12255 Critical 12253 Critical 12249 Critical 12248 Critical 12251 Critical 12250 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.6 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12254 8.6 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12252 8.6 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12255 8.6 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12253 8.6 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12249 8.6 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12248 8.6 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12251 8.6 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12250 Release Notes https://learn.microsoft.com/en-us/cli/azure/update-azure-cli 12254 No Security Update 2.53.1 https://learn.microsoft.com/en-us/cli/azure/release-notes-azure-cli 12254 Release Notes Release Notes https://learn.microsoft.com/en-us/cli/azure/update-azure-cli 12252 12255 12253 12249 12248 12251 12250 Maybe Security Update 2.53.1 https://learn.microsoft.com/en-us/cli/azure/release-notes-azure-cli 12252 12255 12253 12249 12248 12251 12250 Release Notes <a href="https://twitter.com/_0xffd">Aviad Hahami</a> with PANW 1.0 2023-11-14T08:00:00 <p>Information published.</p> Open Management Infrastructure Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow an attacker to access credentials of privileged accounts stored in trace logs on the machine being monitored by SCOM.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component could be different from the impacted component and are managed by different security authorities.</p> <p><strong>What versions of OMI are affected?</strong></p> <p>OMI versions v1.7.1-0 and below are affected.</p> <p><strong>How do the updates address the vulnerability?</strong></p> <p>The update disables logging of the credentials in the trace file and deletes the existing trace files that may have credentials logged.</p> <p><strong>Is there any action customers need to take?</strong></p> <p>In addition to updating their affected versions of SCOM, customers are encouraged to reset their privileged account passwords.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker be an authenticated user with read access to the trace file on the machine being monitored with SCOM and OMI installed.</p> <p><strong>What is OMI?</strong></p> <p>Open Management Infrastructure (OMI) is an open-source Web-Based Enterprise Management (WBEM) implementation for managing Linux and UNIX systems. SCOM uses this framework to orchestrate configuration management and log collection on Linux VMs. More information can be found here: <a href="https://github.com/Microsoft/omi">GitHub - Open Management Infrastructure</a>.</p> Open Management Infrastructure Microsoft Yes CVE-2023-36043 Exposure of Sensitive Information to an Unauthorized Actor 12058 12057 12056 Information Disclosure 12058 Information Disclosure 12057 Information Disclosure 12056 Important 12058 Important 12057 Important 12056 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:T/RC:C 12058 6.5 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:T/RC:C 12057 6.5 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:T/RC:C 12056 Release Notes https://www.microsoft.com/en-in/download/details.aspx?id=104213 12058 Maybe Security Update 1.7.3-0 https://www.microsoft.com/en-in/download/details.aspx?id=104213 12058 Release Notes Release Notes https://www.microsoft.com/en-us/download/details.aspx?id=58208 12057 Maybe Security Update 1.7.3-0 https://www.microsoft.com/en-us/download/details.aspx?id=58208 12057 Release Notes Release Notes https://www.microsoft.com/en-us/download/details.aspx?id=29696 12056 Maybe Security Update 1.7.3-0 https://www.microsoft.com/en-us/download/details.aspx?id=29696 12056 Release Notes Anonymous 1.0 2023-11-14T08:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L). What does that mean for this vulnerability?</strong></p> <p>The attacker who successfully exploited the vulnerability could have limited ability to perform code execution.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability?</strong></p> <p>The performance can be interrupted and/or reduced, but the attacker cannot fully deny service.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>119.0.2151.44</td> <td>11/02/2023</td> <td>119.0.6045.105/.106</td> </tr> <tr> <td>Extended Stable</td> <td>118.0.2088.88</td> <td>11/02/2023</td> <td>118.0.5993.129</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-36034 Use After Free 11655 12142 Remote Code Execution 11655 Remote Code Execution 12142 Moderate 11655 Moderate 12142 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11655 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 12142 Release Notes 11655 No Security Update 119.0.2151.44 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Release Notes 12142 No Security Update 118.0.2088.88 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 12142 Release Notes HAO LI of VenusTech ADLab 1.0 2023-11-02T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a browser sandbox escape.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?</strong></p> <p>While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal?</strong></p> <p><a href="https://www.microsoft.com/en-us/msrc/bounty-new-edge">Per our severity guidelines</a>, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, &quot;If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded&quot;. The CVSS scoring system doesn't allow for this type of nuance.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could allow the attacker to gain the privileges needed to perform code execution.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>119.0.2151.58</td> <td>11/09/2023</td> <td>119.0.6045.123/.124</td> </tr> <tr> <td>Extended Stable</td> <td>118.0.2088.102</td> <td>11/09/2023</td> <td>118.0.5993.136</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-36024 11655 12142 Elevation of Privilege 11655 Elevation of Privilege 12142 Important 11655 Important 12142 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C 11655 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C 12142 Release Notes 11655 No Security Update 119.0.2151.58 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Release Notes 12142 No Security Update 118.0.2088.102 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 12142 Release Notes Anonymous 1.0 2023-11-09T08:00:00 <p>Information published.</p> Windows Scripting Engine Memory Corruption Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.</p> <p><strong>The CVE title says Windows Scripting Engine, what does that mean for this vulnerability?</strong></p> <p>This vulnerability impacts the JScript9 scripting engine.</p> Windows Scripting Microsoft Yes CVE-2023-36017 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 12242 12244 12243 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Remote Code Execution 12242 Remote Code Execution 12244 Remote Code Execution 12243 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 12242 Important 12244 Important 12243 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11929 11930 11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 11929 11930 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11929 11930 11931 12097 12098 12099 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 12098 12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 12098 12099 5032189 5032199 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032199 5031377 10729 10735 Yes Security Update 10.0.10240.20308 https://support.microsoft.com/help/5032199 10729 10735 5032199 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 10852 10853 10816 10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 10852 10853 10816 10855 5032197 5032252 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032252 5031408 10051 10049 Yes Monthly Rollup 6.1.7601.26816 https://support.microsoft.com/help/5032252 10051 10049 5032252 5032252 https://support.microsoft.com/help/5032252 10051 10049 5032250 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032250 10051 10049 Yes Security Only 6.1.7601.26816 https://support.microsoft.com/help/5032250 10051 10049 5032250 5032250 https://support.microsoft.com/help/5032250 10051 10049 5032191 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032191 5031355 10051 10049 10378 10379 10483 10543 Yes IE Cumulative 1.001 https://support.microsoft.com/help/5032191 10051 10049 10378 10379 10483 10543 5032191 5032247 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032247 5031442 10378 10379 Yes Monthly Rollup 6.2.9200.24569 https://support.microsoft.com/help/5032247 10378 10379 5032247 5032249 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032249 5031419 10483 10543 Yes Monthly Rollup 6.3.9600.21668 https://support.microsoft.com/help/5032249 10483 10543 5032249 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 1.0 2023-11-14T08:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>119.0.2151.58</td> <td>11/09/2023</td> <td>119.0.6045.123/.124</td> </tr> <tr> <td>Extended Stable</td> <td>118.0.2088.102</td> <td>11/09/2023</td> <td>118.0.5993.136</td> </tr> </tbody> </table> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could allow the attacker to gain the privileges needed to perform code execution.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?</strong></p> <p>While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal?</strong></p> <p><a href="https://www.microsoft.com/en-us/msrc/bounty-new-edge">Per our severity guidelines</a>, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, &quot;If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded&quot;. The CVSS scoring system doesn't allow for this type of nuance.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-36027 11655 12142 Elevation of Privilege 11655 Elevation of Privilege 12142 Important 11655 Important 12142 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C 11655 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C 12142 Release Notes 11655 No Security Update 119.0.2151.58 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Release Notes 12142 No Security Update 118.0.2088.102 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 12142 Release Notes Anonymous 1.0 2023-11-10T08:00:00 <p>Information published.</p> Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could craft a payload allowing them to access sensitive user data, which could result in unauthorized access to the victim's account or compromise of other confidential information.</p> Microsoft Dynamics Microsoft Yes CVE-2023-36007 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 12261 Spoofing 12261 Important 12261 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 12261 Release Notes https://appsource.microsoft.com/en-US/product/DynamicsCE/msfp.customervoicedistribution 12261 Maybe Security Update 9.0.0.8 https://appsource.microsoft.com/en-US/product/DynamicsCE/msfp.customervoicedistribution 12261 Release Notes <a href="https://twitter.com/dhiralpatel94">Dhiral Patel</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>119.0.2151.72</td> <td>11/16/2023</td> <td>119.0.6045.159/.160</td> </tr> <tr> <td>Extended Stable</td> <td>118.0.2088.109</td> <td>11/16/2023</td> <td>118.0.5993.144</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability?</strong></p> <p>The performance can be interrupted and/or reduced, but the attacker cannot fully deny service.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L). What does that mean for this vulnerability?</strong></p> <p>The attacker who successfully exploited the vulnerability could have limited ability to perform code execution.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-36008 Use After Free 11655 12142 Remote Code Execution 11655 Remote Code Execution 12142 Moderate 11655 Moderate 12142 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 6.6 5.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C 11655 6.6 5.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C 12142 Release Notes 11655 No Security Update 119.0.2151.72 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Release Notes 12142 No Security Update 118.0.2088.109 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 12142 Release Notes HAO LI of VenusTech ADLab 1.0 2023-11-16T08:00:00 <p>Information published.</p> 1.1 2024-10-10T07:00:00 <p>Corrected Build Numbers in the Security Updates table. This is an informational change only.</p> Microsoft Edge (Chromium-based) Spoofing Vulnerability <p><strong>Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal?</strong></p> <p><a href="https://www.microsoft.com/en-us/msrc/bounty-new-edge">Per our severity guidelines</a>, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, &quot;If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded&quot;. The CVSS scoring system doesn't allow for this type of nuance.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is able to bypass the warning on the permissions message when visiting a potentially malicious website.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>119.0.2151.72</td> <td>11/16/2023</td> <td>119.0.6045.159/.160</td> </tr> <tr> <td>Extended Stable</td> <td>118.0.2088.109</td> <td>11/16/2023</td> <td>118.0.5993.144</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-36026 11655 12142 Spoofing 11655 Spoofing 12142 Moderate 11655 Moderate 12142 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11655 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 12142 Release Notes 11655 No Security Update 119.0.2151.72 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Release Notes 12142 No Security Update 118.0.2088.109 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 12142 Release Notes Anonymous 1.0 2023-11-16T08:00:00 <p>Information published.</p> 1.1 2024-10-10T07:00:00 <p>Corrected Build Numbers in the Security Updates table. This is an informational change only.</p> Chromium: CVE-2023-5997 Use after free in Garbage Collection <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>119.0.2151.72</td> <td>11/16/2023</td> <td>119.0.6045.159/.160</td> </tr> <tr> <td>Extended Stable</td> <td>118.0.2088.109</td> <td>11/16/2023</td> <td>118.0.5993.144</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5997 11655 12142 11655 12142 11655 12142 Release Notes 11655 No Security Update 119.0.2151.72 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Release Notes 12142 No Security Update 118.0.2088.109 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 12142 Release Notes 1.0 2023-11-16T17:35:21 <p>Information published.</p> 1.1 2024-10-10T07:00:00 <p>Corrected Build Numbers in the Security Updates table. This is an informational change only.</p> Chromium: CVE-2023-6112 Use after free in Navigation <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>119.0.2151.72</td> <td>11/16/2023</td> <td>119.0.6045.159/.160</td> </tr> <tr> <td>Extended Stable</td> <td>118.0.2088.109</td> <td>11/16/2023</td> <td>118.0.5993.144</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-6112 11655 12142 11655 12142 11655 12142 Release Notes 11655 No Security Update 119.0.2151.72 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Release Notes 12142 No Security Update 118.0.2088.109 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 12142 Release Notes 1.0 2023-11-16T17:35:26 <p>Information published.</p> 1.1 2024-10-28T07:00:00 <p>Corrected Build Numbers in the Security Updates table. This is an informational change only.</p> Windows Installer Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Installer Microsoft Yes CVE-2023-36705 Improper Link Resolution Before File Access ('Link Following') 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11929 11930 11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 11929 11930 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11929 11930 11931 12097 12098 12099 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 12098 12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 12098 12099 5032189 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 5032199 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032199 5031377 10729 10735 Yes Security Update 10.0.10240.20308 https://support.microsoft.com/help/5032199 10729 10735 5032199 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 10852 10853 10816 10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 10852 10853 10816 10855 5032197 5032254 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032254 5031416 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22367 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032254 5032254 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032248 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032248 9312 10287 9318 9344 Yes Security Only 6.0.6003.22367 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032248 5032248 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032252 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032252 5031408 10051 10049 Yes Monthly Rollup 6.1.7601.26816 https://support.microsoft.com/help/5032252 10051 10049 5032252 5032252 https://support.microsoft.com/help/5032252 10051 10049 5032250 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032250 10051 10049 Yes Security Only 6.1.7601.26816 https://support.microsoft.com/help/5032250 10051 10049 5032250 5032250 https://support.microsoft.com/help/5032250 10051 10049 5032247 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032247 5031442 10378 10379 Yes Monthly Rollup 6.2.9200.24569 https://support.microsoft.com/help/5032247 10378 10379 5032247 5032249 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032249 5031419 10483 10543 Yes Monthly Rollup 6.3.9600.21668 https://support.microsoft.com/help/5032249 10483 10543 5032249 Abdelhamid Naceri 1.0 2023-11-14T08:00:00 <p>Information published.</p> ASP.NET Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>The attacker would be able to bypass the security checks that prevents an attacker from accessing internal applications in a website.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>The attacker could send a specially crafted request that would enable them to access parts of a web application that they would not normally have access to.</p> ASP.NET Microsoft Yes CVE-2023-36560 12079-12244 12079-12242 12079-12243 11650-10852 11650-10853 11650-10816 11650-10855 11650-10051 11650-10049 11650-10378 11650-10379 11650-10483 11676-11568 11650-10543 11676-11569 11676-11571 11676-11923 11676-11572 11676-11924 11676-11926 11676-11927 11676-11929 11676-11930 11676-12097 11676-11931 11676-12098 11676-12099 11677-11568 11677-11572 11677-11569 11677-11570 11677-11571 11723-10852 11723-10853 11723-10816 11723-10855 11863-10049 11863-10051 11863-10378 11863-10483 11863-10379 11863-10543 12079-11923 12079-11924 12079-11926 12079-11927 12079-11929 12079-11931 12079-11930 12079-12085 12079-12086 12079-12098 12079-12099 12079-12097 12115-10287 12115-9312 12115-9318 12115-9344 12135-10729 12135-10735 9292-9312 9292-9318 9195-9312 9195-9318 2472-10378 2472-10379 2472-10543 2472-10483 9495-10049 9495-10051 Security Feature Bypass 12079-12244 Security Feature Bypass 12079-12242 Security Feature Bypass 12079-12243 Security Feature Bypass 11650-10852 Security Feature Bypass 11650-10853 Security Feature Bypass 11650-10816 Security Feature Bypass 11650-10855 Security Feature Bypass 11650-10051 Security Feature Bypass 11650-10049 Security Feature Bypass 11650-10378 Security Feature Bypass 11650-10379 Security Feature Bypass 11650-10483 Security Feature Bypass 11676-11568 Security Feature Bypass 11650-10543 Security Feature Bypass 11676-11569 Security Feature Bypass 11676-11571 Security Feature Bypass 11676-11923 Security Feature Bypass 11676-11572 Security Feature Bypass 11676-11924 Security Feature Bypass 11676-11926 Security Feature Bypass 11676-11927 Security Feature Bypass 11676-11929 Security Feature Bypass 11676-11930 Security Feature Bypass 11676-12097 Security Feature Bypass 11676-11931 Security Feature Bypass 11676-12098 Security Feature Bypass 11676-12099 Security Feature Bypass 11677-11568 Security Feature Bypass 11677-11572 Security Feature Bypass 11677-11569 Security Feature Bypass 11677-11570 Security Feature Bypass 11677-11571 Security Feature Bypass 11723-10852 Security Feature Bypass 11723-10853 Security Feature Bypass 11723-10816 Security Feature Bypass 11723-10855 Security Feature Bypass 11863-10049 Security Feature Bypass 11863-10051 Security Feature Bypass 11863-10378 Security Feature Bypass 11863-10483 Security Feature Bypass 11863-10379 Security Feature Bypass 11863-10543 Security Feature Bypass 12079-11923 Security Feature Bypass 12079-11924 Security Feature Bypass 12079-11926 Security Feature Bypass 12079-11927 Security Feature Bypass 12079-11929 Security Feature Bypass 12079-11931 Security Feature Bypass 12079-11930 Security Feature Bypass 12079-12085 Security Feature Bypass 12079-12086 Security Feature Bypass 12079-12098 Security Feature Bypass 12079-12099 Security Feature Bypass 12079-12097 Security Feature Bypass 12115-10287 Security Feature Bypass 12115-9312 Security Feature Bypass 12115-9318 Security Feature Bypass 12115-9344 Security Feature Bypass 12135-10729 Security Feature Bypass 12135-10735 Security Feature Bypass 9292-9312 Security Feature Bypass 9292-9318 Security Feature Bypass 9195-9312 Security Feature Bypass 9195-9318 Security Feature Bypass 2472-10378 Security Feature Bypass 2472-10379 Security Feature Bypass 2472-10543 Security Feature Bypass 2472-10483 Security Feature Bypass 9495-10049 Security Feature Bypass 9495-10051 Important 12079-12244 Important 12079-12242 Important 12079-12243 Important 11650-10852 Important 11650-10853 Important 11650-10816 Important 11650-10855 Important 11650-10051 Important 11650-10049 Important 11650-10378 Important 11650-10379 Important 11650-10483 Important 11676-11568 Important 11650-10543 Important 11676-11569 Important 11676-11571 Important 11676-11923 Important 11676-11572 Important 11676-11924 Important 11676-11926 Important 11676-11927 Important 11676-11929 Important 11676-11930 Important 11676-12097 Important 11676-11931 Important 11676-12098 Important 11676-12099 Important 11677-11568 Important 11677-11572 Important 11677-11569 Important 11677-11570 Important 11677-11571 Important 11723-10852 Important 11723-10853 Important 11723-10816 Important 11723-10855 Important 11863-10049 Important 11863-10051 Important 11863-10378 Important 11863-10483 Important 11863-10379 Important 11863-10543 Important 12079-11923 Important 12079-11924 Important 12079-11926 Important 12079-11927 Important 12079-11929 Important 12079-11931 Important 12079-11930 Important 12079-12085 Important 12079-12086 Important 12079-12098 Important 12079-12099 Important 12079-12097 Important 12115-10287 Important 12115-9312 Important 12115-9318 Important 12115-9344 Important 12135-10729 Important 12135-10735 Important 9292-9312 Important 9292-9318 Important 9195-9312 Important 9195-9318 Important 2472-10378 Important 2472-10379 Important 2472-10543 Important 2472-10483 Important 9495-10049 Important 9495-10051 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10543 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10543 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12135-10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12135-10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9292-9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9292-9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9195-9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9195-9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10543 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9495-10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9495-10051 5032004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032004 12079-12244 Maybe Security Update 4.8.9206.0 https://support.microsoft.com/help/5032004 12079-12244 5032004 5032007 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032007 12079-12242 12079-12243 12079-12085 12079-12086 Maybe Security Update 4.8.9206.0 https://support.microsoft.com/help/5032007 12079-12242 12079-12243 12079-12085 12079-12086 5032007 5031989 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031989 11650-10852 11650-10853 11650-10816 11650-10855 Maybe Security Update 4.8.4682.0 https://support.microsoft.com/help/5031989 11650-10852 11650-10853 11650-10816 11650-10855 5031989 5032341 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031995 11650-10051 11650-10049 Maybe Monthly Rollup 4.8.9206.0 https://support.microsoft.com/help/5032341 11650-10051 11650-10049 5032341 5032185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032010 11650-10051 11650-10049 Maybe Security Only 4.8.9206.0 https://support.microsoft.com/help/5032185 11650-10051 11650-10049 5032185 5032342 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031992 11650-10378 11650-10379 Maybe Monthly Rollup 4.8.4682.0 https://support.microsoft.com/help/5032342 11650-10378 11650-10379 5032342 5032343 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031994 11650-10483 11650-10543 Maybe Monthly Rollup 4.8.4682.0 https://support.microsoft.com/help/5032343 11650-10483 11650-10543 5032343 5032337 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031990 11676-11568 11676-11569 11676-11571 11676-11572 Maybe Security Update 4.8.4682.0 https://support.microsoft.com/help/5032337 11676-11568 11676-11569 11676-11571 11676-11572 5032337 5032336 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031993 11676-11923 11676-11924 Maybe Security Update 4.8.4682.0 https://support.microsoft.com/help/5032336 11676-11923 11676-11924 5032336 5032340 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031991 11676-11926 11676-11927 Maybe Security Update 4.8.4682.0 https://support.microsoft.com/help/5032340 11676-11926 11676-11927 5032340 5032338 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031988 11676-11929 11676-11930 11676-11931 Maybe Security Update 4.8.4682.0 https://support.microsoft.com/help/5032338 11676-11929 11676-11930 11676-11931 5032338 5032339 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031988 11676-12097 11676-12098 11676-12099 Maybe Security Update 4.8.4682.0 https://support.microsoft.com/help/5032339 11676-12097 11676-12098 11676-12099 5032339 5032337 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031984 11677-11568 11677-11572 11677-11569 11677-11570 11677-11571 Maybe Security Update 4.7.4076.0 https://support.microsoft.com/help/5032337 11677-11568 11677-11572 11677-11569 11677-11570 11677-11571 5032337 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 11723-10852 11723-10853 11723-10816 11723-10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 11723-10852 11723-10853 11723-10816 11723-10855 5032197 5032341 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031987 11863-10049 11863-10051 Maybe Monthly Rollup 4.7.4076.0 https://support.microsoft.com/help/5032341 11863-10049 11863-10051 5032341 5032185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032009 11863-10049 11863-10051 Maybe Security Only 4.7.4076.0 https://support.microsoft.com/help/5032185 11863-10049 11863-10051 5032185 5032342 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031985 11863-10378 11863-10379 Maybe Monthly Rollup 4.7.4076.0 https://support.microsoft.com/help/5032342 11863-10378 11863-10379 5032342 5032343 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031986 11863-10483 11863-10543 Maybe Monthly Rollup 4.7.4076.0 https://support.microsoft.com/help/5032343 11863-10483 11863-10543 5032343 5032336 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032008 12079-11923 12079-11924 Maybe Security Update 4.8.9206.0 https://support.microsoft.com/help/5032336 12079-11923 12079-11924 5032336 5032340 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032006 12079-11926 12079-11927 Maybe Security Update 4.8.9206.0 https://support.microsoft.com/help/5032340 12079-11926 12079-11927 5032340 5032338 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032005 12079-11929 12079-11931 12079-11930 Maybe Security Update 4.8.9206.0 https://support.microsoft.com/help/5032338 12079-11929 12079-11931 12079-11930 5032338 5032339 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032005 12079-12098 12079-12099 12079-12097 Maybe Security Update 4.8.9206.0 https://support.microsoft.com/help/5032339 12079-12098 12079-12099 12079-12097 5032339 5032344 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031987 12115-10287 12115-9312 12115-9318 12115-9344 Maybe Monthly Rollup 4.7.4076.0 https://support.microsoft.com/help/5032344 12115-10287 12115-9312 12115-9318 12115-9344 5032344 5032186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032009 12115-10287 12115-9312 12115-9318 12115-9344 Maybe Security Only 4.7.4076.0 https://support.microsoft.com/help/5032186 12115-10287 12115-9312 12115-9318 12115-9344 5032186 5032199 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032199 5031377 12135-10729 12135-10735 Yes Security Update 10.0.10240.20308 https://support.microsoft.com/help/5032199 12135-10729 12135-10735 5032199 5032344 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031999 9292-9312 9292-9318 9195-9312 9195-9318 Maybe Monthly Rollup 3.0.50727.8975 https://support.microsoft.com/help/5032344 9292-9312 9292-9318 9195-9312 9195-9318 5032344 5032186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032011 9292-9312 9292-9318 9195-9312 9195-9318 Maybe Security Only 3.0.50727.8975 https://support.microsoft.com/help/5032186 9292-9312 9292-9318 9195-9312 9195-9318 5032186 5032342 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031998 2472-10378 2472-10379 Maybe Monthly Rollup 3.0.50727.8975 https://support.microsoft.com/help/5032342 2472-10378 2472-10379 5032342 5032343 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032001 2472-10543 2472-10483 Maybe Monthly Rollup 3.0.50727.8975 https://support.microsoft.com/help/5032343 2472-10543 2472-10483 5032343 5032341 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032000 9495-10049 9495-10051 Maybe Monthly Rollup 3.0.50727.8975 https://support.microsoft.com/help/5032341 9495-10049 9495-10051 5032341 5032185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032012 9495-10049 9495-10051 Maybe Security Only 3.0.50727.8975 https://support.microsoft.com/help/5032185 9495-10049 9495-10051 5032185 <a href="https://twitter.com/mwulftange">Markus Wulftange</a> with <a href="https://code-white.com/">CODE WHITE GmbH</a> <a href="https://twitter.com/irsdl">Soroush Dalili</a> with <a href="https://www.secproject.com/">SecProject</a> <a href="https://twitter.com/mwulftange">Markus Wulftange</a> with <a href="https://code-white.com/">CODE WHITE GmbH</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> 1.1 2023-11-17T08:00:00 <p>Updated the build numbers. This is an informational update only.</p> Windows Hyper-V Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>This vulnerability would require an unauthenticated attacker on a guest VM to send specially crafted file operation requests to the VM's hardware resources which could result in remote code execution on the host server.</p> Windows Hyper-V Microsoft Yes CVE-2023-36408 Heap-based Buffer Overflow 11569 11571 11572 11923 11924 11926 11927 11931 12085 12086 12097 12242 12243 12244 10853 10816 10855 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11931 Important 12085 Important 12086 Important 12097 Important 12242 Important 12243 Important 12244 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11569 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11569 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11569 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11931 12097 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 5032189 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 10853 10816 10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 10853 10816 10855 5032197 <a href="https://github.com/cbwang505">ChengBin Wang</a> with <a href="https://www.guolisec.com/">ZheJiang Guoli Security Technology</a> and <a href="https://linfeng/">linfeng</a> with <a href="https://www.netciip.com/">Hebei Huace</a> and <a href="https://linfeng/">linfeng</a> with <a href="https://www.netciip.com/">Hebei Huace</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> Windows Hyper-V Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Hyper-V Microsoft Yes CVE-2023-36407 Improper Input Validation 11923 11924 11926 11927 12085 12086 12242 12243 12244 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Important 11923 Important 11924 Important 11926 Important 11927 Important 12085 Important 12086 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 Anonymous 1.0 2023-11-14T08:00:00 <p>Information published.</p> Windows Hyper-V Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process.</p> Windows Hyper-V Microsoft Yes CVE-2023-36406 Improper Input Validation 11923 11924 11926 11927 12085 12086 12242 12243 12244 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Important 11923 Important 11924 Important 11926 Important 11927 Important 12085 Important 12086 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 <a href="https://twitter.com/arudd1ck">Andrew Ruddick</a> with Microsoft Security Response Center 1.0 2023-11-14T08:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Kernel Microsoft Yes CVE-2023-36405 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11929 11930 11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 11929 11930 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11929 11930 11931 12097 12098 12099 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 12098 12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 12098 12099 5032189 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 10852 10853 10816 10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 10852 10853 10816 10855 5032197 Anonymous 1.0 2023-11-14T08:00:00 <p>Information published.</p> Windows Kernel Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is values of registry keys the attacker does not have permissions to view.</p> Windows Kernel Microsoft Yes CVE-2023-36404 Improper Access Control 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10852 10853 10816 10855 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11929 11930 11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 11929 11930 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11929 11930 11931 12097 12098 12099 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 12098 12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 12098 12099 5032189 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 10852 10853 10816 10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 10852 10853 10816 10855 5032197 Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Kernel Microsoft Yes CVE-2023-36403 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11929 11930 11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 11929 11930 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11929 11930 11931 12097 12098 12099 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 12098 12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 12098 12099 5032189 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 5032199 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032199 5031377 10729 10735 Yes Security Update 10.0.10240.20308 https://support.microsoft.com/help/5032199 10729 10735 5032199 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 10852 10853 10816 10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 10852 10853 10816 10855 5032197 5032254 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032254 5031416 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22367 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032254 5032254 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032248 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032248 9312 10287 9318 9344 Yes Security Only 6.0.6003.22367 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032248 5032248 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032252 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032252 5031408 10051 10049 Yes Monthly Rollup 6.1.7601.26816 https://support.microsoft.com/help/5032252 10051 10049 5032252 5032252 https://support.microsoft.com/help/5032252 10051 10049 5032250 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032250 10051 10049 Yes Security Only 6.1.7601.26816 https://support.microsoft.com/help/5032250 10051 10049 5032250 5032250 https://support.microsoft.com/help/5032250 10051 10049 5032247 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032247 5031442 10378 10379 Yes Monthly Rollup 6.2.9200.24569 https://support.microsoft.com/help/5032247 10378 10379 5032247 5032249 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032249 5031419 10483 10543 Yes Monthly Rollup 6.3.9600.21668 https://support.microsoft.com/help/5032249 10483 10543 5032249 Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable).</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2023-36402 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11929 11930 11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 11929 11930 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11929 11930 11931 12097 12098 12099 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 12098 12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 12098 12099 5032189 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 5032199 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032199 5031377 10729 10735 Yes Security Update 10.0.10240.20308 https://support.microsoft.com/help/5032199 10729 10735 5032199 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 10852 10853 10816 10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 10852 10853 10816 10855 5032197 5032254 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032254 5031416 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22367 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032254 5032254 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032248 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032248 9312 10287 9318 9344 Yes Security Only 6.0.6003.22367 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032248 5032248 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032252 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032252 5031408 10051 10049 Yes Monthly Rollup 6.1.7601.26816 https://support.microsoft.com/help/5032252 10051 10049 5032252 5032252 https://support.microsoft.com/help/5032252 10051 10049 5032250 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032250 10051 10049 Yes Security Only 6.1.7601.26816 https://support.microsoft.com/help/5032250 10051 10049 5032250 5032250 https://support.microsoft.com/help/5032250 10051 10049 5032247 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032247 5031442 10378 10379 Yes Monthly Rollup 6.2.9200.24569 https://support.microsoft.com/help/5032247 10378 10379 5032247 5032249 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032249 5031419 10483 10543 Yes Monthly Rollup 6.3.9600.21668 https://support.microsoft.com/help/5032249 10483 10543 5032249 Anonymous Anonymous 1.0 2023-11-14T08:00:00 <p>Information published.</p> Microsoft Remote Registry Service Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker must be an authenticated user on the network who is a member of the performance log users group.</p> <p>Although this group defaults to only Administrators, it is possible for an Administrator to add other standard users to this group.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>A remote, authenticated attacker who is on the domain and a member of the performance log users group could exploit an integer overflow vulnerability within regsvc to execute arbitrary code on the server.</p> Microsoft Remote Registry Service Microsoft Yes CVE-2023-36401 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11929 11930 11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 11929 11930 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11929 11930 11931 12097 12098 12099 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 12098 12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 12098 12099 5032189 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 5032199 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032199 5031377 10729 10735 Yes Security Update 10.0.10240.20308 https://support.microsoft.com/help/5032199 10729 10735 5032199 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 10852 10853 10816 10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 10852 10853 10816 10855 5032197 5032254 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032254 5031416 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22367 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032254 5032254 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032248 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032248 9312 10287 9318 9344 Yes Security Only 6.0.6003.22367 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032248 5032248 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032252 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032252 5031408 10051 10049 Yes Monthly Rollup 6.1.7601.26816 https://support.microsoft.com/help/5032252 10051 10049 5032252 5032252 https://support.microsoft.com/help/5032252 10051 10049 5032250 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032250 10051 10049 Yes Security Only 6.1.7601.26816 https://support.microsoft.com/help/5032250 10051 10049 5032250 5032250 https://support.microsoft.com/help/5032250 10051 10049 5032247 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032247 5031442 10378 10379 Yes Monthly Rollup 6.2.9200.24569 https://support.microsoft.com/help/5032247 10378 10379 5032247 5032249 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032249 5031419 10483 10543 Yes Monthly Rollup 6.3.9600.21668 https://support.microsoft.com/help/5032249 10483 10543 5032249 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> Windows HMAC Key Derivation Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to execute code on the Hyper-V host execution environment.</p> Windows HMAC Key Derivation Microsoft Yes CVE-2023-36400 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12242 Critical 12243 Critical 12244 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11929 11930 11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 11929 11930 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11929 11930 11931 12097 12098 12099 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 12098 12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 12098 12099 5032189 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 5032199 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032199 5031377 10729 10735 Yes Security Update 10.0.10240.20308 https://support.microsoft.com/help/5032199 10729 10735 5032199 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 10852 10853 10816 10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 10852 10853 10816 10855 5032197 1.0 2023-11-14T08:00:00 <p>Information published.</p> Windows Storage Elevation of Privilege Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Storage Microsoft Yes CVE-2023-36399 Improper Link Resolution Before File Access ('Link Following') 12244 11923 11924 11926 11927 12085 12086 12243 12242 Elevation of Privilege 12244 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12243 Elevation of Privilege 12242 Important 12244 Important 11923 Important 11924 Important 11926 Important 11927 Important 12085 Important 12086 Important 12243 Important 12242 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12244 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11923 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11924 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11926 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11927 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12085 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12086 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12243 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12242 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12243 12242 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12243 12242 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12243 12242 5032190 Microsoft Security Response Center 1.0 2023-11-14T08:00:00 <p>Information published.</p> Windows NTFS Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p> <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p> Windows NTFS Microsoft Yes CVE-2023-36398 Use of Uninitialized Resource 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 12242 12244 12243 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Information Disclosure 12242 Information Disclosure 12244 Information Disclosure 12243 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Important 12242 Important 12244 Important 12243 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11929 11930 11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 11929 11930 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11929 11930 11931 12097 12098 12099 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 12098 12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 12098 12099 5032189 5032199 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032199 5031377 10729 10735 Yes Security Update 10.0.10240.20308 https://support.microsoft.com/help/5032199 10729 10735 5032199 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 10852 10853 10816 10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 10852 10853 10816 10855 5032197 5032247 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032247 5031442 10378 10379 Yes Monthly Rollup 6.2.9200.24569 https://support.microsoft.com/help/5032247 10378 10379 5032247 5032249 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032249 5031419 10483 10543 Yes Monthly Rollup 6.3.9600.21668 https://support.microsoft.com/help/5032249 10483 10543 5032249 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 Anonymous 1.0 2023-11-14T08:00:00 <p>Information published.</p> Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code.</p> Windows Internet Connection Sharing (ICS) Microsoft Yes CVE-2023-36397 Buffer Over-read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12242 Critical 12243 Critical 12244 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11929 11930 11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 11929 11930 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11929 11930 11931 12097 12098 12099 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 12098 12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 12098 12099 5032189 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 5032199 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032199 5031377 10729 10735 Yes Security Update 10.0.10240.20308 https://support.microsoft.com/help/5032199 10729 10735 5032199 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 10852 10853 10816 10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 10852 10853 10816 10855 5032197 5032254 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032254 5031416 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22367 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032254 5032254 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032248 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032248 9312 10287 9318 9344 Yes Security Only 6.0.6003.22367 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032248 5032248 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032252 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032252 5031408 10051 10049 Yes Monthly Rollup 6.1.7601.26816 https://support.microsoft.com/help/5032252 10051 10049 5032252 5032252 https://support.microsoft.com/help/5032252 10051 10049 5032250 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032250 10051 10049 Yes Security Only 6.1.7601.26816 https://support.microsoft.com/help/5032250 10051 10049 5032250 5032250 https://support.microsoft.com/help/5032250 10051 10049 5032247 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032247 5031442 10378 10379 Yes Monthly Rollup 6.2.9200.24569 https://support.microsoft.com/help/5032247 10378 10379 5032247 5032249 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032249 5031419 10483 10543 Yes Monthly Rollup 6.3.9600.21668 https://support.microsoft.com/help/5032249 10483 10543 5032249 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p> <p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p> <a href="https://twitter.com/baixia4">Jarvis_1oop</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> Windows Compressed Folder Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Windows Compressed Folder Microsoft Yes CVE-2023-36396 Improper Resolution of Path Equivalence 12085 12086 12242 12243 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12242 Remote Code Execution 12243 Important 12085 Important 12086 Important 12242 Important 12243 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 <a href="https://www.linkedin.com/in/or-yair/">Or Yair</a> with <a href="https://safebreach.com/">SafeBreach</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> Windows Deployment Services Denial of Service Vulnerability Windows Deployment Services Microsoft Yes CVE-2023-36395 Integer Overflow or Wraparound 11571 11572 11923 11924 12244 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 12244 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12244 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 10816 10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 10816 10855 5032197 5032254 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032254 5031416 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22367 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032254 5032254 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032248 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032248 9312 10287 9318 9344 Yes Security Only 6.0.6003.22367 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032248 5032248 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032252 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032252 5031408 10051 10049 Yes Monthly Rollup 6.1.7601.26816 https://support.microsoft.com/help/5032252 10051 10049 5032252 5032252 https://support.microsoft.com/help/5032252 10051 10049 5032250 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032250 10051 10049 Yes Security Only 6.1.7601.26816 https://support.microsoft.com/help/5032250 10051 10049 5032250 5032250 https://support.microsoft.com/help/5032250 10051 10049 5032247 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032247 5031442 10378 10379 Yes Monthly Rollup 6.2.9200.24569 https://support.microsoft.com/help/5032247 10378 10379 5032247 5032249 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032249 5031419 10483 10543 Yes Monthly Rollup 6.3.9600.21668 https://support.microsoft.com/help/5032249 10483 10543 5032249 <a href="https://twitter.com/thunderj17">ThunderJ</a> with KunlunLab R4nger &amp; Zhiniang Peng 1.0 2023-11-14T08:00:00 <p>Information published.</p> Windows Search Service Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Microsoft Windows Search Component Microsoft Yes CVE-2023-36394 Improper Link Resolution Before File Access ('Link Following') 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12097 12098 12099 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11929 11930 11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 11929 11930 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11929 11930 11931 12097 12098 12099 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 12098 12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 12098 12099 5032189 5032199 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032199 5031377 10729 10735 Yes Security Update 10.0.10240.20308 https://support.microsoft.com/help/5032199 10729 10735 5032199 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 10852 10853 10816 10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 10852 10853 10816 10855 5032197 OUYANG FEI 1.0 2023-11-14T08:00:00 <p>Information published.</p> Windows User Interface Application Core Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Tablet Windows User Interface Microsoft Yes CVE-2023-36393 Untrusted Search Path 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11929 11930 11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 11929 11930 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11929 11930 11931 12097 12098 12099 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 12098 12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 12098 12099 5032189 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 5032199 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032199 5031377 10729 10735 Yes Security Update 10.0.10240.20308 https://support.microsoft.com/help/5032199 10729 10735 5032199 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 10852 10853 10816 10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 10852 10853 10816 10855 5032197 5032254 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032254 5031416 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22367 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032254 5032254 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032248 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032248 9312 10287 9318 9344 Yes Security Only 6.0.6003.22367 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032248 5032248 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032252 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032252 5031408 10051 10049 Yes Monthly Rollup 6.1.7601.26816 https://support.microsoft.com/help/5032252 10051 10049 5032252 5032252 https://support.microsoft.com/help/5032252 10051 10049 5032250 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032250 10051 10049 Yes Security Only 6.1.7601.26816 https://support.microsoft.com/help/5032250 10051 10049 5032250 5032250 https://support.microsoft.com/help/5032250 10051 10049 5032247 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032247 5031442 10378 10379 Yes Monthly Rollup 6.2.9200.24569 https://support.microsoft.com/help/5032247 10378 10379 5032247 5032249 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032249 5031419 10483 10543 Yes Monthly Rollup 6.3.9600.21668 https://support.microsoft.com/help/5032249 10483 10543 5032249 kap0k 1.0 2023-11-14T08:00:00 <p>Information published.</p> DHCP Server Service Denial of Service Vulnerability Windows DHCP Server Microsoft Yes CVE-2023-36392 Buffer Over-read 11571 11572 11923 11924 12244 10816 10855 10378 10379 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 12244 Denial of Service 10816 Denial of Service 10855 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12244 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 10816 10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 10816 10855 5032197 5032247 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032247 5031442 10378 10379 Yes Monthly Rollup 6.2.9200.24569 https://support.microsoft.com/help/5032247 10378 10379 5032247 5032249 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032249 5031419 10483 10543 Yes Monthly Rollup 6.3.9600.21668 https://support.microsoft.com/help/5032249 10483 10543 5032249 YanZiShuang@BigCJTeam of cyberkl 1.0 2023-11-14T08:00:00 <p>Information published.</p> Windows Authentication Denial of Service Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability does not impact confidentiality (C:N) but has major impact on integrity (I:H) and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability cannot access existing files (C:N) but can write or overwrite file contents (I:H), which potentially may cause the system to become unavailable (A:H).</p> Windows Authentication Methods Microsoft Yes CVE-2023-36046 Improper Link Resolution Before File Access ('Link Following') 11926 11927 12085 12086 12242 12243 12244 Denial of Service 11926 Denial of Service 11927 Denial of Service 12085 Denial of Service 12086 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Important 11926 Important 11927 Important 12085 Important 12086 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11926 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11927 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12085 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12086 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12242 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12243 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12244 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities &amp; Mitigations 1.0 2023-11-14T08:00:00 <p>Information published.</p> Windows Authentication Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Authentication Methods Microsoft Yes CVE-2023-36047 Improper Link Resolution Before File Access ('Link Following') 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11929 11930 11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 11929 11930 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11929 11930 11931 12097 12098 12099 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 12098 12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 12098 12099 5032189 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 <a href="https://twitter.com/filip_dragovic">Filip Dragović</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> Mitre: CVE-2023-24023 Bluetooth Vulnerability <p>Microsoft is aware of the Bluetooth Forward and Future Secrecy Attacks and Defenses (BLUFFS) vulnerability. For more information regarding the vulnerability, please see <a href="https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/">this statement</a> from the Bluetooth SIG.</p> <p>To address the vulnerability, Microsoft has released a software update that enforces the use of BR/EDR Secure Connections defined encryption and authentication algorithms for Bluetooth pairings that have used BR/EDR Secure Connections. If a paired device used BR/EDR Secure Connection at some point, Windows will enforce all subsequent BR/EDR connections to use BR/EDR Secure Connections.</p> <p>As defined by the BR/EDR Secure Connections protocol, the new BR/EDR Secure Connections algorithms will only be used when the local system and the remote paired device both support BR/EDR Secure Connections. Connections between the local system and the remote paired device will remain vulnerable if either the local system or the remote paired device never declare support for BR/EDR Secure Connections during encryption or authentication..</p> <p>Additionally, it is advised to increase the minimum encryption key size as described in <a href="https://support.microsoft.com/en-us/topic/windows-guidance-for-bluetooth-key-length-enforcement-1b80c5b9-ddc1-31c7-1c3e-78e07c4fe877">Windows guidance for Bluetooth key length enforcement</a>. Increasing the minimum encryption key size does not require support for BR/EDR Secure Connections.</p> <p><strong>Why is the MITRE Corporation the assigning CNA (CVE Numbering Authority)?</strong></p> <p><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24023">CVE-2023-24023</a> is regarding a vulnerability reported to the Bluetooth Special Interest Group (Bluetooth SIG). MITRE assigned this CVE number on behalf of the Bluetooth organization <a href="https://www.bluetooth.com/about-us/vision/">https://www.bluetooth.com/about-us/vision/</a>.</p> <p>For more information, please see this <a href="https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/">statement</a> from the Bluetooth SIG.</p> Microsoft Bluetooth Driver Mitre Yes CVE-2023-24023 Inadequate Encryption Strength 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Spoofing 11568 Spoofing 11569 Spoofing 11570 Spoofing 11571 Spoofing 11572 Spoofing 11923 Spoofing 11924 Spoofing 11926 Spoofing 11927 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 12085 Spoofing 12086 Spoofing 12097 Spoofing 12098 Spoofing 12099 Spoofing 12242 Spoofing 12243 Spoofing 12244 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11929 11930 11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 11929 11930 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11929 11930 11931 12097 12098 12099 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 12098 12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 12098 12099 5032189 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 <a href="https://francozappa.github.io/">Daniele Antonioli</a> an assistant professor at <a href="https://www.eurecom.fr/">EURECOM</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> 1.1 2024-01-18T08:00:00 <p>The software update Microsoft released to address this vulnerability enforces the use of BR/EDR Secure Connections defined encryption and authentication algorithms for Bluetooth pairings that have used BR/EDR Secure Connections. For more information see the Executive Summary section. This is an informational change only.</p> Microsoft Exchange Server Spoofing Vulnerability <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker could exploit this vulnerability with LAN access.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?</strong></p> <p>Yes, the attacker must be authenticated with LAN-access and have credentials for a valid Exchange user.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by leveraging the known (Type 4) UnitySerializationHolder gadget through a deserialization of untrusted data. Exploitation of this vulnerability requires that a user gain LAN-access as well as obtain credentials for a valid Exchange user.</p> Microsoft Exchange Server Microsoft Yes CVE-2023-36050 Deserialization of Untrusted Data 12038 12039 12191 Spoofing 12038 Spoofing 12039 Spoofing 12191 Important 12038 Important 12039 Important 12191 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12038 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12191 5032146 https://www.microsoft.com/download/details.aspx?familyid=1341ffc6-c9ca-49b0-a560-16c0e6a914cd 5030877 12038 Yes Security Update 15.02.1118.040 https://support.microsoft.com/help/5032146 12038 5032146 5032146 https://support.microsoft.com/help/5032146 12038 12191 5032147 https://www.microsoft.com/download/details.aspx?familyid=f15bf797-0ac3-4bff-9483-d8afeef5bdfc 5030877 12039 Yes Security Update 15.01.2507.035 https://support.microsoft.com/help/5032147 12039 5032147 5032147 https://support.microsoft.com/help/5032147 12039 5032146 https://www.microsoft.com/download/details.aspx?familyid=abd1dd17-c0c1-434f-8929-5f129956700d 5030877 12191 Yes Security Update 15.02.1258.028 https://support.microsoft.com/help/5032146 12191 5032146 <a href="https://twitter.com/thezdi">Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> Microsoft Exchange Server Spoofing Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker could achieve exploitation by using a PowerShell remoting session to the server.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker could exploit this vulnerability with LAN access.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H) and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could access a user's Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?</strong></p> <p>Yes, the attacker must be authenticated with LAN-access and have credentials for a valid Exchange user.</p> Microsoft Exchange Server Microsoft Yes CVE-2023-36039 Deserialization of Untrusted Data 12039 12038 12191 Spoofing 12039 Spoofing 12038 Spoofing 12191 Important 12039 Important 12038 Important 12191 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12038 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12191 5032147 https://www.microsoft.com/download/details.aspx?familyid=f15bf797-0ac3-4bff-9483-d8afeef5bdfc 5030877 12039 Yes Security Update 15.01.2507.035 https://support.microsoft.com/help/5032147 12039 5032147 5032147 https://support.microsoft.com/help/5032147 12039 5032146 https://www.microsoft.com/download/details.aspx?familyid=1341ffc6-c9ca-49b0-a560-16c0e6a914cd 5030877 12038 Yes Security Update 15.02.1118.040 https://support.microsoft.com/help/5032146 12038 5032146 5032146 https://support.microsoft.com/help/5032146 12038 12191 5032146 https://www.microsoft.com/download/details.aspx?familyid=abd1dd17-c0c1-434f-8929-5f129956700d 5030877 12191 Yes Security Update 15.02.1258.028 https://support.microsoft.com/help/5032146 12191 5032146 Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative 1.0 2023-11-14T08:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.</p> Microsoft Office Excel Microsoft Yes CVE-2023-36041 Use After Free 11573 11574 11762 11763 11951 11952 11953 10739 10740 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 10739 Remote Code Execution 10740 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Maybe Security Update 16.79.23111019 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Release Notes 5002518 https://www.microsoft.com/download/details.aspx?familyid=008cec1e-d63f-44b1-86ca-28a8c884c6cd 10739 Maybe Security Update 16.0.5422.1000 https://support.microsoft.com/help/5002518 10739 5002518 5002518 https://www.microsoft.com/download/details.aspx?familyid=003f87de-8a7a-439d-905a-b534440265bb 10740 Maybe Security Update 16.0.5422.1000 https://support.microsoft.com/help/5002518 10740 5002518 Marcin "Icewall" Noga of <a href="https://www.talosintelligence.com/vulnerability_reports">Cisco Talos</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> Visual Studio Denial of Service Vulnerability Visual Studio Microsoft Yes CVE-2023-36042 Heap-based Buffer Overflow 12187 12222 12079-11923 12079-11924 12079-11926 12079-11927 12079-11929 12079-11930 12079-11931 12079-12085 12079-12086 12079-12097 12079-12098 12079-12099 12079-12242 12079-12243 12079-12244 Denial of Service 12187 Denial of Service 12222 Denial of Service 12079-11923 Denial of Service 12079-11924 Denial of Service 12079-11926 Denial of Service 12079-11927 Denial of Service 12079-11929 Denial of Service 12079-11930 Denial of Service 12079-11931 Denial of Service 12079-12085 Denial of Service 12079-12086 Denial of Service 12079-12097 Denial of Service 12079-12098 Denial of Service 12079-12099 Denial of Service 12079-12242 Denial of Service 12079-12243 Denial of Service 12079-12244 Important 12187 Important 12222 Important 12079-11923 Important 12079-11924 Important 12079-11926 Important 12079-11927 Important 12079-11929 Important 12079-11930 Important 12079-11931 Important 12079-12085 Important 12079-12086 Important 12079-12097 Important 12079-12098 Important 12079-12099 Important 12079-12242 Important 12079-12243 Important 12079-12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12187 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12222 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-11923 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-11924 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-11926 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-11927 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-11929 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-11930 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-11931 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-12085 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-12086 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-12097 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-12098 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-12099 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-12242 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-12243 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-12244 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.10 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.7 12222 Maybe Security Update 17.7.7 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12222 Release Notes 5034272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033922 12079-11923 12079-11924 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5034272 12079-11923 12079-11924 5034272 5034276 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033919 12079-11926 12079-11927 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5034276 12079-11926 12079-11927 5034276 5034274 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033918 12079-11929 12079-11930 12079-11931 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5034274 12079-11929 12079-11930 12079-11931 5034274 5033920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033920 12079-12085 12079-12086 12079-12242 12079-12243 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5033920 12079-12085 12079-12086 12079-12242 12079-12243 5033920 5034275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033918 12079-12097 12079-12098 12079-12099 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5034275 12079-12097 12079-12098 12079-12099 5034275 5033917 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033917 12079-12244 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5033917 12079-12244 5033917 Anonymous 1.0 2023-11-14T08:00:00 <p>Information published.</p> 2.0 2024-01-09T08:00:00 <p>In the Security Updates table, added .NET Framework 3.5 and 4.8.1 installed on all supported versions of the following: Windows 10 version 21H2, Windows 10 version 22H2, Windows Server 2022, Windows 11 version 21H2, Windows 11 version 22H2, Windows 11 version 23H2, and Windows Server Windows Server 2022, 23H2 Edition (Server Core installation) as .NET Framework 4.8.1 is affected by this vulnerability. Microsoft recommends that customers install the January 2024 updates to be fully protected from this vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> Microsoft Office Graphics Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Microsoft Office Microsoft Yes CVE-2023-36045 Untrusted Pointer Dereference 11573 11574 11762 11763 11951 11952 11953 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Maybe Security Update 16.79.23111019 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Release Notes HAO LI of VenusTech ADLab Anonymous working with Trend Micro Zero Day Initiative 1.0 2023-11-14T08:00:00 <p>Information published.</p> Microsoft Excel Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>Opening a malicious file could bypass the Microsoft Office Trust Center external links check. External links can include Dynamic Data Exchange (DDE) and/or references to other workbooks. See <a href="https://msrc-cases.corp.microsoft.com/main.aspx?app=d365default&amp;forceUCI=1&amp;pagetype=entityrecord&amp;etn=msrc_article&amp;id=369deee9-9d6e-ee11-9364-000d3afbc7d7">Block or unblock external content in Office documents - Microsoft Support</a> for descriptions of related Trust Center settings.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.</p> Microsoft Office Excel Microsoft Yes CVE-2023-36037 11573 11574 11762 11763 11951 11952 11953 10739 10740 Security Feature Bypass 11573 Security Feature Bypass 11574 Security Feature Bypass 11762 Security Feature Bypass 11763 Security Feature Bypass 11951 Security Feature Bypass 11952 Security Feature Bypass 11953 Security Feature Bypass 10739 Security Feature Bypass 10740 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Maybe Security Update 16.79.23111019 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Release Notes 5002518 https://www.microsoft.com/download/details.aspx?familyid=008cec1e-d63f-44b1-86ca-28a8c884c6cd 10739 Maybe Security Update 16.0.5422.1000 https://support.microsoft.com/help/5002518 10739 5002518 5002518 https://www.microsoft.com/download/details.aspx?familyid=003f87de-8a7a-439d-905a-b534440265bb 10740 Maybe Security Update 16.0.5422.1000 https://support.microsoft.com/help/5002518 10740 5002518 Nathan Shomber of Microsoft 1.0 2023-11-14T08:00:00 <p>Information published.</p> Microsoft Exchange Server Spoofing Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H) and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could access a user's Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?</strong></p> <p>Yes, the attacker must be authenticated with LAN-access and have credentials for a valid Exchange user.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker could achieve exploitation by using a PowerShell remoting session to the server.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker could exploit this vulnerability with LAN access.</p> Microsoft Exchange Server Microsoft Yes CVE-2023-36035 Deserialization of Untrusted Data 12039 12038 12191 Spoofing 12039 Spoofing 12038 Spoofing 12191 Important 12039 Important 12038 Important 12191 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12038 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12191 5032147 https://www.microsoft.com/download/details.aspx?familyid=f15bf797-0ac3-4bff-9483-d8afeef5bdfc 5030877 12039 Yes Security Update 15.01.2507.035 https://support.microsoft.com/help/5032147 12039 5032147 5032147 https://support.microsoft.com/help/5032147 12039 5032146 https://www.microsoft.com/download/details.aspx?familyid=1341ffc6-c9ca-49b0-a560-16c0e6a914cd 5030877 12038 Yes Security Update 15.02.1118.040 https://support.microsoft.com/help/5032146 12038 5032146 5032146 https://support.microsoft.com/help/5032146 12038 12191 5032146 https://www.microsoft.com/download/details.aspx?familyid=abd1dd17-c0c1-434f-8929-5f129956700d 5030877 12191 Yes Security Update 15.02.1258.028 https://support.microsoft.com/help/5032146 12191 5032146 Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative Anna @little_pwner and @Voorivex Academy 1.0 2023-11-14T08:00:00 <p>Information published.</p> 1.1 2023-12-04T08:00:00 <p>Added an acknowledgement. This is an informational change only.</p> Microsoft Edge (Chromium-based) Spoofing Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>119.0.2151.44</td> <td>11/02/2023</td> <td>119.0.6045.105/.106</td> </tr> <tr> <td>Extended Stable</td> <td>118.0.2088.88</td> <td>11/02/2023</td> <td>118.0.5993.129</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-36029 11815 Spoofing 11815 Moderate 11815 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:T/RC:C 11815 Release Notes 11815 No Security Update 118.0.2088.88 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11815 Release Notes <a href="https://www.linkedin.com/in/hafiizh-7aa6bb31/">Hafiizh</a> with https://www.linkedin.com/in/hafiizh-7aa6bb31/ 1.0 2023-11-02T07:00:00 <p>Information published.</p> Microsoft Dynamics 365 Sales Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would need to click on a specially crafted URL that could present a popup box requesting additional user input.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Limited information from the victim's browser associated with the vulnerable URL can be sent to the attacker by the malicious code.</p> Microsoft Dynamics 365 Sales Microsoft Yes CVE-2023-36030 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11921 11664 Spoofing 11921 Spoofing 11664 Important 11921 Important 11664 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11921 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11664 5032297 https://www.microsoft.com/en-us/download/details.aspx?id=105717 11921 Maybe Security Update 9.1.23.10 https://support.microsoft.com/help/5032297 11921 5032297 5032298 https://www.microsoft.com/en-us/download/details.aspx?id=105716 11664 Maybe Security Update 9.0.51.06 https://support.microsoft.com/help/5032298 11664 5032298 <a href="https://www.linkedin.com/in/leecybersec/">NGO VAN TU (@tusnj)</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Microsoft Dynamics Microsoft Yes CVE-2023-36031 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11921 Spoofing 11921 Important 11921 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11921 5032297 https://www.microsoft.com/en-us/download/details.aspx?id=105717 11921 Maybe Security Update 9.1.23.10 https://support.microsoft.com/help/5032297 11921 5032297 <a href="https://batr.am/">batram</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> Windows DWM Core Library Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows DWM Core Library Microsoft Yes CVE-2023-36033 Untrusted Pointer Dereference 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:Yes;Exploited:Yes;Latest Software Release:Exploitation Detected 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11923 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11924 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11926 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11927 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11929 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11930 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11931 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12085 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12086 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12097 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12098 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12099 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12242 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12243 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12244 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11929 11930 11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 11929 11930 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11929 11930 11931 12097 12098 12099 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 12098 12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 12098 12099 5032189 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 <a href="https://twitter.com/jq0904">Quan Jin(@jq0904)</a> with <a href="https://www.dbappsecurity.com.cn/product/cloud250.html">DBAPPSecurity WeBin Lab</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass certificate validation mechanisms and provide arbitrary certificates that do not have proper signatures.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), privilege required is low (PR:L) and user interaction is required (UI:R). How could an attacker exploit this security feature bypass vulnerability?</strong></p> <p>A security feature bypass vulnerability exists when On-Prem Data Gateway does not perform certificate validation logic correctly and impacts the reliability of the backend infrastructure's workflow. An authenticated attacker with normal user privileges, via network connection or web request, could provide the workflow with an arbitrary untrusted certificate, with an arbitrary common name, which does not have proper signature.</p> Azure Microsoft Yes CVE-2023-36021 Improper Input Validation 12258 Security Feature Bypass 12258 Important 12258 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12258 Download Guidance https://www.microsoft.com/en-in/download/details.aspx?id=53127 12258 Maybe Security Update 3000.198.9 https://learn.microsoft.com/en-us/data-integration/gateway/service-gateway-update 12258 Download Guidance Stav Nir 1.0 2023-11-14T08:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability?</strong></p> <p>The performance can be interrupted and/or reduced, but the attacker cannot fully deny service.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L). What does that mean for this vulnerability?</strong></p> <p>The attacker who successfully exploited the vulnerability could have limited ability to perform code execution.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>119.0.2151.44</td> <td>11/02/2023</td> <td>119.0.6045.105/.106</td> </tr> <tr> <td>Extended Stable</td> <td>118.0.2088.88</td> <td>11/02/2023</td> <td>118.0.5993.129</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-36022 11655 12142 Remote Code Execution 11655 Remote Code Execution 12142 Moderate 11655 Moderate 12142 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 6.6 5.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C 11655 6.6 5.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C 12142 Release Notes 11655 No Security Update 119.0.2151.44 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Release Notes 12142 No Security Update 118.0.2088.88 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 12142 Release Notes HAO LI of VenusTech ADLab 1.0 2023-11-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5480 Inappropriate implementation in Payments <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>119.0.2151.44</td> <td>11/02/2023</td> <td>119.0.6045.105/.106</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5480 11655 11655 11655 Release Notes 11655 No Security Update 119.0.2151.44 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-11-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5482 Insufficient data validation in USB <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>119.0.2151.44</td> <td>11/02/2023</td> <td>119.0.6045.105/.106</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5482 11655 11655 11655 Release Notes 11655 No Security Update 119.0.2151.44 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-11-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5849 Integer overflow in USB <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>119.0.2151.44</td> <td>11/02/2023</td> <td>119.0.6045.105/.106</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5849 11655 11655 11655 Release Notes 11655 No Security Update 119.0.2151.44 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-11-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5850 Incorrect security UI in Downloads <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>119.0.2151.44</td> <td>11/02/2023</td> <td>119.0.6045.105/.106</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5850 11655 11655 11655 Release Notes 11655 No Security Update 119.0.2151.44 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-11-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5851 Inappropriate implementation in Downloads <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>119.0.2151.44</td> <td>11/02/2023</td> <td>119.0.6045.105/.106</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5851 11655 11655 11655 Release Notes 11655 No Security Update 119.0.2151.44 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-11-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5852 Use after free in Printing <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>119.0.2151.44</td> <td>11/02/2023</td> <td>119.0.6045.105/.106</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5852 11655 11655 11655 Release Notes 11655 No Security Update 119.0.2151.44 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-11-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5853 Incorrect security UI in Downloads <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>119.0.2151.44</td> <td>11/02/2023</td> <td>119.0.6045.105/.106</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5853 11655 11655 11655 Release Notes 11655 No Security Update 119.0.2151.44 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-11-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5854 Use after free in Profiles <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>119.0.2151.44</td> <td>11/02/2023</td> <td>119.0.6045.105/.106</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5854 11655 11655 11655 Release Notes 11655 No Security Update 119.0.2151.44 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-11-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5855 Use after free in Reading Mode <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>119.0.2151.44</td> <td>11/02/2023</td> <td>119.0.6045.105/.106</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5855 11655 11655 11655 Release Notes 11655 No Security Update 119.0.2151.44 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-11-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5856 Use after free in Side Panel <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>119.0.2151.44</td> <td>11/02/2023</td> <td>119.0.6045.105/.106</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5856 11655 11655 11655 Release Notes 11655 No Security Update 119.0.2151.44 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-11-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5857 Inappropriate implementation in Downloads <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>119.0.2151.44</td> <td>11/02/2023</td> <td>119.0.6045.105/.106</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5857 11655 11655 11655 Release Notes 11655 No Security Update 119.0.2151.44 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-11-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5858 Inappropriate implementation in WebApp Provider <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>119.0.2151.44</td> <td>11/02/2023</td> <td>119.0.6045.105/.106</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5858 11655 11655 11655 Release Notes 11655 No Security Update 119.0.2151.44 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-11-02T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5859 Incorrect security UI in Picture In Picture <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>119.0.2151.44</td> <td>11/02/2023</td> <td>119.0.6045.105/.106</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5859 11655 11655 11655 Release Notes 11655 No Security Update 119.0.2151.44 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-11-02T07:00:00 <p>Information published.</p> Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could attack a Microsoft Protected Extensible Authentication Protocol (PEAP) Server by sending specially crafted malicious PEAP packets over the network.</p> Windows Protected EAP (PEAP) Microsoft Yes CVE-2023-36028 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11929 11930 11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 11929 11930 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11929 11930 11931 12097 12098 12099 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 12098 12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 12098 12099 5032189 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 5032199 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032199 5031377 10729 10735 Yes Security Update 10.0.10240.20308 https://support.microsoft.com/help/5032199 10729 10735 5032199 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 10852 10853 10816 10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 10852 10853 10816 10855 5032197 <p>Microsoft Protected Extensible Authentication Protocol (PEAP) is only negotiated with the client if NPS is running on the Windows Server and has a network policy configured that allows PEAP. To stop using PEAP, customers should ensure that PEAP Type is not configured as an allowed EAP type in their network policy. To learn more, please see<a href="https://learn.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/wireless/e-wireless-access-deployment#bkmk_configureprofile"> Configure the New Wireless Network Policy</a> and <a href="https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-np-configure">Configure Network Policies</a></p> <a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> Windows SmartScreen Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>The attacker would be able to bypass Windows Defender SmartScreen checks and their associated prompts.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted Internet Shortcut (.URL) or a hyperlink pointing to an Internet Shortcut file to be compromised by the attacker.</p> Windows SmartScreen Microsoft Yes CVE-2023-36025 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 9312 Security Feature Bypass 10287 Security Feature Bypass 9318 Security Feature Bypass 9344 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:Yes;Exploited:Yes;Latest Software Release:Exploitation Detected 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11568 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11569 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11570 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11571 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11572 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11923 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11924 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11926 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11927 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11929 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11930 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11931 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12085 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12086 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12097 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12098 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12099 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12242 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12243 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12244 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10729 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10735 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10852 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10853 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10816 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10855 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9312 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10287 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9318 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9344 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10051 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10049 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10378 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10379 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10483 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10543 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11929 11930 11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 11929 11930 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11929 11930 11931 12097 12098 12099 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 12098 12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 12098 12099 5032189 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 5032199 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032199 5031377 10729 10735 Yes Security Update 10.0.10240.20308 https://support.microsoft.com/help/5032199 10729 10735 5032199 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 10852 10853 10816 10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 10852 10853 10816 10855 5032197 5032254 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032254 5031416 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22367 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032254 5032254 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032248 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032248 9312 10287 9318 9344 Yes Security Only 6.0.6003.22367 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032248 5032248 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032252 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032252 5031408 10051 10049 Yes Monthly Rollup 6.1.7601.26816 https://support.microsoft.com/help/5032252 10051 10049 5032252 5032252 https://support.microsoft.com/help/5032252 10051 10049 5032250 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032250 10051 10049 Yes Security Only 6.1.7601.26816 https://support.microsoft.com/help/5032250 10051 10049 5032250 5032250 https://support.microsoft.com/help/5032250 10051 10049 5032247 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032247 5031442 10378 10379 Yes Monthly Rollup 6.2.9200.24569 https://support.microsoft.com/help/5032247 10378 10379 5032247 5032249 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032249 5031419 10483 10543 Yes Monthly Rollup 6.3.9600.21668 https://support.microsoft.com/help/5032249 10483 10543 5032249 Will Metcalf (Splunk), Microsoft Threat Intelligence, Microsoft Office Product Group Security Team 1.0 2023-11-14T08:00:00 <p>Information published.</p> 1.1 2023-11-22T08:00:00 <p>For informational accuracy, updated the Publicly Disclosed information.</p> Microsoft Windows Defender Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <table> <thead> <tr> <th>References</th> <th>Identification</th> </tr> </thead> <tbody> <tr> <td>Last version of the Windows Defender Antimalware Platform affected by this vulnerability</td> <td>Version 4.18.23070.1004</td> </tr> <tr> <td>First version of the Windows Defender Antimalware Platform with this vulnerability addressed</td> <td>Version 4.18.23100.2009</td> </tr> </tbody> </table> <p>See <a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus">Manage Updates Baselines Microsoft Defender Antivirus</a> for more information.</p> <p><strong>Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue?</strong></p> <p>Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state.</p> <p><strong>Why is no action required to install this update?</strong></p> <p>In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Windows Defender Antimalware Platform. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.</p> <p>For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Windows Defender Antimalware Platform are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.</p> <p>Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Windows Defender Antimalware Platform updates and malware definitions, is working as expected in their environment.</p> <p><strong>How often are the Windows Defender Antimalware Platform and malware definitions updated?</strong></p> <p>Microsoft typically releases an update for the Windows Defender Antimalware Platform once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed.</p> <p>Depending on which Microsoft antimalware software is used and how it is configured, the software may search for platform, engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time.</p> <p><strong>What is the Windows Defender Antimalware Platform?</strong></p> <p>The Windows Defender Antimalware Platform is a collection of user-mode binaries (e.g. MsMpEng.exe) and kernel-mode drivers that run on top of Windows to keep devices protected against new and prevalent threats.</p> <p><strong>Windows Defender uses the Windows Defender Antimalware Platform. On which products is Defender installed and active by default?</strong></p> <p>Defender runs on all supported versions of Windows.</p> <p><strong>Are there other products that use the Windows Defender Antimalware Platform?</strong></p> <p>Yes, Microsoft System Center Endpoint Protection, Microsoft System Center 2012 R2 Endpoint Protection, Microsoft System Center 2012 Endpoint Protection and Microsoft Security Essentials.</p> <p><strong>Does this update contain any additional security-related changes to functionality?</strong></p> <p>Yes.  In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features.</p> <h2 id="suggested-actions">Suggested Actions</h2> <p><strong>Verify that the update is installed</strong></p> <p>Customers should verify that the latest version of the Microsoft Malware Protection Platform and definition updates are being actively downloaded and installed for their Microsoft antimalware products.</p> <ol> <li>Open the Windows Security program. For example, type Security in the Search bar, and select the Windows Security program.</li> <li>In the navigation pane, select Virus &amp; threat protection.</li> <li>Under Virus &amp; threat protection updates in the main window, select Check for updates.</li> <li>Select Check for updates again.</li> <li>In the navigation pane, select Settings, and then select About.</li> <li>Examine the Platform Version number. The update was successfully installed if the Malware Protection Platform version number or the signature package version number matches or exceeds the version number that you are trying to verify as installed.</li> </ol> Windows Defender Microsoft Yes CVE-2023-36422 Untrusted Search Path 11744 Elevation of Privilege 11744 Important 11744 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11744 Release Notes 11744 Maybe Security Update 4.18.23100.2009 https://www.microsoft.com/en-us/wdsi/defenderupdates 11744 Release Notes <a href="https://www.linkedin.com/in/sascha-meyer-7656201a8/">Sascha Meyer</a> with <a href="https://gai-netconsult.de/index.php">GAI NetConsult GmbH</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to already have admin or high privilege access to a security group within the tenant.</p> Microsoft Dynamics Microsoft Yes CVE-2023-36016 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11664 11921 Spoofing 11664 Spoofing 11921 Important 11664 Important 11921 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.2 5.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11664 6.2 5.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11921 5032298 https://www.microsoft.com/en-us/download/details.aspx?id=105716 11664 Maybe Security Update 9.0.51.06 https://support.microsoft.com/help/5032298 11664 5032298 5032297 https://www.microsoft.com/en-us/download/details.aspx?id=105717 11921 Maybe Security Update 9.1.23.10 https://support.microsoft.com/help/5032297 11921 5032297 <a href="https://www.linkedin.com/in/adrian-daniel-bacanu-4297734b/">Adrian-Daniel Bacanu</a> with <a href="https://razdon.com/">Razdon</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> Visual Studio Code Jupyter Extension Spoofing Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.</p> Visual Studio Code Microsoft Yes CVE-2023-36018 Exposure of Private Personal Information to an Unauthorized Actor 12094 Spoofing 12094 Important 12094 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12094 Release Notes https://marketplace.visualstudio.com/items?itemName=ms-toolsai.jupyter 12094 Maybe Security Update 2023.10.1100000000 https://marketplace.visualstudio.com/items/ms-toolsai.jupyter/changelog 12094 Release Notes Ben Ta Panayiotis Gavriil 1.0 2023-11-14T08:00:00 <p>Information published.</p> 1.1 2024-01-18T08:00:00 <p>Added acknowledgements. This is an informational change only.</p> Chromium: CVE-2023-5996 Use after free in WebAudio <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>119.0.2151.58</td> <td>11/09/2023</td> <td>119.0.6045.123/.124</td> </tr> <tr> <td>Extended Stable</td> <td>118.0.2088.102</td> <td>11/09/2023</td> <td>118.0.5993.136</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5996 12142 11655 12142 11655 12142 11655 Release Notes 12142 No Security Update 118.0.2088.102 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 12142 Release Notes Release Notes 11655 No Security Update 119.0.2151.58 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-11-09T22:35:37 <p>Information published.</p> Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability?</strong></p> <p>The performance can be interrupted and/or reduced, but the attacker cannot fully deny service.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L). What does that mean for this vulnerability?</strong></p> <p>The attacker who successfully exploited the vulnerability could have limited ability to perform code execution.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>119.0.2151.58</td> <td>11/09/2023</td> <td>119.0.6045.123/.124</td> </tr> <tr> <td>Extended Stable</td> <td>118.0.2088.102</td> <td>11/09/2023</td> <td>118.0.5993.136</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-36014 11655 Remote Code Execution 11655 Moderate 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 119.0.2151.58 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes HAO LI of VenusTech ADLab 1.0 2023-11-09T08:00:00 <p>Information published.</p> PowerShell Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is data inside the targeted website like IDs, tokens, cryptographic nonces, and other sensitive information.</p> Microsoft PowerShell Microsoft Yes CVE-2023-36013 Use of Hard-coded Credentials 11970 12131 12262 Information Disclosure 11970 Information Disclosure 12131 Information Disclosure 12262 Important 11970 Important 12131 Important 12262 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11970 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12131 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12262 Release Notes https://github.com/PowerShell/Announcements/issues/55 11970 Maybe Security Update 7.2.17 https://github.com/PowerShell/Announcements/issues/55 11970 Release Notes Release Notes https://github.com/PowerShell/Announcements/issues/55 12131 Maybe Security Update 7.3.10 https://github.com/PowerShell/Announcements/issues/55 12131 Release Notes Release Notes https://github.com/PowerShell/Announcements/issues/55 12262 Maybe Security Update 7.4.0 https://github.com/PowerShell/Announcements/issues/55 12262 Release Notes <a href="https://www.linkedin.com/in/alex-anders-3b351047/">Alex Anders</a> with <a href="https://www.microsoft.com/">Microsoft</a> <a href="https://www.linkedin.com/in/alex-anders-3b351047/">Alex Anders</a> with <a href="https://www.microsoft.com/">Microsoft</a> 1.0 2023-11-17T08:00:00 <p>Information published.</p> Chromium: CVE-2023-6348 Type Confusion in Spellcheck <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>119.0.2151.97</td> <td>11/29/2023</td> <td>119.0.6045.199/.200</td> </tr> <tr> <td>Extended Stable</td> <td>118.0.2088.122</td> <td>11/29/2023</td> <td>118.0.5993.159</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-6348 11655 11655 11655 Release Notes 11655 No Security Update 119.0.2151.97 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-11-29T18:18:13 <p>Information published.</p> Chromium: CVE-2023-6346 Use after free in WebAudio <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>119.0.2151.97</td> <td>11/29/2023</td> <td>119.0.6045.199/.200</td> </tr> <tr> <td>Extended Stable</td> <td>118.0.2088.122</td> <td>11/29/2023</td> <td>118.0.5993.159</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-6346 11655 11655 11655 Release Notes 11655 No Security Update 119.0.2151.97 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-11-29T18:18:10 <p>Information published.</p> Chromium: CVE-2023-6345 Integer overflow in Skia <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information. Google is aware that an exploit for CVE-2023-6345 exists in the wild.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>119.0.2151.97</td> <td>11/29/2023</td> <td>119.0.6045.199/.200</td> </tr> <tr> <td>Extended Stable</td> <td>118.0.2088.122</td> <td>11/29/2023</td> <td>118.0.5993.159</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-6345 11655 11655 11655 Release Notes 11655 No Security Update 119.0.2151.97 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-11-29T18:18:06 <p>Information published.</p> Chromium: CVE-2023-6347 Use after free in Mojo <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>119.0.2151.97</td> <td>11/29/2023</td> <td>119.0.6045.199/.200</td> </tr> <tr> <td>Extended Stable</td> <td>118.0.2088.122</td> <td>11/29/2023</td> <td>118.0.5993.159</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-6347 11655 11655 11655 Release Notes 11655 No Security Update 119.0.2151.97 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-11-29T18:18:11 <p>Information published.</p> Chromium: CVE-2023-6351 Use after free in libavif <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>119.0.2151.97</td> <td>11/29/2023</td> <td>119.0.6045.199/.200</td> </tr> <tr> <td>Extended Stable</td> <td>118.0.2088.122</td> <td>11/29/2023</td> <td>118.0.5993.159</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-6351 11655 11655 11655 Release Notes 11655 No Security Update 119.0.2151.97 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-11-29T18:18:18 <p>Information published.</p> Chromium: CVE-2023-6350 Out of bounds memory access in libavif <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>119.0.2151.97</td> <td>11/29/2023</td> <td>119.0.6045.199/.200</td> </tr> <tr> <td>Extended Stable</td> <td>118.0.2088.122</td> <td>11/29/2023</td> <td>118.0.5993.159</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-6350 11655 11655 11655 Release Notes 11655 No Security Update 119.0.2151.97 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-11-29T18:18:16 <p>Information published.</p> Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> Microsoft Windows Speech Microsoft Yes CVE-2023-36719 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032304 11923 11924 No SecurityHotpatchUpdate 10.0.20348.2091 https://support.microsoft.com/help/5032304 11923 11924 5032304 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11929 11930 11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 11929 11930 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11929 11930 11931 12097 12098 12099 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 12098 12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 12098 12099 5032189 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12244 5032202 5032199 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032199 5031377 10729 10735 Yes Security Update 10.0.10240.20308 https://support.microsoft.com/help/5032199 10729 10735 5032199 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 10852 10853 10816 10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 10852 10853 10816 10855 5032197 5032254 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032254 5031416 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22367 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032254 5032254 https://support.microsoft.com/help/5032254 9312 10287 9318 9344 5032248 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032248 9312 10287 9318 9344 Yes Security Only 6.0.6003.22367 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032248 5032248 https://support.microsoft.com/help/5032248 9312 10287 9318 9344 5032252 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032252 5031408 10051 10049 Yes Monthly Rollup 6.1.7601.26816 https://support.microsoft.com/help/5032252 10051 10049 5032252 5032252 https://support.microsoft.com/help/5032252 10051 10049 5032250 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032250 10051 10049 Yes Security Only 6.1.7601.26816 https://support.microsoft.com/help/5032250 10051 10049 5032250 5032250 https://support.microsoft.com/help/5032250 10051 10049 5032247 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032247 5031442 10378 10379 Yes Monthly Rollup 6.2.9200.24569 https://support.microsoft.com/help/5032247 10378 10379 5032247 5032249 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032249 5031419 10483 10543 Yes Monthly Rollup 6.3.9600.21668 https://support.microsoft.com/help/5032249 10483 10543 5032249 Marco Bartoli with Microsoft Giulio Candreva with Microsoft 1.0 2023-11-14T08:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-5345 https://nvd.nist.gov/vuln/detail/CVE-2023-5345 https://nvd.nist.gov/vuln/detail/CVE-2023-5345 https://nvd.nist.gov/vuln/detail/CVE-2023-5345 Mariner security@google.com Yes CVE-2023-5345 12139 12140 12139 12140 12139 12140 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 hyperv-daemons 12139 hyperv-daemons-5.15.135.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.135.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.135.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.135.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.135.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.135.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.135.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.135.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-5345 12139 hyperv-daemons kernel 12139 kernel-5.15.135.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.135.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.135.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.135.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.135.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.135.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.135.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.135.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.135.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.135.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.135.1-2 https://nvd.nist.gov/vuln/detail/CVE-2023-5345 12139 kernel hyperv-daemons 12140 hyperv-daemons-5.15.135.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.135.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.135.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.135.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.135.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.135.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.135.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.135.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-5345 12140 hyperv-daemons kernel 12140 kernel-5.15.135.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.135.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.135.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.135.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.135.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.135.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.135.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.135.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.135.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.135.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.135.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.135.1-2 https://nvd.nist.gov/vuln/detail/CVE-2023-5345 12140 kernel 1.0 2023-10-11T00:00:00 <p>Information published.</p> 1.1 2023-11-01T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0</p> https://nvd.nist.gov/vuln/detail/CVE-2023-34059 https://nvd.nist.gov/vuln/detail/CVE-2023-34059 Mariner security@vmware.com Yes CVE-2023-34059 12139 12140 12139 12140 12139 12140 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 open-vm-tools 12139 open-vm-tools-11.3.0-3.cm2.x86_64.rpm 0001-01-01T00:00:00 open-vm-tools-sdmp-11.3.0-3.cm2.x86_64.rpm 0001-01-01T00:00:00 open-vm-tools-devel-11.3.0-3.cm2.x86_64.rpm 0001-01-01T00:00:00 open-vm-tools-test-11.3.0-3.cm2.x86_64.rpm 0001-01-01T00:00:00 open-vm-tools-debuginfo-11.3.0-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 11.3.0-3 https://nvd.nist.gov/vuln/detail/CVE-2023-34059 12139 open-vm-tools open-vm-tools 12140 CBL-Mariner 11.3.0-3 https://nvd.nist.gov/vuln/detail/CVE-2023-34059 12140 open-vm-tools 1.0 2023-11-01T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-46316 https://nvd.nist.gov/vuln/detail/CVE-2023-46316 Mariner cve@mitre.org Yes CVE-2023-46316 12139 12140 12139 12140 12139 12140 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 traceroute 12139 traceroute-2.1.3-1.cm2.x86_64.rpm 0001-01-01T00:00:00 traceroute-debuginfo-2.1.3-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.1.3-1 https://nvd.nist.gov/vuln/detail/CVE-2023-46316 12139 traceroute traceroute 12140 traceroute-2.1.3-1.cm2.aarch64.rpm 0001-01-01T00:00:00 traceroute-debuginfo-2.1.3-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.1.3-1 https://nvd.nist.gov/vuln/detail/CVE-2023-46316 12140 traceroute 1.0 2023-11-02T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2020-14343 https://nvd.nist.gov/vuln/detail/CVE-2020-14343 Mariner secalert@redhat.com Yes CVE-2020-14343 12139 12140 12139 12140 12139 12140 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 PyYAML 12139 PyYAML-5.4.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 PyYAML-debuginfo-5.4.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.4.1-1 https://nvd.nist.gov/vuln/detail/CVE-2020-14343 12139 PyYAML PyYAML 12140 PyYAML-5.4.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 PyYAML-debuginfo-5.4.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.4.1-1 https://nvd.nist.gov/vuln/detail/CVE-2020-14343 12140 PyYAML 1.0 2023-11-07T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2020-1747 https://nvd.nist.gov/vuln/detail/CVE-2020-1747 Mariner Red Hat Yes CVE-2020-1747 12139 12140 12139 12140 12139 12140 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 PyYAML 12139 PyYAML-5.4.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 PyYAML-debuginfo-5.4.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.4.1-1 https://nvd.nist.gov/vuln/detail/CVE-2020-1747 12139 PyYAML PyYAML 12140 PyYAML-5.4.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 PyYAML-debuginfo-5.4.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.4.1-1 https://nvd.nist.gov/vuln/detail/CVE-2020-1747 12140 PyYAML 1.0 2023-11-07T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-5717 https://nvd.nist.gov/vuln/detail/CVE-2023-5717 https://nvd.nist.gov/vuln/detail/CVE-2023-5717 https://nvd.nist.gov/vuln/detail/CVE-2023-5717 Mariner security@google.com Yes CVE-2023-5717 12139 12140 12139 12140 12139 12140 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 hyperv-daemons 12139 hyperv-daemons-5.15.137.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.137.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.137.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.137.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.137.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.137.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.137.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.137.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-5717 12139 hyperv-daemons kernel 12139 kernel-5.15.137.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.137.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.137.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.137.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.137.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.137.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.137.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.137.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.137.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.137.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.137.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-5717 12139 kernel hyperv-daemons 12140 hyperv-daemons-5.15.137.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.137.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.137.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.137.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.137.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.137.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.137.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.137.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-5717 12140 hyperv-daemons kernel 12140 kernel-5.15.137.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.137.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.137.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.137.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.137.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.137.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.137.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.137.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.137.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.137.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.137.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.137.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-5717 12140 kernel 1.0 2023-11-04T00:00:00 <p>Information published.</p> 1.1 2023-11-08T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0</p> https://nvd.nist.gov/vuln/detail/CVE-2022-28948 https://nvd.nist.gov/vuln/detail/CVE-2022-28948 Mariner cve@mitre.org Yes CVE-2022-28948 12139 12140 12139 12140 12139 12140 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 kured 12139 kured-1.13.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kured-k8s-yaml-1.13.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 1.13.2-1 https://nvd.nist.gov/vuln/detail/CVE-2022-28948 12139 kured kured 12140 kured-1.13.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kured-k8s-yaml-1.13.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 1.13.2-1 https://nvd.nist.gov/vuln/detail/CVE-2022-28948 12140 kured 1.0 2023-11-08T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-27664 https://nvd.nist.gov/vuln/detail/CVE-2022-27664 https://nvd.nist.gov/vuln/detail/CVE-2022-27664 https://nvd.nist.gov/vuln/detail/CVE-2022-27664 Mariner cve@mitre.org Yes CVE-2022-27664 12139 12140 12139 12140 12139 12140 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 golang 12139 golang-1.21.6-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.21.6-1 https://nvd.nist.gov/vuln/detail/CVE-2022-27664 12139 golang kured 12139 kured-1.13.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kured-k8s-yaml-1.13.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 1.13.2-1 https://nvd.nist.gov/vuln/detail/CVE-2022-27664 12139 kured golang 12140 golang-1.21.6-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.21.6-1 https://nvd.nist.gov/vuln/detail/CVE-2022-27664 12140 golang kured 12140 kured-1.13.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kured-k8s-yaml-1.13.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 1.13.2-1 https://nvd.nist.gov/vuln/detail/CVE-2022-27664 12140 kured 1.0 2023-11-08T00:00:00 <p>Information published.</p> 1.1 2022-09-09T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-25891 https://nvd.nist.gov/vuln/detail/CVE-2022-25891 Mariner report@snyk.io Yes CVE-2022-25891 12139 12140 12139 12140 12139 12140 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 kured 12139 kured-1.13.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kured-k8s-yaml-1.13.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 1.13.2-1 https://nvd.nist.gov/vuln/detail/CVE-2022-25891 12139 kured kured 12140 kured-1.13.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kured-k8s-yaml-1.13.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 1.13.2-1 https://nvd.nist.gov/vuln/detail/CVE-2022-25891 12140 kured 1.0 2023-11-08T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-5633 https://nvd.nist.gov/vuln/detail/CVE-2023-5633 Mariner secalert@redhat.com Yes CVE-2023-5633 12139 12140 12139 12140 12139 12140 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 kernel 12139 kernel-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.153.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-5633 12139 kernel kernel 12140 kernel-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.153.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-5633 12140 kernel 1.0 2023-11-03T00:00:00 <p>Information published.</p> ASP.NET Core Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An unauthenticated attacker could bypass validations on Blazor Server forms.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then trigger an event that could exploit the vulnerability to save an invalid state to a database or trigger other unintended actions, depending on what functionality the form provides.</p> ASP.NET Core Microsoft Yes CVE-2023-36558 12009 11968 12130 12051 12260 12129 12187 12222 12233 12256 Security Feature Bypass 12009 Security Feature Bypass 11968 Security Feature Bypass 12130 Security Feature Bypass 12051 Security Feature Bypass 12260 Security Feature Bypass 12129 Security Feature Bypass 12187 Security Feature Bypass 12222 Security Feature Bypass 12233 Security Feature Bypass 12256 Important 12009 Important 11968 Important 12130 Important 12051 Important 12260 Important 12129 Important 12187 Important 12222 Important 12233 Important 12256 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.2 5.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12009 6.2 5.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11968 6.2 5.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12130 6.2 5.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12051 6.2 5.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12260 6.2 5.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12129 6.2 5.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12187 6.2 5.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12222 6.2 5.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12233 6.2 5.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12256 5032883 https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.25 https://support.microsoft.com/help/5032883 12009 5032883 Release Notes https://dotnet.microsoft.com/download/dotnet/6.0 11968 Maybe Security Update 6.0.25 https://github.com/dotnet/announcements/issues/288 11968 Release Notes 5032884 https://dotnet.microsoft.com/en-us/download/dotnet/7.0 12130 Maybe Security Update 7.0.14 https://support.microsoft.com/help/5032884 12130 5032884 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.22 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://dotnet.microsoft.com/en-us/download/dotnet/8.0 12260 Maybe Security Update 8.0.0 https://github.com/dotnet/announcements/issues/288 12260 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.14 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.10 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.7 12222 Maybe Security Update 17.7.7 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12222 Release Notes Release Notes https://dotnet.microsoft.com/download/dotnet/7.0 12233 Maybe Security Update 7.0.14 https://github.com/dotnet/announcements/issues/288 12233 Release Notes Release Notes https://dotnet.microsoft.com/download/dotnet/8.0 12256 Maybe Security Update 8.0.0 https://github.com/dotnet/announcements/issues/TBD 12256 Release Notes 1.2 2024-02-13T08:00:00 <p>Corrected Article links in the Security Updates table. This is an informational change only.</p> 1.0 2023-11-14T08:00:00 <p>Information published.</p> 1.1 2023-11-28T08:00:00 <p>Updated acknowledgment. This is an informational change only.</p> .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability an attacker would have to inject arbitrary commands to the FTP server.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability would be access controls on the server, allowing for read or write abilities.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> .NET Framework Microsoft Yes CVE-2023-36049 Improper Input Validation 12051 12129 12222 12187 12260 12009 12130 12079-12243 12079-12244 12079-12242 11650-10852 11650-10853 11650-10816 11650-10855 11650-10051 11650-10049 11650-10378 11650-10379 11650-10483 11650-10543 11676-11568 11676-11569 11676-11571 11676-11572 11676-11923 11676-11924 11676-11926 11676-11927 11676-11929 11676-11930 11676-11931 11676-12097 11676-12098 11676-12099 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 11723-10852 11723-10853 11723-10816 11723-10855 11863-10051 11863-10049 11863-10378 11863-10379 11863-10483 11863-10543 12079-11923 12079-11924 12079-11926 12079-11927 12079-11929 12079-11930 12079-11931 12079-12085 12079-12086 12079-12097 12079-12098 12079-12099 12115-9312 12115-10287 12115-9318 12115-9344 12135-10729 12135-10735 9292-9312 9292-9318 9195-9312 9195-9318 2472-10378 2472-10379 2472-10483 2472-10543 9495-10051 9495-10049 Elevation of Privilege 12051 Elevation of Privilege 12129 Elevation of Privilege 12222 Elevation of Privilege 12187 Elevation of Privilege 12260 Elevation of Privilege 12009 Elevation of Privilege 12130 Elevation of Privilege 12079-12243 Elevation of Privilege 12079-12244 Elevation of Privilege 12079-12242 Elevation of Privilege 11650-10852 Elevation of Privilege 11650-10853 Elevation of Privilege 11650-10816 Elevation of Privilege 11650-10855 Elevation of Privilege 11650-10051 Elevation of Privilege 11650-10049 Elevation of Privilege 11650-10378 Elevation of Privilege 11650-10379 Elevation of Privilege 11650-10483 Elevation of Privilege 11650-10543 Elevation of Privilege 11676-11568 Elevation of Privilege 11676-11569 Elevation of Privilege 11676-11571 Elevation of Privilege 11676-11572 Elevation of Privilege 11676-11923 Elevation of Privilege 11676-11924 Elevation of Privilege 11676-11926 Elevation of Privilege 11676-11927 Elevation of Privilege 11676-11929 Elevation of Privilege 11676-11930 Elevation of Privilege 11676-11931 Elevation of Privilege 11676-12097 Elevation of Privilege 11676-12098 Elevation of Privilege 11676-12099 Elevation of Privilege 11677-11568 Elevation of Privilege 11677-11569 Elevation of Privilege 11677-11570 Elevation of Privilege 11677-11571 Elevation of Privilege 11677-11572 Elevation of Privilege 11723-10852 Elevation of Privilege 11723-10853 Elevation of Privilege 11723-10816 Elevation of Privilege 11723-10855 Elevation of Privilege 11863-10051 Elevation of Privilege 11863-10049 Elevation of Privilege 11863-10378 Elevation of Privilege 11863-10379 Elevation of Privilege 11863-10483 Elevation of Privilege 11863-10543 Elevation of Privilege 12079-11923 Elevation of Privilege 12079-11924 Elevation of Privilege 12079-11926 Elevation of Privilege 12079-11927 Elevation of Privilege 12079-11929 Elevation of Privilege 12079-11930 Elevation of Privilege 12079-11931 Elevation of Privilege 12079-12085 Elevation of Privilege 12079-12086 Elevation of Privilege 12079-12097 Elevation of Privilege 12079-12098 Elevation of Privilege 12079-12099 Elevation of Privilege 12115-9312 Elevation of Privilege 12115-10287 Elevation of Privilege 12115-9318 Elevation of Privilege 12115-9344 Elevation of Privilege 12135-10729 Elevation of Privilege 12135-10735 Elevation of Privilege 9292-9312 Elevation of Privilege 9292-9318 Elevation of Privilege 9195-9312 Elevation of Privilege 9195-9318 Elevation of Privilege 2472-10378 Elevation of Privilege 2472-10379 Elevation of Privilege 2472-10483 Elevation of Privilege 2472-10543 Elevation of Privilege 9495-10051 Elevation of Privilege 9495-10049 Important 12051 Important 12129 Important 12222 Important 12187 Important 12260 Important 12009 Important 12130 Important 12079-12243 Important 12079-12244 Important 12079-12242 Important 11650-10852 Important 11650-10853 Important 11650-10816 Important 11650-10855 Important 11650-10051 Important 11650-10049 Important 11650-10378 Important 11650-10379 Important 11650-10483 Important 11650-10543 Important 11676-11568 Important 11676-11569 Important 11676-11571 Important 11676-11572 Important 11676-11923 Important 11676-11924 Important 11676-11926 Important 11676-11927 Important 11676-11929 Important 11676-11930 Important 11676-11931 Important 11676-12097 Important 11676-12098 Important 11676-12099 Important 11677-11568 Important 11677-11569 Important 11677-11570 Important 11677-11571 Important 11677-11572 Important 11723-10852 Important 11723-10853 Important 11723-10816 Important 11723-10855 Important 11863-10051 Important 11863-10049 Important 11863-10378 Important 11863-10379 Important 11863-10483 Important 11863-10543 Important 12079-11923 Important 12079-11924 Important 12079-11926 Important 12079-11927 Important 12079-11929 Important 12079-11930 Important 12079-11931 Important 12079-12085 Important 12079-12086 Important 12079-12097 Important 12079-12098 Important 12079-12099 Important 12115-9312 Important 12115-10287 Important 12115-9318 Important 12115-9344 Important 12135-10729 Important 12135-10735 Important 9292-9312 Important 9292-9318 Important 9195-9312 Important 9195-9318 Important 2472-10378 Important 2472-10379 Important 2472-10483 Important 2472-10543 Important 9495-10051 Important 9495-10049 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12051 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12129 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12222 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12187 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12260 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12009 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12130 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12079-12243 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12079-12244 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12079-12242 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11650-10852 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11650-10853 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11650-10816 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11650-10855 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11650-10051 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11650-10049 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11650-10378 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11650-10379 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11650-10483 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11650-10543 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11676-11568 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11676-11569 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11676-11571 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11676-11572 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11676-11923 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11676-11924 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11676-11926 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11676-11927 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11676-11929 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11676-11930 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11676-11931 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11676-12097 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11676-12098 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11676-12099 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11677-11568 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11677-11569 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11677-11570 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11677-11571 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11677-11572 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11723-10852 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11723-10853 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11723-10816 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11723-10855 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11863-10051 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11863-10049 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11863-10378 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11863-10379 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11863-10483 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 11863-10543 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12079-11923 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12079-11924 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12079-11926 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12079-11927 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12079-11929 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12079-11930 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12079-11931 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12079-12085 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12079-12086 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12079-12097 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12079-12098 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12079-12099 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12115-9312 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12115-10287 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12115-9318 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12115-9344 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12135-10729 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 12135-10735 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 9292-9312 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 9292-9318 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 9195-9312 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 9195-9318 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 2472-10378 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 2472-10379 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 2472-10483 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 2472-10543 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 9495-10051 7.6 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C 9495-10049 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.22 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.14 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.7 12222 Maybe Security Update 17.7.7 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12222 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.10 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://dotnet.microsoft.com/en-us/download/dotnet/8.0 12260 Maybe Security Update 8.0.0 https://github.com/dotnet/announcements/issues/287 12260 Release Notes 5032883 https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.25 https://support.microsoft.com/help/5032883 12009 5032883 5032884 https://dotnet.microsoft.com/en-us/download/dotnet/7.0 12130 Maybe Security Update 7.0.14 https://support.microsoft.com/help/5032884 12130 5032884 5032007 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032007 12079-12243 12079-12242 12079-12085 12079-12086 Maybe Security Update 4.8.9206.0 https://support.microsoft.com/help/5032007 12079-12243 12079-12242 12079-12085 12079-12086 5032007 5032004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032004 12079-12244 Maybe Security Update 4.8.9206.0 https://support.microsoft.com/help/5032004 12079-12244 5032004 5031989 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031989 11650-10852 11650-10853 11650-10816 11650-10855 Maybe Security Update 4.8.4682.0 https://support.microsoft.com/help/5031989 11650-10852 11650-10853 11650-10816 11650-10855 5031989 5032341 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031995 11650-10051 11650-10049 Maybe Monthly Rollup 4.8.9206.0 https://support.microsoft.com/help/5032341 11650-10051 11650-10049 5032341 5032185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032010 11650-10051 11650-10049 Maybe Security Only 4.8.9206.0 https://support.microsoft.com/help/5032185 11650-10051 11650-10049 5032185 5032342 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031992 11650-10378 11650-10379 Maybe Monthly Rollup 4.8.4682.0 https://support.microsoft.com/help/5032342 11650-10378 11650-10379 5032342 5032343 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031994 11650-10483 11650-10543 Maybe Monthly Rollup 4.8.4682.0 https://support.microsoft.com/help/5032343 11650-10483 11650-10543 5032343 5032337 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031990 11676-11568 11676-11569 11676-11571 11676-11572 Maybe Security Update 4.8.4682.0 https://support.microsoft.com/help/5032337 11676-11568 11676-11569 11676-11571 11676-11572 5032337 5032336 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031993 11676-11923 11676-11924 Maybe Security Update 4.8.4682.0 https://support.microsoft.com/help/5032336 11676-11923 11676-11924 5032336 5032340 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031991 11676-11926 11676-11927 Maybe Security Update 4.8.4682.0 https://support.microsoft.com/help/5032340 11676-11926 11676-11927 5032340 5032338 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031988 11676-11929 11676-11930 11676-11931 Maybe Security Update 4.8.4682.0 https://support.microsoft.com/help/5032338 11676-11929 11676-11930 11676-11931 5032338 5032339 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031988 11676-12097 11676-12098 11676-12099 Maybe Security Update 4.8.4682.0 https://support.microsoft.com/help/5032339 11676-12097 11676-12098 11676-12099 5032339 5032337 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031984 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 Maybe Security Update 4.7.4076.0 https://support.microsoft.com/help/5032337 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 5032337 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 11723-10852 11723-10853 11723-10816 11723-10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 11723-10852 11723-10853 11723-10816 11723-10855 5032197 5032341 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031987 11863-10051 11863-10049 Maybe Monthly Rollup 4.7.4076.0 https://support.microsoft.com/help/5032341 11863-10051 11863-10049 5032341 5032185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032009 11863-10051 11863-10049 Maybe Security Only 4.7.4076.0 https://support.microsoft.com/help/5032185 11863-10051 11863-10049 5032185 5032342 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031985 11863-10378 11863-10379 Maybe Monthly Rollup 4.7.4076.0 https://support.microsoft.com/help/5032342 11863-10378 11863-10379 5032342 5032343 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031986 11863-10483 11863-10543 Maybe Monthly Rollup 4.7.4076.0 https://support.microsoft.com/help/5032343 11863-10483 11863-10543 5032343 5032336 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032008 12079-11923 12079-11924 Maybe Security Update 4.8.9206.0 https://support.microsoft.com/help/5032336 12079-11923 12079-11924 5032336 5032340 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032006 12079-11926 12079-11927 Maybe Security Update 4.8.9206.0 https://support.microsoft.com/help/5032340 12079-11926 12079-11927 5032340 5032338 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032005 12079-11929 12079-11930 12079-11931 Maybe Security Update 4.8.9206.0 https://support.microsoft.com/help/5032338 12079-11929 12079-11930 12079-11931 5032338 5032339 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032005 12079-12097 12079-12098 12079-12099 Maybe Security Update 4.8.9206.0 https://support.microsoft.com/help/5032339 12079-12097 12079-12098 12079-12099 5032339 5032344 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031987 12115-9312 12115-10287 12115-9318 12115-9344 Maybe Monthly Rollup 4.7.4076.0 https://support.microsoft.com/help/5032344 12115-9312 12115-10287 12115-9318 12115-9344 5032344 5032186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032009 12115-9312 12115-10287 12115-9318 12115-9344 Maybe Security Only 4.7.4076.0 https://support.microsoft.com/help/5032186 12115-9312 12115-10287 12115-9318 12115-9344 5032186 5032199 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032199 5031377 12135-10729 12135-10735 Yes Security Update 10.0.10240.20308 https://support.microsoft.com/help/5032199 12135-10729 12135-10735 5032199 5032344 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031999 9292-9312 9292-9318 9195-9312 9195-9318 Maybe Monthly Rollup 3.0.50727.8975 https://support.microsoft.com/help/5032344 9292-9312 9292-9318 9195-9312 9195-9318 5032344 5032186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032011 9292-9312 9292-9318 9195-9312 9195-9318 Maybe Security Only 3.0.50727.8975 https://support.microsoft.com/help/5032186 9292-9312 9292-9318 9195-9312 9195-9318 5032186 5032342 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031998 2472-10378 2472-10379 Maybe Monthly Rollup 3.0.50727.8975 https://support.microsoft.com/help/5032342 2472-10378 2472-10379 5032342 5032343 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032001 2472-10483 2472-10543 Maybe Monthly Rollup 3.0.50727.8975 https://support.microsoft.com/help/5032343 2472-10483 2472-10543 5032343 5032341 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032000 9495-10051 9495-10049 Maybe Monthly Rollup 3.0.50727.8975 https://support.microsoft.com/help/5032341 9495-10051 9495-10049 5032341 5032185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032012 9495-10051 9495-10049 Maybe Security Only 3.0.50727.8975 https://support.microsoft.com/help/5032185 9495-10051 9495-10049 5032185 <a href="https://twitter.com/thezdi">Anonymous</a> with <a href="https://www.zerodayinitiative.com/">Trend Micro</a> Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative <a href="https://twitter.com/thezdi">Anonymous</a> with <a href="https://www.zerodayinitiative.com/">Trend Micro</a> 1.0 2023-11-14T08:00:00 <p>Information published.</p> 2.0 2023-11-16T08:00:00 <p>Revised the Security Updates table to include PowerShell 7.2, PowerShell 7.3, and PowerShell 7.4 because these versions of PowerShell 7 are affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/54">https://github.com/PowerShell/Announcements/issues/54</a> for more information.</p> 2.1 2023-11-17T08:00:00 <p>Updated the build numbers. This is an informational update only.</p> 2.2 2024-01-26T08:00:00 <p>Updated one or more CVSS scores for the affected products and added an FAQ explaining the vector string settings. This is an informational change only.</p> ASP.NET Core Denial of Service Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>This vulnerability could be exploited if http requests to .NET 8 RC 1 running on IIS InProcess hosting model are cancelled. Threads counts would increase and an OutOfMemoryException is possible.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to a total loss of availability (A:H). What does that mean for this vulnerability?</strong></p> <p>If an attacker was able to successfully exploit the vulnerability the attack might result in a total loss of availability.</p> ASP.NET Core Microsoft Yes CVE-2023-36038 Uncontrolled Resource Consumption 12256 12051 12129 12187 12222 12260 Denial of Service 12256 Denial of Service 12051 Denial of Service 12129 Denial of Service 12187 Denial of Service 12222 Denial of Service 12260 Important 12256 Important 12051 Important 12129 Important 12187 Important 12222 Important 12260 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C 12256 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C 12051 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C 12129 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C 12187 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C 12222 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C 12260 Release Notes https://dotnet.microsoft.com/download/dotnet/8.0 12256 Maybe Security Update 8.0.0 https://github.com/dotnet/announcements/issues/52043 12256 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.22 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.14 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.10 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.7 12222 Maybe Security Update 17.7.7 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12222 Release Notes Release Notes https://dotnet.microsoft.com/en-us/download/dotnet/8.0 12260 Maybe Security Update 8.0.0 https://github.com/dotnet/announcements/issues/286 12260 Release Notes Barry Dorans 1.0 2023-11-14T08:00:00 <p>Information published.</p> 1.1 2025-10-08T07:00:00 <p>Corrected Article links in the Security Updates table. This is an informational change only.</p>