October 2023 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2023-Oct 2023-Oct Final 1.0 109 2026-02-20T23:15:38 October 2023 Security Updates 2023-10-10T07:00:00 2026-02-20T23:15:38 <h2 id="this-release-consists-of-the-following-103-microsoft-cves">This release consists of the following 103 Microsoft CVEs:</h2> <table> <thead> <tr> <th>Tag</th> <th>CVE</th> <th>Base Score</th> <th>CVSS Vector</th> <th>Exploitability</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Windows RDP</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29348">CVE-2023-29348</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35349">CVE-2023-35349</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Azure SDK</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36414">CVE-2023-36414</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:W/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure SDK</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36415">CVE-2023-36415</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36416">CVE-2023-36416</a></td> <td>6.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36417">CVE-2023-36417</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Real Time Operating System</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36418">CVE-2023-36418</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36419">CVE-2023-36419</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36420">CVE-2023-36420</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Microsoft Dynamics</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36429">CVE-2023-36429</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36431">CVE-2023-36431</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36433">CVE-2023-36433</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows IIS</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36434">CVE-2023-36434</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft QUIC</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36435">CVE-2023-36435</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows HTML Platform</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36436">CVE-2023-36436</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows TCP/IP</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36438">CVE-2023-36438</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows HTML Platform</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36557">CVE-2023-36557</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure DevOps</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36561">CVE-2023-36561</a></td> <td>7.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WordPad</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36563">CVE-2023-36563</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows Search Component</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36564">CVE-2023-36564</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36565">CVE-2023-36565</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Common Data Model SDK</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36566">CVE-2023-36566</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Deployment Services</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36567">CVE-2023-36567</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36568">CVE-2023-36568</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36569">CVE-2023-36569</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36570">CVE-2023-36570</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36571">CVE-2023-36571</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36572">CVE-2023-36572</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36573">CVE-2023-36573</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36574">CVE-2023-36574</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36575">CVE-2023-36575</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36576">CVE-2023-36576</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC OLE DB provider for SQL</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36577">CVE-2023-36577</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36578">CVE-2023-36578</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36579">CVE-2023-36579</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36581">CVE-2023-36581</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36582">CVE-2023-36582</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36583">CVE-2023-36583</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Mark of the Web (MOTW)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36584">CVE-2023-36584</a></td> <td>5.4</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Active Template Library</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36585">CVE-2023-36585</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36589">CVE-2023-36589</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36590">CVE-2023-36590</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36591">CVE-2023-36591</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36592">CVE-2023-36592</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36593">CVE-2023-36593</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Microsoft Graphics Component</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36594">CVE-2023-36594</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Procedure Call</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36596">CVE-2023-36596</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36598">CVE-2023-36598</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows TCP/IP</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36602">CVE-2023-36602</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows TCP/IP</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36603">CVE-2023-36603</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Named Pipe File System</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36605">CVE-2023-36605</a></td> <td>7.4</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36606">CVE-2023-36606</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36697">CVE-2023-36697</a></td> <td>6.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36698">CVE-2023-36698</a></td> <td>3.6</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Resilient File System (ReFS)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36701">CVE-2023-36701</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Microsoft DirectMusic</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36702">CVE-2023-36702</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DHCP Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36703">CVE-2023-36703</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Setup Files Cleanup</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36704">CVE-2023-36704</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Deployment Services</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36706">CVE-2023-36706</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Deployment Services</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36707">CVE-2023-36707</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows AllJoyn API</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36709">CVE-2023-36709</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows Media Foundation</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36710">CVE-2023-36710</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Runtime C++ Template Library</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36711">CVE-2023-36711</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36712">CVE-2023-36712</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Common Log File System Driver</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36713">CVE-2023-36713</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows TPM</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36717">CVE-2023-36717</a></td> <td>6.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Virtual Trusted Platform Module</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36718">CVE-2023-36718</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Mixed Reality Developer Tools</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36720">CVE-2023-36720</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Error Reporting</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36721">CVE-2023-36721</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Active Directory Domain Services</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36722">CVE-2023-36722</a></td> <td>4.4</td> <td>CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Container Manager Service</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36723">CVE-2023-36723</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Power Management Service</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36724">CVE-2023-36724</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NT OS Kernel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36725">CVE-2023-36725</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows IKE Extension</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36726">CVE-2023-36726</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36728">CVE-2023-36728</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Named Pipe File System</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36729">CVE-2023-36729</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36730">CVE-2023-36730</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Win32K</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36731">CVE-2023-36731</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36732">CVE-2023-36732</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36737">CVE-2023-36737</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36743">CVE-2023-36743</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36776">CVE-2023-36776</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36778">CVE-2023-36778</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Skype for Business</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36780">CVE-2023-36780</a></td> <td>7.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36785">CVE-2023-36785</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Skype for Business</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36786">CVE-2023-36786</a></td> <td>7.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Skype for Business</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36789">CVE-2023-36789</a></td> <td>7.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows RDP</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36790">CVE-2023-36790</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Client/Server Runtime Subsystem</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36902">CVE-2023-36902</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Graphics Component</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38159">CVE-2023-38159</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Layer 2 Tunneling Protocol</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38166">CVE-2023-38166</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft QUIC</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38171">CVE-2023-38171</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Skype for Business</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-41763">CVE-2023-41763</a></td> <td>5.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Layer 2 Tunneling Protocol</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-41765">CVE-2023-41765</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Client Server Run-time Subsystem (CSRSS)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-41766">CVE-2023-41766</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Layer 2 Tunneling Protocol</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-41767">CVE-2023-41767</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Layer 2 Tunneling Protocol</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-41768">CVE-2023-41768</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Layer 2 Tunneling Protocol</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-41769">CVE-2023-41769</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Layer 2 Tunneling Protocol</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-41770">CVE-2023-41770</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Layer 2 Tunneling Protocol</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-41771">CVE-2023-41771</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-41772">CVE-2023-41772</a></td> <td></td> <td></td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Layer 2 Tunneling Protocol</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-41773">CVE-2023-41773</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Layer 2 Tunneling Protocol</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-41774">CVE-2023-41774</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="we-are-republishing-2-non-microsoft-cves">We are republishing 2 non-Microsoft CVEs:</h2> <table> <thead> <tr> <th>CNA</th> <th>Tag</th> <th>CVE</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>MITRE Corporation</td> <td>HTTP/2</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-44487">CVE-2023-44487</a></td> <td>No</td> <td><strong>Yes</strong></td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-5346">CVE-2023-5346</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>October 12, 2022</td> <td><a href="https://msrc.microsoft.com/blog/2022/10/14921/">Improvements in Security Update Notifications Delivery - And a New Delivery Method</a></td> </tr> <tr> <td>January 11, 2022</td> <td><a href="https://msrc.microsoft.com/blog/2022/01/coming-soon-new-security-update-guide-notification-system/">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-resources">Relevant Resources</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="http://support.microsoft.com/kb/5031364">5031364</a></td> <td>Windows Server 2022</td> </tr> <tr> <td><a href="http://support.microsoft.com/kb/5031408">5031408</a></td> <td>Windows Server 2008 R2 (Monthly Rollup)</td> </tr> <tr> <td><a href="http://support.microsoft.com/kb/5031411">5031411</a></td> <td>Windows Server 2008 (Security-only update)</td> </tr> <tr> <td><a href="http://support.microsoft.com/kb/5031416">5031416</a></td> <td>Windows Server 2008 (Monthly Rollup)</td> </tr> <tr> <td><a href="http://support.microsoft.com/kb/5031441">5031441</a></td> <td>Windows Server 2008 R2 (Security-only update)</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft Visual Studio 2022 version 17.2 Microsoft Visual Studio 2022 version 17.4 Microsoft Visual Studio 2022 version 17.6 Microsoft Visual Studio 2022 version 17.7 .NET 7.0 PowerShell 7.3 Azure DevOps Server 2020.0.2 Azure DevOps Server 2020.1.2 .NET 6.0 ASP.NET Core 6.0 ASP.NET Core 7.0 Azure Network Watcher VM Extension Azure DevOps Server 2022.0.1 Azure HDInsight Azure Identity SDK for Java Azure Identity SDK for Python Azure Identity SDK for .NET Azure Identity SDK for JavaScript Azure RTOS GUIX Studio Azure RTOS GUIX Studio Installer Application Skype for Business Server 2015 CU13 Skype for Business Server 2019 CU7 Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office 2019 for Mac Microsoft Office LTSC for Mac 2021 Microsoft Office for Android Microsoft Office for Universal Microsoft SQL Server 2019 for x64-based Systems (GDR) Microsoft SQL Server 2022 for x64-based Systems (GDR) Microsoft ODBC Driver 17 for SQL Server on Windows Microsoft ODBC Driver 17 for SQL Server on Linux Microsoft ODBC Driver 17 for SQL Server on MacOS Microsoft ODBC Driver 18 for SQL Server on Windows Microsoft ODBC Driver 18 for SQL Server on Linux Microsoft ODBC Driver 18 for SQL Server on MacOS Microsoft SQL Server 2022 for x64-based Systems (CU 8) Microsoft SQL Server 2019 for x64-based Systems (CU 22) Microsoft SQL Server 2017 for x64-based Systems (GDR) Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR) Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR) Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4) Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4) Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack Microsoft SQL Server 2017 for x64-based Systems (CU 31) Microsoft OLE DB Driver 19 for SQL Server Microsoft OLE DB Driver 18 for SQL Server Microsoft Dynamics 365 (on-premises) version 9.0 Microsoft Dynamics 365 (on-premises) version 9.1 Microsoft Common Data Model SDK for Java Microsoft Common Data Model SDK for TypeScript Microsoft Common Data Model SDK for Python Microsoft Common Data Model SDK for C# Microsoft Edge (Chromium-based) CBL Mariner 2.0 ARM CBL Mariner 2.0 x64 CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM Microsoft Exchange Server 2019 Cumulative Update 13 Microsoft Exchange Server 2019 Cumulative Update 12 Microsoft Exchange Server 2016 Cumulative Update 23 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows Server 2016 Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Microsoft SQL Server 2017 for x64-based Systems (GDR) Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Microsoft Edge (Chromium-based) Microsoft Dynamics 365 (on-premises) version 9.0 Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR) Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR) Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4) Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft SQL Server 2019 for x64-based Systems (GDR) Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4) Microsoft Dynamics 365 (on-premises) version 9.1 Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions ASP.NET Core 6.0 Azure HDInsight .NET 6.0 Microsoft Exchange Server 2019 Cumulative Update 12 Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) Microsoft Visual Studio 2022 version 17.2 Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack Azure RTOS GUIX Studio Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Azure Network Watcher VM Extension Microsoft Visual Studio 2022 version 17.4 .NET 7.0 PowerShell 7.3 CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM Azure DevOps Server 2020.1.2 Microsoft SQL Server 2017 for x64-based Systems (CU 31) Microsoft SQL Server 2022 for x64-based Systems (GDR) Microsoft Office for Android Microsoft Office for Universal Microsoft OLE DB Driver 19 for SQL Server Microsoft OLE DB Driver 18 for SQL Server Microsoft Visual Studio 2022 version 17.6 Azure DevOps Server 2022.0.1 Microsoft Exchange Server 2019 Cumulative Update 13 Microsoft ODBC Driver 17 for SQL Server on Windows Microsoft ODBC Driver 17 for SQL Server on Linux Microsoft ODBC Driver 17 for SQL Server on MacOS Microsoft ODBC Driver 18 for SQL Server on Windows Microsoft ODBC Driver 18 for SQL Server on Linux Microsoft ODBC Driver 18 for SQL Server on MacOS Azure DevOps Server 2020.0.2 Microsoft Visual Studio 2022 version 17.7 Skype for Business Server 2019 CU7 Skype for Business Server 2015 CU13 Microsoft SQL Server 2022 for x64-based Systems (CU 8) Microsoft SQL Server 2019 for x64-based Systems (CU 22) Azure RTOS GUIX Studio Installer Application ASP.NET Core 7.0 Azure Identity SDK for JavaScript Azure Identity SDK for .NET Azure Identity SDK for Java Azure Identity SDK for Python Microsoft Common Data Model SDK for C# Microsoft Common Data Model SDK for Java Microsoft Common Data Model SDK for TypeScript Microsoft Common Data Model SDK for Python Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Azure Linux 3.0 x64 Azure Linux 3.0 ARM cbl2 kernel 5.15.153.1-1 on CBL Mariner 2.0 cbl2 cloud-hypervisor-cvm 38.0.72.2-1 on CBL Mariner 2.0 azl3 cloud-hypervisor-cvm 38.0.72.2-1 on Azure Linux 3.0 cbl2 python-virtualenv 20.26.6-1 on CBL Mariner 2.0 cbl2 hvloader 1.0.1-5 on CBL Mariner 2.0 cbl2 reaper 3.1.1-9 on CBL Mariner 2.0 cbl2 golang 1.21.6-1 on CBL Mariner 2.0 cbl2 opa 0.63.0-1 on CBL Mariner 2.0 cbl2 kata-containers-cc 3.2.0.azl2-1 on CBL Mariner 2.0 cbl2 kata-containers 3.2.0.azl2-1 on CBL Mariner 2.0 cbl2 xorg-x11-server 1.20.10-10 on CBL Mariner 2.0 azl3 qemu 8.2.0-16 on Azure Linux 3.0 azl3 moby-containerd-cc 1.7.7-9 on Azure Linux 3.0 azl3 git-lfs 3.6.1-1 on Azure Linux 3.0 azl3 application-gateway-kubernetes-ingress 1.7.2-3 on Azure Linux 3.0 azl3 python3 3.12.3-5 on Azure Linux 3.0 azl3 jx 3.10.182-1 on Azure Linux 3.0 azl3 application-gateway-kubernetes-ingress 1.7.7-1 on Azure Linux 3.0 azl3 kata-containers 3.2.0.azl4-1 on Azure Linux 3.0 azl3 kata-containers-cc 3.2.0.azl4-1 on Azure Linux 3.0 azl3 grpc 1.62.3-1 on Azure Linux 3.0 azl3 tensorflow 2.16.1-9 on Azure Linux 3.0 azl3 mod_http2 2.0.29-3 on Azure Linux 3.0 azl3 python-pip 24.2-1 on Azure Linux 3.0 azl3 python-pip 24.0-2 on Azure Linux 3.0 azl3 python3 3.12.3-1 on Azure Linux 3.0 azl3 python-urllib3 2.0.7-1 on Azure Linux 3.0 azl3 rust 1.75.0-1 on Azure Linux 3.0 azl3 libxml2 2.11.5-3 on Azure Linux 3.0 azl3 hyperv-daemons 6.6.29.1-1 on Azure Linux 3.0 azl3 cert-manager 1.12.12-1 on Azure Linux 3.0 azl3 hyperv-daemons 6.6.22.1-2 on Azure Linux 3.0 azl3 prometheus-adapter 0.12.0-1 on Azure Linux 3.0 azl3 opa 0.63.0-1 on Azure Linux 3.0 azl3 kube-vip-cloud-provider 0.0.10-1 on Azure Linux 3.0 azl3 docker-buildx 0.14.0-1 on Azure Linux 3.0 azl3 blobfuse2 2.3.0-1 on Azure Linux 3.0 cbl2 hyperv-daemons 5.15.135.1-1 on CBL Mariner 2.0 azl3 tensorflow 2.16.1-1 on Azure Linux 3.0 azl3 cmake 3.21.4-10 on Azure Linux 3.0 cbl2 kernel 5.15.135.1-2 on CBL Mariner 2.0 cbl2 python-urllib3 1.26.18-1 on CBL Mariner 2.0 cbl2 prometheus 2.37.9-2 on CBL Mariner 2.0 cbl2 git-lfs 3.5.1-1 on CBL Mariner 2.0 cbl2 multus 3.8-12 on CBL Mariner 2.0 cbl2 kured 1.9.1-14 on CBL Mariner 2.0 cbl2 etcd 3.5.6-11 on CBL Mariner 2.0 cbl2 coredns 1.9.3-9 on CBL Mariner 2.0 cbl2 skopeo 1.12.0-4 on CBL Mariner 2.0 cbl2 vitess 16.0.2-5 on CBL Mariner 2.0 cbl2 opa 0.50.2-6 on CBL Mariner 2.0 cbl2 moby-containerd-cc 1.7.1-5 on CBL Mariner 2.0 cbl2 moby-containerd 1.6.22-2 on CBL Mariner 2.0 cbl2 moby-compose 2.17.2-5 on CBL Mariner 2.0 cbl2 cert-manager 1.11.2-5 on CBL Mariner 2.0 cbl2 telegraf 1.27.3-3 on CBL Mariner 2.0 cbl2 cri-tools 1.28.0-2 on CBL Mariner 2.0 cbl2 blobfuse2 2.1.1-1 on CBL Mariner 2.0 cbl2 golang 1.20.7-2 on CBL Mariner 2.0 azl3 multus 4.0.2-3 on Azure Linux 3.0 azl3 vitess 16.0.2-5 on Azure Linux 3.0 azl3 telegraf 1.27.3-3 on Azure Linux 3.0 azl3 packer 1.9.5-1 on Azure Linux 3.0 azl3 opa 0.50.2-6 on Azure Linux 3.0 azl3 moby-containerd-cc 1.7.1-5 on Azure Linux 3.0 azl3 local-path-provisioner 0.0.24-3 on Azure Linux 3.0 azl3 golang 1.20.7-2 on Azure Linux 3.0 azl3 etcd 3.5.6-11 on Azure Linux 3.0 azl3 coredns 1.9.3-9 on Azure Linux 3.0 azl3 containerized-data-importer 1.57.0-8 on Azure Linux 3.0 azl3 cf-cli 8.7.3-2 on Azure Linux 3.0 azl3 cert-manager 1.11.2-5 on Azure Linux 3.0 cbl2 cri-tools 1.29.0-2 on CBL Mariner 2.0 azl3 cf-cli 8.7.3-6 on Azure Linux 3.0 azl3 jx 3.10.116-2 on Azure Linux 3.0 cbl2 rubygem-mini_portile2 2.8.0-1 on CBL Mariner 2.0 cbl2 zlib 1.2.13-2 on CBL Mariner 2.0 cbl2 tcl 8.6.13-3 on CBL Mariner 2.0 cbl2 rust 1.72.0-5 on CBL Mariner 2.0 cbl2 cloud-hypervisor 32.0-2 on CBL Mariner 2.0 cbl2 boost 1.76.0-4 on CBL Mariner 2.0 azl3 rust 1.85.0-1 on Azure Linux 3.0 azl3 blosc 1.21.6-1 on Azure Linux 3.0 azl3 keras 3.1.1-1 on Azure Linux 3.0 azl3 zlib 1.3.1-1 on Azure Linux 3.0 azl3 tcl 8.6.13-3 on Azure Linux 3.0 azl3 rubygem-mini_portile2 2.8.0-1 on Azure Linux 3.0 azl3 cloud-hypervisor 32.0-2 on Azure Linux 3.0 cbl2 moby-engine 24.0.9-10 on CBL Mariner 2.0 cbl2 moby-compose 2.17.3-7 on CBL Mariner 2.0 azl3 prometheus 2.45.4-1 on Azure Linux 3.0 azl3 kubernetes 1.29.1-2 on Azure Linux 3.0 cbl2 golang 1.20.10-1 on CBL Mariner 2.0 azl3 golang 1.20.10-1 on Azure Linux 3.0 azl3 telegraf 1.29.4-1 on Azure Linux 3.0 cbl2 openvswitch 2.17.9-1 on CBL Mariner 2.0 azl3 openvswitch 3.3.0-1 on Azure Linux 3.0 cbl2 telegraf 1.27.4-1 on CBL Mariner 2.0 cbl2 kernel 5.15.143.1-1 on CBL Mariner 2.0 cbl2 rabbitmq-server 3.11.24-1 on CBL Mariner 2.0 azl3 rabbitmq-server 3.13.0-1 on Azure Linux 3.0 cbl2 vim 9.0.2112-1 on CBL Mariner 2.0 azl3 kubernetes 1.28.7-2 on Azure Linux 3.0 cbl2 kernel 5.15.137.1-1 on CBL Mariner 2.0 cbl2 hyperv-daemons 5.15.137.1-1 on CBL Mariner 2.0 cbl2 python-twisted 22.10.0-4 on CBL Mariner 2.0 azl3 python-twisted 22.10.0-4 on Azure Linux 3.0 azl3 frr 9.1-2 on Azure Linux 3.0 cbl2 telegraf 1.28.5-1 on CBL Mariner 2.0 cbl2 traceroute 2.1.3-1 on CBL Mariner 2.0 cbl2 open-vm-tools 11.3.0-3 on CBL Mariner 2.0 cbl2 memcached 1.6.22-1 on CBL Mariner 2.0 azl3 memcached 1.6.27-1 on Azure Linux 3.0 cbl2 frr 8.5.3-3 on CBL Mariner 2.0 cbl2 python-werkzeug 2.3.7-1 on CBL Mariner 2.0 azl3 python-werkzeug 3.0.1-1 on Azure Linux 3.0 cbl2 grub2 2.06-13 on CBL Mariner 2.0 azl3 grub2 2.06-18 on Azure Linux 3.0 cbl2 redis 6.2.14-1 on CBL Mariner 2.0 cbl2 zchunk 1.1.16-3 on CBL Mariner 2.0 cbl2 nodejs18 18.18.2-2 on CBL Mariner 2.0 cbl2 httpd 2.4.58-1 on CBL Mariner 2.0 cbl2 mysql 8.0.35-1 on CBL Mariner 2.0 cbl2 mysql 8.0.34-1 on CBL Mariner 2.0 cbl2 cmake 3.21.4-10 on CBL Mariner 2.0 cbl2 curl 8.3.0-2 on CBL Mariner 2.0 cbl2 vim 9.0.2010-1 on CBL Mariner 2.0 cbl2 libXpm 3.5.17-1 on CBL Mariner 2.0 cbl2 libX11 1.8.7-1 on CBL Mariner 2.0 cbl2 libxml2 2.10.4-2 on CBL Mariner 2.0 azl3 tensorflow 2.11.1-1 on Azure Linux 3.0 cbl2 glibc 2.35-5 on CBL Mariner 2.0 azl3 glibc 2.38-6 on Azure Linux 3.0 cbl2 libtiff 4.6.0-1 on CBL Mariner 2.0 azl3 gcc 13.2.0-7 on Azure Linux 3.0 azl3 optipng 0.7.8-5 on Azure Linux 3.0 azl3 mozjs 102.15.1-1 on Azure Linux 3.0 azl3 crash 8.0.4-4 on Azure Linux 3.0 azl3 local-path-provisioner 0.0.24-5 on Azure Linux 3.0 azl3 binutils 2.41-5 on Azure Linux 3.0 azl3 multus 4.0.2-5 on Azure Linux 3.0 azl3 containerized-data-importer 1.57.0-14 on Azure Linux 3.0 azl3 libxml2 2.11.5-5 on Azure Linux 3.0 azl3 grub2 2.06-23 on Azure Linux 3.0 azl3 telegraf 1.27.3-4 on Azure Linux 3.0 azl3 ceph 18.2.2-8 on Azure Linux 3.0 cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0 azl3 rust 1.75.0-14 on Azure Linux 3.0 azl3 golang 1.23.9-1 on Azure Linux 3.0 cbl2 python3 3.9.19-13 on CBL Mariner 2.0 azl3 rust 1.86.0-1 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 cbl2 kata-containers 3.2.0.azl2-6 on CBL Mariner 2.0 azl3 golang 1.24.3-1 on Azure Linux 3.0 cbl2 kata-containers-cc 3.2.0.azl2-6 on CBL Mariner 2.0 cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0 azl3 nmap 7.94-1 on Azure Linux 3.0 cbl2 prometheus 2.37.9-4 on CBL Mariner 2.0 cbl2 msft-golang 1.24.1-2 on CBL Mariner 2.0 azl3 rubygem-mini_portile2 2.8.4-1 on Azure Linux 3.0 cbl2 rubygem-mini_portile2 2.8.0-1 on CBL Mariner 2.0 azl3 glibc 2.38-10 on Azure Linux 3.0 azl3 golang 1.23.8-1 on Azure Linux 3.0 azl3 memcached 1.6.21-1 on Azure Linux 3.0 cbl2 golang 1.17.13-2 on CBL Mariner 2.0 azl3 cloud-hypervisor 37.0-2 on Azure Linux 3.0 cbl2 golang 1.18.8-7 on CBL Mariner 2.0 cbl2 cloud-hypervisor-cvm 38.0.72-1 on CBL Mariner 2.0 azl3 cloud-hypervisor-cvm 38.0.72-2 on Azure Linux 3.0 azl3 docker-buildx 0.12.1-1 on Azure Linux 3.0 cbl2 hvloader 1.0.1-5 on CBL Mariner 2.0 cbl2 ceph 16.2.10-7 on CBL Mariner 2.0 azl3 gdb 13.2-4 on Azure Linux 3.0 azl3 boost 1.83.0-2 on Azure Linux 3.0 cbl2 python-virtualenv 20.26.6-1 on CBL Mariner 2.0 azl3 cert-manager 1.11.2-8 on Azure Linux 3.0 azl3 coredns 1.11.1-4 on Azure Linux 3.0 cbl2 packer 1.8.7-2 on CBL Mariner 2.0 azl3 blobfuse2 2.1.0-4 on Azure Linux 3.0 azl3 git-lfs 3.4.1-1 on Azure Linux 3.0 azl3 etcd 3.5.9-1 on Azure Linux 3.0 azl3 kube-vip-cloud-provider 0.0.7-1 on Azure Linux 3.0 azl3 python-werkzeug 2.2.3-1 on Azure Linux 3.0 azl3 opa 0.55.0-1 on Azure Linux 3.0 azl3 packer 1.9.4-1 on Azure Linux 3.0 azl3 python3 3.12.0-4 on Azure Linux 3.0 azl3 prometheus-adapter 0.11.2-1 on Azure Linux 3.0 azl3 vitess 17.0.2-1 on Azure Linux 3.0 azl3 kata-containers-cc 3.2.0.azl3-1 on Azure Linux 3.0 azl3 kata-containers 3.2.0.azl3-2 on Azure Linux 3.0 cbl2 git-lfs 3.4.1-1 on CBL Mariner 2.0 azl3 cloud-provider-kubevirt 0.5.1-1 on Azure Linux 3.0 azl3 python-urllib3 2.0.4-1 on Azure Linux 3.0 azl3 rabbitmq-server 3.11.11-1 on Azure Linux 3.0 cbl2 opa 0.50.2-8 on CBL Mariner 2.0 azl3 prometheus 2.37.0-11 on Azure Linux 3.0 azl3 frr 8.5.3-2 on Azure Linux 3.0 azl3 zlib 1.3-1 on Azure Linux 3.0 azl3 keras 2.11.0-3 on Azure Linux 3.0 azl3 babel 2.12.1-1 on Azure Linux 3.0 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22059 18286-16823 18286-16823 Moderate 18286-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18286-16823 CBL-Mariner Releases 18286-16823 No Security Update 8.0.35-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18286-16823 CBL-Mariner Releases 1.0 2023-10-20T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22064 18286-16823 18286-16823 Moderate 18286-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18286-16823 CBL-Mariner Releases 18286-16823 No Security Update 8.0.35-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18286-16823 CBL-Mariner Releases 1.0 2023-10-20T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22066 18286-16823 18286-16823 Moderate 18286-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18286-16823 CBL-Mariner Releases 18286-16823 No Security Update 8.0.35-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18286-16823 CBL-Mariner Releases 1.0 2023-10-20T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22070 18286-16823 18286-16823 Moderate 18286-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18286-16823 CBL-Mariner Releases 18286-16823 No Security Update 8.0.35-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18286-16823 CBL-Mariner Releases 1.0 2023-10-20T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22078 18286-16823 18286-16823 Moderate 18286-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18286-16823 CBL-Mariner Releases 18286-16823 No Security Update 8.0.35-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18286-16823 CBL-Mariner Releases 1.0 2023-10-19T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22097 18286-16823 18286-16823 Moderate 18286-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18286-16823 CBL-Mariner Releases 18286-16823 No Security Update 8.0.35-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18286-16823 CBL-Mariner Releases 1.0 2023-10-20T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.3 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22102 18287-16823 18287-16823 Important 18287-16823 8.3 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 18287-16823 CBL-Mariner Releases 18287-16823 No Security Update 8.0.34-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18287-16823 CBL-Mariner Releases 1.0 2023-10-20T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22110 18287-16823 18287-16823 Moderate 18287-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18287-16823 CBL-Mariner Releases 18287-16823 No Security Update 8.0.34-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18287-16823 CBL-Mariner Releases 1.0 2023-10-20T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22112 18286-16823 18286-16823 Moderate 18286-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18286-16823 CBL-Mariner Releases 18286-16823 No Security Update 8.0.35-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18286-16823 CBL-Mariner Releases 1.0 2023-10-20T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22114 18286-16823 18286-16823 Moderate 18286-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18286-16823 CBL-Mariner Releases 18286-16823 No Security Update 8.0.35-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18286-16823 CBL-Mariner Releases 1.0 2023-10-20T00:00:00 <p>Information published.</p> open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner vmware Yes CVE-2023-34059 18272-16823 18272-16823 Important 18272-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 18272-16823 CBL-Mariner Releases 18272-16823 No Security Update 11.3.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18272-16823 CBL-Mariner Releases 1.0 2023-11-01T00:00:00 <p>Information published.</p> This flaw allows an attacker to insert cookies at will into a running program using libcurl if the specific series of conditions are met. libcurl performs transfers. In its API an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program usin <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2023-38546 18288-16823 18289-16823 17878-17084 17879-17084 19671-17084 19668-17086 18295-17084 19686-17084 18288-16823 18289-16823 17878-17084 17879-17084 19671-17084 19668-17086 18295-17084 19686-17084 Low 18288-16823 Low 18289-16823 Low 17878-17084 Low 17879-17084 Low 19671-17084 Low 19668-17086 Low 18295-17084 Low 19686-17084 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 18288-16823 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 18289-16823 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 17878-17084 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 17879-17084 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 19671-17084 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 19668-17086 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 18295-17084 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 19686-17084 CBL-Mariner Releases 18288-16823 17879-17084 No Security Update 3.21.4-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18288-16823 17879-17084 CBL-Mariner Releases CBL-Mariner Releases 18289-16823 No Security Update 8.3.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18289-16823 CBL-Mariner Releases CBL-Mariner Releases 17878-17084 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17878-17084 18295-17084 CBL-Mariner Releases 1.0 2023-10-18T00:00:00 <p>Information published.</p> 1.1 2023-10-10T00:00:00 <p>Information published.</p> 1.2 2024-06-30T07:00:00 <p>Information published.</p> 1.3 2026-02-18T01:14:25 <p>Information published.</p> Kernel: netfilter: xtables sctp out-of-bounds read in match_flags() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-39193 Out-of-bounds Read 17917-16823 17917-16823 Moderate 17917-16823 6.0 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H 17917-16823 CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases 1.0 2023-10-12T00:00:00 <p>Information published.</p> Libtiff: integer overflow in tiffcp.c <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-40745 Integer Overflow or Wraparound 18300-16823 18300-16823 Moderate 18300-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18300-16823 CBL-Mariner Releases 18300-16823 No Security Update 4.6.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18300-16823 CBL-Mariner Releases 1.0 2023-10-06T00:00:00 <p>Information published.</p> Libtiff: potential integer overflow in raw2tiff.c <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-41175 Integer Overflow or Wraparound 18300-16823 18300-16823 Moderate 18300-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18300-16823 CBL-Mariner Releases 18300-16823 No Security Update 4.6.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18300-16823 CBL-Mariner Releases 1.0 2023-10-06T00:00:00 <p>Information published.</p> Kernel: rsvp: out-of-bounds read in rsvp_classify() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-42755 Out-of-bounds Read 17917-16823 17917-16823 Moderate 17917-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17917-16823 CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases 1.0 2023-10-12T00:00:00 <p>Information published.</p> Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner MITRE Yes CVE-2023-43615 Buffer Copy without Checking Size of Input (&#39;Classic Buffer Overflow&#39;) 19809-17086 17238-17086 19809-17086 17238-17086 19809-17086 Important 17238-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19809-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17238-17086 CBL-Mariner Releases 19809-17086 17238-17086 No Security Update 1.0.1-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19809-17086 17238-17086 CBL-Mariner Releases 1.0 2024-11-28T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:23:34 <p>Information published.</p> Libx11: out-of-bounds memory access in _xkbreadkeysyms() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-43785 Out-of-bounds Read 18292-16823 18292-16823 Moderate 18292-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18292-16823 CBL-Mariner Releases 18292-16823 No Security Update 1.8.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18292-16823 CBL-Mariner Releases 1.0 2023-10-16T00:00:00 <p>Information published.</p> Libx11: integer overflow in xcreateimage() leading to a heap overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-43787 Integer Overflow or Wraparound 18292-16823 18292-16823 Important 18292-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18292-16823 CBL-Mariner Releases 18292-16823 No Security Update 1.8.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18292-16823 CBL-Mariner Releases 1.0 2023-10-16T00:00:00 <p>Information published.</p> Libxpm: out of bounds read on xpm with corrupted colormap <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-43789 Out-of-bounds Read 18291-16823 18291-16823 Moderate 18291-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18291-16823 CBL-Mariner Releases 18291-16823 No Security Update 3.5.17-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18291-16823 CBL-Mariner Releases 1.0 2023-10-17T00:00:00 <p>Information published.</p> Undici's cookie header not cleared on cross-origin redirect in fetch <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-45143 Exposure of Sensitive Information to an Unauthorized Actor 18284-16823 18284-16823 Low 18284-16823 3.5 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N 18284-16823 CBL-Mariner Releases 18284-16823 No Security Update 18.18.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18284-16823 CBL-Mariner Releases 1.0 2023-10-16T00:00:00 <p>Information published.</p> Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2023-45802 Improper Resource Shutdown or Release 18285-16823 17683-17084 18285-16823 17683-17084 Moderate 18285-16823 Moderate 17683-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 18285-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17683-17084 CBL-Mariner Releases 18285-16823 No Security Update 2.4.58-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18285-16823 CBL-Mariner Releases CBL-Mariner Releases 17683-17084 No Security Update 2.0.29-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17683-17084 CBL-Mariner Releases 1.0 2023-10-23T00:00:00 <p>Information published.</p> 1.1 2025-05-15T00:00:00 <p>Added mod_http2 to Azure Linux 3.0 Added httpd to CBL-Mariner 2.0</p> MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename comment or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version and exposes the applicable MiniZip code through its compress API. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-45853 Integer Overflow or Wraparound 19752-17086 19280-17084 19842-17084 19783-17084 18844-17084 18315-17084 19818-17084 17664-17084 19717-17084 20146-17084 17667-17084 19666-17084 19693-17084 20167-17084 16977-16823 18100-16823 18101-16823 18102-16823 18103-16823 18104-16823 18105-16823 18106-17084 18107-17084 16982-17084 18108-17084 18109-17084 18110-17084 17735-17084 18111-17084 18112-17084 19746-17084 19671-17084 19712-17086 19814-17086 19668-17086 19801-17086 19807-17084 19686-17084 19752-17086 19280-17084 19842-17084 19783-17084 18844-17084 18315-17084 19818-17084 17664-17084 19717-17084 20146-17084 17667-17084 19666-17084 19693-17084 20167-17084 16977-16823 18100-16823 18101-16823 18102-16823 18103-16823 18104-16823 18105-16823 18106-17084 18107-17084 16982-17084 18108-17084 18109-17084 18110-17084 17735-17084 18111-17084 18112-17084 19746-17084 19671-17084 19712-17086 19814-17086 19668-17086 19801-17086 19807-17084 19686-17084 Critical 19752-17086 Critical 19280-17084 Critical 19842-17084 Critical 19783-17084 Critical 18844-17084 Critical 18315-17084 Critical 19818-17084 Critical 17664-17084 Critical 19717-17084 Critical 20146-17084 Critical 17667-17084 Critical 19666-17084 Critical 19693-17084 Critical 20167-17084 Critical 16977-16823 Critical 18100-16823 Critical 18101-16823 Critical 18102-16823 Critical 18103-16823 Critical 18104-16823 Critical 18105-16823 Important 18106-17084 Critical 18107-17084 Critical 16982-17084 Critical 18108-17084 Critical 18109-17084 Critical 18110-17084 Critical 17735-17084 Critical 18111-17084 Critical 18112-17084 Critical 19746-17084 Critical 19671-17084 Critical 19712-17086 Critical 19814-17086 Critical 19668-17086 Critical 19801-17086 Critical 19807-17084 Important 19686-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19752-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19280-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19842-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19783-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18844-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18315-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19818-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17664-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19717-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20146-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17667-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19666-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19693-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20167-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 16977-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18100-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18101-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18102-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18103-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18104-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18105-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18106-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18107-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 16982-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18108-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18109-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18110-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17735-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18111-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18112-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19746-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19671-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19712-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19814-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19668-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19801-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19807-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19686-17084 CBL-Mariner Releases 18844-17084 No Security Update 8.0.4-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18844-17084 CBL-Mariner Releases CBL-Mariner Releases 19717-17084 No Security Update 7.95-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19717-17084 CBL-Mariner Releases CBL-Mariner Releases 20146-17084 18109-17084 No Security Update 1.3.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20146-17084 18109-17084 CBL-Mariner Releases CBL-Mariner Releases 19666-17084 No Security Update 18.2.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19666-17084 CBL-Mariner Releases CBL-Mariner Releases 20167-17084 18108-17084 No Security Update 3.1.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20167-17084 18108-17084 CBL-Mariner Releases CBL-Mariner Releases 16977-16823 16982-17084 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16977-16823 16982-17084 CBL-Mariner Releases CBL-Mariner Releases 18100-16823 18111-17084 No Security Update 2.8.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18100-16823 18111-17084 CBL-Mariner Releases CBL-Mariner Releases 18101-16823 No Security Update 1.2.13-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18101-16823 CBL-Mariner Releases CBL-Mariner Releases 18102-16823 18110-17084 No Security Update 8.6.13-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18102-16823 18110-17084 CBL-Mariner Releases CBL-Mariner Releases 18103-16823 No Security Update 1.72.0-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18103-16823 CBL-Mariner Releases CBL-Mariner Releases 18104-16823 18112-17084 No Security Update 32.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18104-16823 18112-17084 CBL-Mariner Releases CBL-Mariner Releases 18105-16823 No Security Update 1.76.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18105-16823 CBL-Mariner Releases CBL-Mariner Releases 18106-17084 No Security Update 1.85.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18106-17084 CBL-Mariner Releases CBL-Mariner Releases 18107-17084 No Security Update 1.21.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18107-17084 CBL-Mariner Releases CBL-Mariner Releases 17735-17084 19671-17084 No Security Update 1.75.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17735-17084 19671-17084 CBL-Mariner Releases CBL-Mariner Releases 19801-17086 19807-17084 No Security Update 38.0.72.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19801-17086 19807-17084 CBL-Mariner Releases CBL-Mariner Releases 19686-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19686-17084 CBL-Mariner Releases 2.6 2026-02-18T03:02:45 <p>Information published.</p> 1.0 2023-10-16T00:00:00 <p>Information published.</p> 1.1 2023-10-17T00:00:00 <p>Added tcl to CBL-Mariner 2.0</p> 1.2 2024-06-30T07:00:00 <p>Information published.</p> 1.3 2024-07-13T00:00:00 <p>Information published.</p> 1.4 2024-08-29T00:00:00 <p>Information published.</p> 1.5 2024-08-30T00:00:00 <p>Information published.</p> 1.6 2024-08-31T00:00:00 <p>Information published.</p> 1.7 2024-09-01T00:00:00 <p>Information published.</p> 1.8 2024-09-02T00:00:00 <p>Information published.</p> 1.9 2024-09-03T00:00:00 <p>Information published.</p> 2.0 2024-09-05T00:00:00 <p>Information published.</p> 2.1 2024-09-06T00:00:00 <p>Information published.</p> 2.2 2024-09-07T00:00:00 <p>Information published.</p> 2.3 2024-09-08T00:00:00 <p>Information published.</p> 2.4 2024-09-11T00:00:00 <p>Information published.</p> 2.5 2025-02-11T00:00:00 <p>Added blosc to Azure Linux 3.0 Added cloud-hypervisor-cvm to Azure Linux 3.0 Added nmap to Azure Linux 3.0 Added zlib to Azure Linux 3.0 Added tcl to Azure Linux 3.0 Added rust to Azure Linux 3.0 Added keras to Azure Linux 3.0 Added cloud-hypervisor-cvm to CBL-Mariner 2.0 Added cloud-hypervisor to CBL-Mariner 2.0 Added rust to CBL-Mariner 2.0 Added zlib to CBL-Mariner 2.0 Added boost to CBL-Mariner 2.0 Added tcl to CBL-Mariner 2.0</p> An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-45863 Out-of-bounds Write 17917-16823 17917-16823 Moderate 17917-16823 6.4 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 17917-16823 CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases 1.0 2023-10-20T00:00:00 <p>Information published.</p> An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-45871 Incorrect Calculation of Buffer Size 17917-16823 17917-16823 Important 17917-16823 7.5 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17917-16823 CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases 1.0 2023-10-20T00:00:00 <p>Information published.</p> Denial of Service by publishing large messages over the HTTP API <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-46118 Uncontrolled Resource Consumption 18237-16823 18238-17084 20055-17084 18237-16823 18238-17084 20055-17084 Moderate 18237-16823 Moderate 18238-17084 Moderate 20055-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18237-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18238-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20055-17084 CBL-Mariner Releases 18237-16823 No Security Update 3.11.24-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18237-16823 CBL-Mariner Releases CBL-Mariner Releases 18238-17084 20055-17084 No Security Update 3.13.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18238-17084 20055-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2024-12-12T00:00:00 <p>Added rabbitmq-server to CBL-Mariner 2.0 Added rabbitmq-server to Azure Linux 3.0</p> 1.2 2026-02-18T01:48:29 <p>Information published.</p> zchunk before 1.3.2 has multiple integer overflows via malformed zchunk files to lib/comp/comp.c lib/comp/zstd/zstd.c lib/dl/multipart.c or lib/header.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-46228 Integer Overflow or Wraparound 18283-16823 18283-16823 Important 18283-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18283-16823 CBL-Mariner Releases 18283-16823 No Security Update 1.1.16-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18283-16823 CBL-Mariner Releases 1.0 2023-10-23T00:00:00 <p>Information published.</p> browserify-sign vulnerable via an upper bound check issue in `dsaVerify` that leads to a signature forgery attack <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-46234 Improper Verification of Cryptographic Signature 17334-16823 17334-16823 Important 17334-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 17334-16823 CBL-Mariner Releases 17334-16823 No Security Update 3.1.1-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17334-16823 CBL-Mariner Releases 1.0 2023-10-31T00:00:00 <p>Information published.</p> In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3 the wrapper scripts do not properly parse command lines. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-46316 Failure to Handle Missing Parameter 18271-16823 18271-16823 Moderate 18271-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18271-16823 CBL-Mariner Releases 18271-16823 No Security Update 2.1.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18271-16823 CBL-Mariner Releases 1.0 2023-11-02T00:00:00 <p>Information published.</p> In Memcached before 1.6.22 an off-by-one error exists when processing proxy requests in proxy mode if \n is used instead of \r\n. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-46853 Off-by-one Error 19776-17084 18273-16823 18274-17084 19776-17084 18273-16823 18274-17084 Critical 19776-17084 Critical 18273-16823 Critical 18274-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19776-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18273-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18274-17084 CBL-Mariner Releases 19776-17084 18274-17084 No Security Update 1.6.27-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19776-17084 18274-17084 CBL-Mariner Releases CBL-Mariner Releases 18273-16823 No Security Update 1.6.22-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18273-16823 CBL-Mariner Releases 1.0 2023-11-01T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2026-02-18T01:08:33 <p>Information published.</p> Grub2: out-of-bounds write at fs/ntfs.c may lead to unsigned code execution <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-4692 Out-of-bounds Write 19663-17084 18278-16823 18279-17084 19663-17084 18278-16823 18279-17084 Important 19663-17084 Important 18278-16823 Important 18279-17084 7.5 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 19663-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18278-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18279-17084 CBL-Mariner Releases 19663-17084 18279-17084 No Security Update 2.06-18 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19663-17084 18279-17084 CBL-Mariner Releases CBL-Mariner Releases 18278-16823 No Security Update 2.06-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18278-16823 CBL-Mariner Releases 1.2 2026-02-19T01:02:57 <p>Information published.</p> 1.0 2023-10-27T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access even when the intention of the configuration was for each user to have an account. The earliest affected version is 2.2.0. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-47090 Incorrect Authorization 18268-16823 18164-17084 19664-17084 18268-16823 18164-17084 19664-17084 Moderate 18268-16823 Moderate 18164-17084 Moderate 19664-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18268-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18164-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19664-17084 CBL-Mariner Releases 18268-16823 No Security Update 1.28.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18268-16823 CBL-Mariner Releases CBL-Mariner Releases 18164-17084 19664-17084 No Security Update 1.29.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18164-17084 19664-17084 CBL-Mariner Releases 1.0 2023-11-06T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2026-02-20T22:45:42 <p>Information published.</p> Glibc: buffer overflow in ld.so leading to privilege escalation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-4911 Out-of-bounds Write 18298-16823 18299-17084 19758-17084 18298-16823 18299-17084 19758-17084 Important 18298-16823 Important 18299-17084 Important 19758-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18298-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18299-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19758-17084 CBL-Mariner Releases 18298-16823 No Security Update 2.35-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18298-16823 CBL-Mariner Releases CBL-Mariner Releases 18299-17084 19758-17084 No Security Update 2.38-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18299-17084 19758-17084 CBL-Mariner Releases 1.2 2026-02-18T03:10:06 <p>Information published.</p> 1.0 2023-10-03T00:00:00 <p>Information published.</p> 1.1 2024-07-03T00:00:00 <p>Information published.</p> Xorg-x11-server: out-of-bounds write in xichangedeviceproperty/rrchangeoutputproperty <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-5367 Out-of-bounds Write 17430-16823 17430-16823 Important 17430-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17430-16823 CBL-Mariner Releases 17430-16823 No Security Update 1.20.10-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17430-16823 CBL-Mariner Releases 1.0 2023-10-31T00:00:00 <p>Information published.</p> Kernel: vmwgfx: reference count issue leads to use-after-free in surface handling <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-5633 Use After Free 16838-16823 16838-16823 Important 16838-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 16838-16823 CBL-Mariner Releases 16838-16823 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16838-16823 CBL-Mariner Releases 1.0 2023-11-03T00:00:00 <p>Information published.</p> Arbitrary code execution during build via line directives in cmd/go <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2023-39323 19778-17086 19668-17086 17375-16823 18153-16823 18154-17084 19730-17086 19785-17086 17667-17084 19693-17084 19697-17084 19778-17086 19668-17086 17375-16823 18153-16823 18154-17084 19730-17086 19785-17086 17667-17084 19693-17084 19697-17084 Important 19778-17086 Important 19668-17086 Important 17375-16823 Important 18153-16823 Important 18154-17084 Important 19730-17086 Important 19785-17086 Important 17667-17084 Important 19693-17084 Important 19697-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19778-17086 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19668-17086 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17375-16823 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 18153-16823 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 18154-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19730-17086 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19785-17086 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17667-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19693-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19697-17084 CBL-Mariner Releases 19778-17086 19785-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19778-17086 19785-17086 CBL-Mariner Releases CBL-Mariner Releases 17375-16823 No Security Update 1.21.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17375-16823 CBL-Mariner Releases CBL-Mariner Releases 18153-16823 18154-17084 No Security Update 1.20.10-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18153-16823 18154-17084 CBL-Mariner Releases 1.0 2025-09-03T21:58:26 <p>Information published.</p> 1.1 2026-02-18T02:57:30 <p>Information published.</p> Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-45145 Exposure of Resource to Wrong Sphere 18281-16823 18281-16823 Low 18281-16823 3.6 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N 18281-16823 CBL-Mariner Releases 18281-16823 No Security Update 6.2.14-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18281-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:32 <p>Information published.</p> OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-43907 Buffer Copy without Checking Size of Input (&#39;Classic Buffer Overflow&#39;) 18415-17084 18415-17084 Important 18415-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18415-17084 CBL-Mariner Releases 18415-17084 No Security Update 0.7.8-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18415-17084 CBL-Mariner Releases 1.0 2025-05-15T00:00:00 <p>Information published.</p> Memory Allocation with Excessive Size Value in Wireshark https://nvd.nist.gov/vuln/detail/CVE-2023-5371 https://nvd.nist.gov/vuln/detail/CVE-2023-5371 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2023-5371 Memory Allocation with Excessive Size Value 12356 12357 12356 12357 12356 12357 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12356 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12357 wireshark 12356 wireshark-4.4.7-1.azl3.x86_64.rpm 0001-01-01T00:00:00 wireshark-cli-4.4.7-1.azl3.x86_64.rpm 0001-01-01T00:00:00 wireshark-devel-4.4.7-1.azl3.x86_64.rpm 0001-01-01T00:00:00 wireshark-debuginfo-4.4.7-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.7-1 https://nvd.nist.gov/vuln/detail/CVE-2023-5371 12356 wireshark wireshark 12357 wireshark-4.4.7-1.azl3.aarch64.rpm 0001-01-01T00:00:00 wireshark-cli-4.4.7-1.azl3.aarch64.rpm 0001-01-01T00:00:00 wireshark-devel-4.4.7-1.azl3.aarch64.rpm 0001-01-01T00:00:00 wireshark-debuginfo-4.4.7-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.7-1 https://nvd.nist.gov/vuln/detail/CVE-2023-5371 12357 wireshark 1.0 2025-07-11T00:00:00 <p>Information published.</p> During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2023-5728 18469-17084 18469-17084 Important 18469-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18469-17084 1.1 2026-02-18T14:37:02 <p>Information published.</p> 1.0 2025-09-03T21:46:34 <p>Information published.</p> Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2023-5731 Out-of-bounds Write 18469-17084 18469-17084 Critical 18469-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18469-17084 1.1 2026-02-18T15:15:54 <p>Information published.</p> 1.0 2025-09-03T21:53:08 <p>Information published.</p> urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2018-25091 URL Redirection to Untrusted Site (&#39;Open Redirect&#39;) 19849-17086 17171-17086 19849-17086 17171-17086 19849-17086 Moderate 17171-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19849-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 17171-17086 1.0 2025-09-03T23:11:12 <p>Information published.</p> 2.0 2026-02-18T14:45:13 <p>Information published.</p> Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-45133 Incomplete List of Disallowed Inputs 20268-17084 20268-17084 Important 20268-17084 8.8 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 20268-17084 1.1 2026-02-18T15:01:49 <p>Information published.</p> 1.0 2025-09-04T00:00:04 <p>Information published.</p> Hackerone: CVE-2023-38039 HTTP headers eat all memory https://nvd.nist.gov/vuln/detail/CVE-2023-38039 https://nvd.nist.gov/vuln/detail/CVE-2023-38039 <p><strong>1. When will an update be available to address this vulnerability?</strong></p> <p>Microsoft is fully aware of this issue and is actively working to release version 8.4.0 of curl.exe in a future Windows update for currently supported, on-premise versions of Windows clients and servers. The Security Updates table for this CVE will be updated with the Windows update KB numbers for all supported versions as they are released. Customers will be notified via a revision to this security vulnerability when those KB numbers are available. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this CVE. See <a href="https://www.microsoft.com/en-us/msrc/technical-security-notifications?rtc=1">Microsoft Technical Security Notifications</a> and <a href="https://msrc-blog.microsoft.com/2022/08/09/security-update-guide-notification-system-news-create-your-profile-now/">Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center</a>.</p> <p><strong>2. What is the curl open-source project?</strong></p> <p>Curl is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various network protocols. The name stands for &quot;Client for URL&quot;. The Windows implementation provides access to the command-line tool, not the library.</p> <p><strong>3. Why is this Hackerone CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in curl.exe software which is consumed by Microsoft Windows. It is being documented in the Security Update Guide to make customers aware that Microsoft Windows is affected by this CVE, and that Microsoft will be including the curl fix for this vulnerability in a future Windows security update. Note that we do not provide CVSS scores for non-Microsoft CVEs. See <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-38039">NVD</a> for scoring information on this CVE.</p> <p><strong>4. How could an attacker exploit the vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would have to convince the victim to manually launch the curl utility and direct it to connect to a compromised server. This causes a denial of service of curl.</p> <p>For more information see <a href="https://curl.se/docs/CVE-2023-38039.html">HTTP headers eat all memory</a>.</p> <p><strong>5. What version of curl addresses this CVE?</strong></p> <p>Curl version 8.4.0 addresses this vulnerability.</p> <p><strong>6. Where can I find more information about this curl vulnerability?</strong></p> <p>More information can be found at <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-38039">NVD</a> and <a href="https://curl.se/docs/CVE-2023-38039.html">curl.se</a>.</p> <p><strong>7. Are there any workarounds that can be implemented?</strong></p> <p>IMPORTANT: Under no circumstances should you remove or replace <code>curl.exe</code>, the curl tool executable, as doing so may damage the Windows Update component store and prevent the installation of further security updates. Instead, we recommend deploying a code integrity policy that restricts the execution of vulnerable versions of <code>curl.exe</code>.</p> <p>Note that after you have implemented any of the workarounds the file will still exist on disk, and can still be detected by scanning software. The workaround only provides an operating system level guarantee that the vulnerable version of the curl tool cannot be executed.</p> <p><strong>Workaround</strong> Use a WDAC policy to deny execution of the \system32\curl.exe executable. You can merge the deny into an existing policy or create a new policy with it using the Merge-CIPolicy cmdlet; <a href="https://learn.microsoft.com/en-us/powershell/module/configci/merge-cipolicy?view=windowsserver2022-ps">Merge-CIPolicy (ConfigCI) | Microsoft Learn</a>. After the policy XML file with the deny has been created or merged with an existing policy it must be deployed.</p> <p>Choose how to deploy the policy by using one of the following methods <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide#choose-how-to-deploy-wdac-policies">Deploying Windows Defender Application Control (WDAC) policies | Microsoft Learn</a>:</p> <ul> <li>Deploy using a <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune">Mobile Device Management (MDM) </a>solution, such as Microsoft Intune</li> <li>Deploy using <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm">Microsoft Configuration Manager</a></li> <li>Deploy via <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script">script</a></li> <li>Deploy via <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy">group policy</a> Note that after you have deployed a code integrity policy workaround, the file will still exist on disk, and can still be detected by scanning software. The workaround only provides an operating system level guarantee that the vulnerable version of the curl tool cannot be executed.</li> </ul> <p>For example:</p> <p><strong>Create a new policy: (These steps will create a new policy named Deny-Curl.xml by merging the deny using the example policy named AllowAll.xml)</strong></p> <pre><code>$rule = new-cipolicyrule -DriverFilePath &quot;$env:systemroot\system32\curl.exe&quot; -Level FilePublisher -Deny $rule[0].attributes[&quot;MinimumFileVersion&quot;] = &quot;0.0.0.0&quot; $rule[0].attributes[&quot;MaximumFileVersion&quot;] = &quot;8.4.0.0&quot; merge-cipolicy &quot;$env:systemroot\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml&quot; -Rules $rule -OutputFilePath &quot;Deny-Curl.xml&quot; </code></pre> <p><strong>Merge into an existing policy</strong></p> <pre><code>$rule = new-cipolicyrule -DriverFilePath &quot;$env:systemroot\system32\curl.exe&quot; -Level FilePublisher -Deny $rule[0].attributes[&quot;MinimumFileVersion&quot;] = &quot;0.0.0.0&quot; $rule[0].attributes[&quot;MaximumFileVersion&quot;] = &quot;8.4.0.0&quot; merge-cipolicy &quot;existing_policy.xml&quot; -Rules $rule -OutputFilePath &quot;existing_policy.xml&quot; </code></pre> <p><strong>How to undo this workaround?</strong></p> <p>Guidance for how to remove WDAC policies can be found in the following documentation: <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies">Remove Windows Defender Application Control (WDAC) policies</a>.</p> Windows cURL Implementation support@hackerone.com Yes CVE-2023-38039 mariner - do not use this one 11572 11923 11924 11926 11927 12085 12086 12097 12098 12099 12139 12140 11568 11569 11570 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 12139 12140 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Low 11572 Low 11923 Low 11924 Low 11926 Low 11927 Low 12085 Low 12086 Low 12097 Low 12098 Low 12099 12139 12140 Low 11568 Low 11569 Low 11570 Low 11571 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 curl 12139 curl-8.3.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 curl-devel-8.3.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 curl-libs-8.3.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 curl-debuginfo-8.3.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.3.0-1 https://nvd.nist.gov/vuln/detail/CVE-2023-38039 12139 curl curl 12140 curl-8.3.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 curl-devel-8.3.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 curl-libs-8.3.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 curl-debuginfo-8.3.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.3.0-1 https://nvd.nist.gov/vuln/detail/CVE-2023-38039 12140 curl Anonymous <a href="https://blog.darkspace.dev/">Travis</a> with <a href="https://msrc.microsoft.com/">Microsoft</a> HackerOne with <a href="https://www.hackerone.com/">HackerOne</a> 1.0 2023-09-19T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22032 18286-16823 18286-16823 Moderate 18286-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18286-16823 CBL-Mariner Releases 18286-16823 No Security Update 8.0.35-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18286-16823 CBL-Mariner Releases 1.0 2023-10-20T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22065 18287-16823 18287-16823 Moderate 18287-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18287-16823 CBL-Mariner Releases 18287-16823 No Security Update 8.0.34-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18287-16823 CBL-Mariner Releases 1.0 2023-10-20T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22068 18286-16823 18286-16823 Moderate 18286-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18286-16823 CBL-Mariner Releases 18286-16823 No Security Update 8.0.35-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18286-16823 CBL-Mariner Releases 1.0 2023-10-19T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22079 18286-16823 18286-16823 Moderate 18286-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18286-16823 CBL-Mariner Releases 18286-16823 No Security Update 8.0.35-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18286-16823 CBL-Mariner Releases 1.0 2023-10-20T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22084 18286-16823 18286-16823 Moderate 18286-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18286-16823 CBL-Mariner Releases 18286-16823 No Security Update 8.0.35-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18286-16823 CBL-Mariner Releases 1.0 2023-10-20T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22092 18286-16823 18286-16823 Moderate 18286-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18286-16823 CBL-Mariner Releases 18286-16823 No Security Update 8.0.35-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18286-16823 CBL-Mariner Releases 1.0 2023-10-20T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22103 18286-16823 18286-16823 Moderate 18286-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18286-16823 CBL-Mariner Releases 18286-16823 No Security Update 8.0.35-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18286-16823 CBL-Mariner Releases 1.0 2023-10-20T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22111 18287-16823 18287-16823 Moderate 18287-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18287-16823 CBL-Mariner Releases 18287-16823 No Security Update 8.0.34-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18287-16823 CBL-Mariner Releases 1.0 2023-10-20T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22113 18287-16823 18287-16823 Low 18287-16823 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 18287-16823 CBL-Mariner Releases 18287-16823 No Security Update 8.0.34-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18287-16823 CBL-Mariner Releases 1.0 2023-10-20T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22115 18287-16823 18287-16823 Moderate 18287-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18287-16823 CBL-Mariner Releases 18287-16823 No Security Update 8.0.34-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18287-16823 CBL-Mariner Releases 1.0 2023-10-19T00:00:00 <p>Information published.</p> VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner vmware Yes CVE-2023-34058 Improper Verification of Cryptographic Signature 18272-16823 18272-16823 Important 18272-16823 7.5 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 18272-16823 CBL-Mariner Releases 18272-16823 No Security Update 11.3.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18272-16823 CBL-Mariner Releases 1.0 2023-10-31T00:00:00 <p>Information published.</p> When the Node.js policy feature checks the integrity of a resource against a trusted manifest the application can intercept the operation and return a forged checksum to the node's policy implementation thus effectively disabling the integrity check. Impacts: This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and 20.x. Please note that at the time this CVE was issued the policy mechanism is an experimental feature of Node.js. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2023-38552 Insufficient Verification of Data Authenticity 18284-16823 18284-16823 Important 18284-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 18284-16823 CBL-Mariner Releases 18284-16823 No Security Update 18.18.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18284-16823 CBL-Mariner Releases 1.0 2023-10-23T00:00:00 <p>Information published.</p> Kernel: netfilter: nftables out-of-bounds read in nf_osf_match_one() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-39189 Out-of-bounds Read 17917-16823 17917-16823 Moderate 17917-16823 6.0 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H 17917-16823 CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases 1.0 2023-10-12T00:00:00 <p>Information published.</p> Kernel: ebpf: insufficient stack type checks in dynptr <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-39191 Improper Input Validation 18259-16823 18259-16823 Important 18259-16823 8.2 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 18259-16823 CBL-Mariner Releases 18259-16823 No Security Update 5.15.137.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18259-16823 CBL-Mariner Releases 1.0 2023-10-11T00:00:00 <p>Information published.</p> Kernel: netfilter: xtables out-of-bounds read in u32_match_it() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-39192 Out-of-bounds Read 17917-16823 17917-16823 Moderate 17917-16823 6.0 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H 17917-16823 CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases 1.0 2023-10-12T00:00:00 <p>Information published.</p> Kernel: xfrm: out-of-bounds read in __xfrm_state_filter_match() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-39194 Out-of-bounds Read 17917-16823 17917-16823 Moderate 17917-16823 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 17917-16823 CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases 1.0 2023-10-12T00:00:00 <p>Information published.</p> HTTP/2 rapid reset can cause excessive work in net/http <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2023-39325 Allocation of Resources Without Limits or Throttling 19928-17086 19700-17086 19932-17084 18085-17084 19869-17084 18315-17084 19940-17084 19679-17084 18087-17084 19955-17084 19143-17084 19961-17084 19962-17084 19664-17084 19970-17084 19778-17086 17667-17084 19712-17086 19993-17084 19997-17086 19720-17086 18020-16823 18021-16823 17375-16823 17419-16823 17418-16823 18023-16823 18024-16823 18025-16823 18026-16823 18027-16823 18028-16823 18029-16823 18030-16823 18031-16823 18032-16823 18033-16823 18034-16823 18035-16823 18036-16823 18037-16823 18038-17084 17646-17084 17647-17084 18039-17084 18040-17084 17786-17084 18041-17084 18042-17084 18043-17084 18044-17084 17795-17084 17581-17084 18045-17084 17492-17084 18046-17084 18047-17084 18048-17084 18049-17084 18050-17084 17807-17084 17587-17084 17515-17084 19863-17084 19346-17084 19942-17084 17461-17084 19966-17084 19695-17086 19785-17086 19668-17086 19693-17084 19989-17084 19345-17084 19762-17084 19697-17084 20001-17084 19928-17086 19700-17086 19932-17084 18085-17084 19869-17084 18315-17084 19940-17084 19679-17084 18087-17084 19955-17084 19143-17084 19961-17084 19962-17084 19664-17084 19970-17084 19778-17086 17667-17084 19712-17086 19993-17084 19997-17086 19720-17086 18020-16823 18021-16823 17375-16823 17419-16823 17418-16823 18023-16823 18024-16823 18025-16823 18026-16823 18027-16823 18028-16823 18029-16823 18030-16823 18031-16823 18032-16823 18033-16823 18034-16823 18035-16823 18036-16823 18037-16823 18038-17084 17646-17084 17647-17084 18039-17084 18040-17084 17786-17084 18041-17084 18042-17084 18043-17084 18044-17084 17795-17084 17581-17084 18045-17084 17492-17084 18046-17084 18047-17084 18048-17084 18049-17084 18050-17084 17807-17084 17587-17084 17515-17084 19863-17084 19346-17084 19942-17084 17461-17084 19966-17084 19695-17086 19785-17086 19668-17086 19693-17084 19989-17084 19345-17084 19762-17084 19697-17084 20001-17084 Important 19928-17086 Important 19700-17086 Important 19932-17084 Important 18085-17084 Important 19869-17084 Important 18315-17084 Important 19940-17084 Important 19679-17084 Important 18087-17084 Important 19955-17084 Important 19143-17084 Important 19961-17084 Important 19962-17084 Important 19664-17084 Important 19970-17084 Important 19778-17086 Important 17667-17084 Important 19712-17086 Important 19993-17084 Important 19997-17086 Important 19720-17086 Important 18020-16823 Important 18021-16823 Important 17375-16823 Important 17419-16823 Important 17418-16823 Important 18023-16823 Important 18024-16823 Important 18025-16823 Important 18026-16823 Important 18027-16823 Important 18028-16823 Important 18029-16823 Important 18030-16823 Important 18031-16823 Important 18032-16823 Important 18033-16823 Important 18034-16823 Important 18035-16823 Important 18036-16823 Important 18037-16823 Important 18038-17084 Important 17646-17084 Important 17647-17084 Important 18039-17084 Important 18040-17084 Important 17786-17084 Important 18041-17084 Important 18042-17084 Important 18043-17084 Important 18044-17084 Important 17795-17084 Important 17581-17084 Important 18045-17084 Important 17492-17084 Important 18046-17084 Important 18047-17084 Important 18048-17084 Important 18049-17084 Important 18050-17084 Important 17807-17084 Important 17587-17084 Important 17515-17084 Important 19863-17084 Important 19346-17084 Important 19942-17084 Important 17461-17084 Important 19966-17084 Important 19695-17086 Important 19785-17086 Important 19668-17086 Important 19693-17084 Important 19989-17084 Important 19345-17084 Important 19762-17084 Important 19697-17084 Important 20001-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19928-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19700-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19932-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18085-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19869-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18315-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19940-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19679-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18087-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19955-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19143-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19961-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19962-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19664-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19970-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19778-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17667-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19712-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19993-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19997-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19720-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18020-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18021-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17375-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17419-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17418-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18023-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18024-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18025-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18026-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18027-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18028-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18029-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18030-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18031-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18032-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18033-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18034-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18035-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18036-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18037-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18038-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17646-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17647-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18039-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18040-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17786-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18041-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18042-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18043-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18044-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17795-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17581-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18045-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17492-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18046-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18047-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18048-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18049-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18050-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17807-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17587-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17515-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19863-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19346-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19942-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17461-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19966-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19695-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19785-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19668-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19989-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19345-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19762-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19697-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20001-17084 CBL-Mariner Releases 19928-17086 No Security Update 1.8.7-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19928-17086 CBL-Mariner Releases CBL-Mariner Releases 19700-17086 17419-16823 17418-16823 19695-17086 No Security Update 3.2.0.azl2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19700-17086 17419-16823 17418-16823 19695-17086 CBL-Mariner Releases CBL-Mariner Releases 19932-17084 17807-17084 No Security Update 2.3.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19932-17084 17807-17084 CBL-Mariner Releases CBL-Mariner Releases 18085-17084 18049-17084 No Security Update 8.7.3-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18085-17084 18049-17084 CBL-Mariner Releases CBL-Mariner Releases 19869-17084 No Security Update 1.11.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19869-17084 CBL-Mariner Releases CBL-Mariner Releases 19940-17084 17492-17084 No Security Update 3.6.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19940-17084 17492-17084 CBL-Mariner Releases CBL-Mariner Releases 18087-17084 17581-17084 No Security Update 3.10.182-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18087-17084 17581-17084 CBL-Mariner Releases CBL-Mariner Releases 19955-17084 17795-17084 No Security Update 0.0.10-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19955-17084 17795-17084 CBL-Mariner Releases CBL-Mariner Releases 19143-17084 18044-17084 No Security Update 0.0.24-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19143-17084 18044-17084 CBL-Mariner Releases CBL-Mariner Releases 19961-17084 No Security Update 0.63.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19961-17084 CBL-Mariner Releases CBL-Mariner Releases 19962-17084 18041-17084 No Security Update 1.9.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19962-17084 18041-17084 CBL-Mariner Releases CBL-Mariner Releases 19664-17084 No Security Update 1.29.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19664-17084 CBL-Mariner Releases CBL-Mariner Releases 19970-17084 No Security Update 19.0.4-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19970-17084 CBL-Mariner Releases CBL-Mariner Releases 19778-17086 19785-17086 19345-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19778-17086 19785-17086 19345-17084 CBL-Mariner Releases CBL-Mariner Releases 19993-17084 17646-17084 17647-17084 19989-17084 No Security Update 3.2.0.azl4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19993-17084 17646-17084 17647-17084 19989-17084 CBL-Mariner Releases CBL-Mariner Releases 19997-17086 18021-16823 No Security Update 3.5.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19997-17086 18021-16823 CBL-Mariner Releases CBL-Mariner Releases 19720-17086 18020-16823 No Security Update 2.37.9-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19720-17086 18020-16823 CBL-Mariner Releases CBL-Mariner Releases 17375-16823 No Security Update 1.21.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17375-16823 CBL-Mariner Releases CBL-Mariner Releases 18023-16823 No Security Update 3.8-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18023-16823 CBL-Mariner Releases CBL-Mariner Releases 18024-16823 No Security Update 1.9.1-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18024-16823 CBL-Mariner Releases CBL-Mariner Releases 18025-16823 18046-17084 No Security Update 3.5.6-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18025-16823 18046-17084 CBL-Mariner Releases CBL-Mariner Releases 18026-16823 18047-17084 No Security Update 1.9.3-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18026-16823 18047-17084 CBL-Mariner Releases CBL-Mariner Releases 18027-16823 No Security Update 1.12.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18027-16823 CBL-Mariner Releases CBL-Mariner Releases 18028-16823 18039-17084 No Security Update 16.0.2-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18028-16823 18039-17084 CBL-Mariner Releases CBL-Mariner Releases 18029-16823 18042-17084 No Security Update 0.50.2-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18029-16823 18042-17084 CBL-Mariner Releases CBL-Mariner Releases 18030-16823 18043-17084 No Security Update 1.7.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18030-16823 18043-17084 CBL-Mariner Releases CBL-Mariner Releases 18031-16823 No Security Update 1.6.22-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18031-16823 CBL-Mariner Releases CBL-Mariner Releases 18032-16823 No Security Update 2.17.2-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18032-16823 CBL-Mariner Releases CBL-Mariner Releases 18033-16823 18050-17084 No Security Update 1.11.2-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18033-16823 18050-17084 CBL-Mariner Releases CBL-Mariner Releases 18034-16823 18040-17084 No Security Update 1.27.3-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18034-16823 18040-17084 CBL-Mariner Releases CBL-Mariner Releases 18035-16823 No Security Update 1.28.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18035-16823 CBL-Mariner Releases CBL-Mariner Releases 18036-16823 No Security Update 2.1.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18036-16823 CBL-Mariner Releases CBL-Mariner Releases 18037-16823 18045-17084 No Security Update 1.20.7-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18037-16823 18045-17084 CBL-Mariner Releases CBL-Mariner Releases 18038-17084 No Security Update 4.0.2-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18038-17084 CBL-Mariner Releases CBL-Mariner Releases 17786-17084 19966-17084 No Security Update 0.12.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17786-17084 19966-17084 CBL-Mariner Releases CBL-Mariner Releases 18048-17084 19346-17084 No Security Update 1.57.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18048-17084 19346-17084 CBL-Mariner Releases CBL-Mariner Releases 17587-17084 17515-17084 No Security Update 1.7.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17587-17084 17515-17084 CBL-Mariner Releases CBL-Mariner Releases 19863-17084 No Security Update 1.12.12-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19863-17084 CBL-Mariner Releases CBL-Mariner Releases 19942-17084 No Security Update 3.5.12-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19942-17084 CBL-Mariner Releases CBL-Mariner Releases 17461-17084 No Security Update 1.7.7-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17461-17084 CBL-Mariner Releases 4.5 2025-01-30T00:00:00 <p>Added containerized-data-importer to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cf-cli to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added vitess to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added etcd to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added moby-containerd-cc to Azure Linux 3.0 Added prometheus to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0</p> 4.6 2025-02-01T00:00:00 <p>Added git-lfs to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cf-cli to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added vitess to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added etcd to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added moby-containerd-cc to Azure Linux 3.0 Added prometheus to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0</p> 4.9 2026-02-18T02:41:27 <p>Information published.</p> 1.0 2023-10-23T00:00:00 <p>Information published.</p> 1.1 2023-10-28T00:00:00 <p>Added coredns to CBL-Mariner 2.0</p> 1.2 2023-10-24T00:00:00 <p>Added moby-compose to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0</p> 1.3 2024-01-18T00:00:00 <p>Added packer to CBL-Mariner 2.0</p> 1.4 2024-04-20T00:00:00 <p>Added git-lfs to CBL-Mariner 2.0</p> 1.5 2024-02-02T00:00:00 <p>Added kata-containers-cc to CBL-Mariner 2.0</p> 1.6 2024-03-07T00:00:00 <p>Added kata-containers to CBL-Mariner 2.0</p> 1.7 2024-06-30T07:00:00 <p>Information published.</p> 1.8 2024-07-12T00:00:00 <p>Information published.</p> 1.9 2024-08-15T00:00:00 <p>Information published.</p> 2.0 2024-08-16T00:00:00 <p>Information published.</p> 2.1 2024-08-17T00:00:00 <p>Information published.</p> 2.2 2024-08-18T00:00:00 <p>Information published.</p> 2.3 2024-08-19T00:00:00 <p>Information published.</p> 2.4 2024-08-20T00:00:00 <p>Information published.</p> 2.5 2024-08-21T00:00:00 <p>Information published.</p> 2.6 2024-08-22T00:00:00 <p>Information published.</p> 2.7 2024-08-23T00:00:00 <p>Information published.</p> 2.8 2024-08-24T00:00:00 <p>Information published.</p> 2.9 2024-08-25T00:00:00 <p>Information published.</p> 3.0 2024-08-26T00:00:00 <p>Information published.</p> 3.1 2024-08-27T00:00:00 <p>Information published.</p> 3.2 2024-08-28T00:00:00 <p>Information published.</p> 3.3 2024-08-29T00:00:00 <p>Information published.</p> 3.4 2024-08-30T00:00:00 <p>Information published.</p> 3.5 2024-08-31T00:00:00 <p>Information published.</p> 3.6 2024-09-01T00:00:00 <p>Information published.</p> 3.7 2024-09-02T00:00:00 <p>Information published.</p> 3.8 2024-09-03T00:00:00 <p>Information published.</p> 3.9 2024-09-05T00:00:00 <p>Information published.</p> 4.0 2024-09-06T00:00:00 <p>Information published.</p> 4.1 2024-09-07T00:00:00 <p>Information published.</p> 4.2 2024-09-08T00:00:00 <p>Information published.</p> 4.3 2024-09-11T00:00:00 <p>Information published.</p> 4.4 2024-11-12T00:00:00 <p>Added prometheus to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cf-cli to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added vitess to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added etcd to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added moby-containerd-cc to Azure Linux 3.0</p> 4.7 2025-02-11T00:00:00 <p>Added application-gateway-kubernetes-ingress to Azure Linux 3.0 Added kata-containers to Azure Linux 3.0 Added kata-containers-cc to Azure Linux 3.0 Added git-lfs to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cf-cli to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added vitess to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added etcd to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added moby-containerd-cc to Azure Linux 3.0 Added prometheus to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0</p> 4.8 2025-02-20T00:00:00 <p>Added jx to Azure Linux 3.0 Added local-path-provisioner to Azure Linux 3.0 Added application-gateway-kubernetes-ingress to Azure Linux 3.0 Added kata-containers to Azure Linux 3.0 Added kata-containers-cc to Azure Linux 3.0 Added git-lfs to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cf-cli to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added vitess to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added etcd to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added moby-containerd-cc to Azure Linux 3.0 Added prometheus to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0</p> extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation as demonstrated by a WARNING for try_grab_page. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-40791 17917-16823 17917-16823 Moderate 17917-16823 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 17917-16823 CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases 1.0 2023-10-20T00:00:00 <p>Information published.</p> 1.1 2023-10-24T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0</p> Kernel: integer overflow in igmpv3_newpack leading to exploitable memory access <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-42752 Integer Overflow or Wraparound 18259-16823 18259-16823 Moderate 18259-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18259-16823 CBL-Mariner Releases 18259-16823 No Security Update 5.15.137.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18259-16823 CBL-Mariner Releases 1.0 2023-10-19T00:00:00 <p>Information published.</p> Kernel: ipv4: null pointer dereference in ipv4_send_dest_unreach() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-42754 NULL Pointer Dereference 17917-16823 17917-16823 Moderate 17917-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17917-16823 CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases 1.0 2023-10-12T00:00:00 <p>Information published.</p> Apache HTTP Server: DoS in HTTP/2 with initial windows size 0 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2023-43622 Uncontrolled Resource Consumption 18285-16823 17683-17084 18285-16823 17683-17084 Important 18285-16823 Important 17683-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18285-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17683-17084 CBL-Mariner Releases 18285-16823 No Security Update 2.4.58-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18285-16823 CBL-Mariner Releases CBL-Mariner Releases 17683-17084 No Security Update 2.0.29-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17683-17084 CBL-Mariner Releases 1.0 2023-10-23T00:00:00 <p>Information published.</p> 1.1 2025-05-15T00:00:00 <p>Added mod_http2 to Azure Linux 3.0 Added httpd to CBL-Mariner 2.0</p> Libx11: stack exhaustion from infinite recursion in putsubimage() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-43786 Loop with Unreachable Exit Condition ('Infinite Loop') 18292-16823 18292-16823 Moderate 18292-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18292-16823 CBL-Mariner Releases 18292-16823 No Security Update 1.8.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18292-16823 CBL-Mariner Releases 1.0 2023-10-16T00:00:00 <p>Information published.</p> Libxpm: out of bounds read in xpmcreatexpmimagefrombuffer() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-43788 Out-of-bounds Read 18291-16823 18291-16823 Moderate 18291-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18291-16823 CBL-Mariner Releases 18291-16823 No Security Update 3.5.17-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18291-16823 CBL-Mariner Releases 1.0 2023-10-17T00:00:00 <p>Information published.</p> `Cookie` HTTP header isn't stripped on cross-origin redirects <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-43804 Exposure of Sensitive Information to an Unauthorized Actor 20028-17084 18017-16823 17714-17084 18469-17084 17667-17084 19849-17086 19681-17086 17171-17086 20028-17084 18017-16823 17714-17084 18469-17084 17667-17084 19849-17086 19681-17086 17171-17086 Important 20028-17084 Important 18017-16823 Important 17714-17084 Important 18469-17084 Important 17667-17084 19849-17086 Moderate 19681-17086 Moderate 17171-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N 20028-17084 8.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 18017-16823 8.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 17714-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N 18469-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N 17667-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N 19849-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N 19681-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N 17171-17086 CBL-Mariner Releases 20028-17084 17714-17084 No Security Update 2.0.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20028-17084 17714-17084 CBL-Mariner Releases CBL-Mariner Releases 18017-16823 No Security Update 1.26.18-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18017-16823 CBL-Mariner Releases CBL-Mariner Releases 19681-17086 No Security Update 3.9.19-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19681-17086 CBL-Mariner Releases 2.6 2025-04-17T00:00:00 <p>Added python3 to CBL-Mariner 2.0 Added python-urllib3 to CBL-Mariner 2.0 Added python3 to Azure Linux 3.0 Added python-urllib3 to Azure Linux 3.0</p> 1.0 2023-10-09T00:00:00 <p>Information published.</p> 1.1 2024-08-25T00:00:00 <p>Information published.</p> 1.2 2024-08-26T00:00:00 <p>Information published.</p> 1.3 2024-08-27T00:00:00 <p>Information published.</p> 1.4 2024-08-28T00:00:00 <p>Information published.</p> 1.5 2024-08-29T00:00:00 <p>Information published.</p> 1.6 2024-08-30T00:00:00 <p>Information published.</p> 1.7 2024-08-31T00:00:00 <p>Information published.</p> 1.8 2024-09-01T00:00:00 <p>Information published.</p> 1.9 2024-09-02T00:00:00 <p>Information published.</p> 2.0 2024-09-03T00:00:00 <p>Information published.</p> 2.1 2024-09-05T00:00:00 <p>Information published.</p> 2.2 2024-09-06T00:00:00 <p>Information published.</p> 2.3 2024-09-07T00:00:00 <p>Information published.</p> 2.4 2024-09-08T00:00:00 <p>Information published.</p> 2.5 2024-09-11T00:00:00 <p>Information published.</p> 3.0 2026-02-20T23:12:56 <p>Information published.</p> OpenTelemetry-Go Contrib has DoS vulnerability in otelhttp due to unbound cardinality metrics <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-45142 Allocation of Resources Without Limits or Throttling 20090-17086 19863-17084 18252-17084 20094-17084 19808-17084 18123-16823 17411-16823 18124-16823 18057-16823 17801-17084 17786-17084 18125-17084 17789-17084 18126-17084 17795-17084 17766-17084 19955-17084 19961-17084 19966-17084 20001-17084 20090-17086 19863-17084 18252-17084 20094-17084 19808-17084 18123-16823 17411-16823 18124-16823 18057-16823 17801-17084 17786-17084 18125-17084 17789-17084 18126-17084 17795-17084 17766-17084 19955-17084 19961-17084 19966-17084 20001-17084 Important 20090-17086 Important 19863-17084 Important 18252-17084 Important 20094-17084 Important 19808-17084 Important 18123-16823 Important 17411-16823 Important 18124-16823 Important 18057-16823 Important 17801-17084 Important 17786-17084 Important 18125-17084 Important 17789-17084 Important 18126-17084 Important 17795-17084 Important 17766-17084 Important 19955-17084 Important 19961-17084 Important 19966-17084 Important 20001-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20090-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19863-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18252-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20094-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19808-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18123-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17411-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18124-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18057-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17801-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17786-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18125-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17789-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18126-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17795-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17766-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19955-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19961-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19966-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20001-17084 CBL-Mariner Releases 20090-17086 17411-16823 17789-17084 19961-17084 No Security Update 0.63.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20090-17086 17411-16823 17789-17084 19961-17084 CBL-Mariner Releases CBL-Mariner Releases 19863-17084 17766-17084 No Security Update 1.12.12-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19863-17084 17766-17084 CBL-Mariner Releases CBL-Mariner Releases 18252-17084 18126-17084 No Security Update 1.29.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18252-17084 18126-17084 CBL-Mariner Releases CBL-Mariner Releases 20094-17084 18125-17084 No Security Update 2.45.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20094-17084 18125-17084 CBL-Mariner Releases CBL-Mariner Releases 19808-17084 17801-17084 No Security Update 0.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19808-17084 17801-17084 CBL-Mariner Releases CBL-Mariner Releases 18123-16823 No Security Update 24.0.9-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18123-16823 CBL-Mariner Releases CBL-Mariner Releases 18124-16823 No Security Update 2.17.3-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18124-16823 CBL-Mariner Releases CBL-Mariner Releases 18057-16823 No Security Update 1.29.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18057-16823 CBL-Mariner Releases CBL-Mariner Releases 17786-17084 19966-17084 No Security Update 0.12.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17786-17084 19966-17084 CBL-Mariner Releases CBL-Mariner Releases 17795-17084 19955-17084 No Security Update 0.0.10-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17795-17084 19955-17084 CBL-Mariner Releases 1.0 2024-01-21T00:00:00 <p>Information published.</p> 1.1 2023-10-16T00:00:00 <p>Information published.</p> 1.2 2024-06-30T07:00:00 <p>Information published.</p> 1.3 2024-08-25T00:00:00 <p>Information published.</p> 1.4 2024-08-26T00:00:00 <p>Information published.</p> 1.5 2024-08-27T00:00:00 <p>Information published.</p> 1.6 2024-08-28T00:00:00 <p>Information published.</p> 1.7 2024-08-29T00:00:00 <p>Information published.</p> 1.8 2024-08-30T00:00:00 <p>Information published.</p> 1.9 2024-08-31T00:00:00 <p>Information published.</p> 2.0 2024-09-01T00:00:00 <p>Information published.</p> 2.1 2024-09-02T00:00:00 <p>Information published.</p> 2.2 2024-09-03T00:00:00 <p>Information published.</p> 2.3 2024-09-05T00:00:00 <p>Information published.</p> 2.4 2024-09-06T00:00:00 <p>Information published.</p> 2.5 2024-09-07T00:00:00 <p>Information published.</p> 2.6 2024-09-08T00:00:00 <p>Information published.</p> 2.7 2024-09-11T00:00:00 <p>Information published.</p> 2.8 2026-02-18T02:55:42 <p>Information published.</p> libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail." <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-45322 Use After Free 18293-16823 17739-17084 19447-17084 18293-16823 17739-17084 19447-17084 Moderate 18293-16823 Moderate 17739-17084 Moderate 19447-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18293-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17739-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19447-17084 CBL-Mariner Releases 18293-16823 No Security Update 2.10.4-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18293-16823 CBL-Mariner Releases CBL-Mariner Releases 17739-17084 19447-17084 No Security Update 2.11.5-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17739-17084 19447-17084 CBL-Mariner Releases 1.1 2025-01-30T00:00:00 <p>Added libxml2 to Azure Linux 3.0 Added libxml2 to CBL-Mariner 2.0</p> 1.0 2023-10-12T00:00:00 <p>Information published.</p> 1.2 2026-02-18T01:01:48 <p>Information published.</p> Request body not stripped after redirect in urllib3 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-45803 Exposure of Sensitive Information to an Unauthorized Actor 20028-17084 17667-17084 17545-17084 18017-16823 17690-17084 17714-17084 17693-17084 18469-17084 19849-17086 19681-17086 17171-17086 20028-17084 17667-17084 17545-17084 18017-16823 17690-17084 17714-17084 17693-17084 18469-17084 19849-17086 19681-17086 17171-17086 Moderate 20028-17084 Moderate 17667-17084 Moderate 17545-17084 Moderate 18017-16823 Moderate 17690-17084 Moderate 17714-17084 Moderate 17693-17084 Moderate 18469-17084 19849-17086 Moderate 19681-17086 Moderate 17171-17086 4.2 4.2 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 20028-17084 4.2 4.2 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 17667-17084 4.2 4.2 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 17545-17084 4.2 4.2 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 18017-16823 4.2 4.2 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 17690-17084 4.2 4.2 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 17714-17084 4.2 4.2 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 17693-17084 4.2 4.2 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 18469-17084 4.2 4.2 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 19849-17086 4.2 4.2 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 19681-17086 4.2 4.2 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 17171-17086 CBL-Mariner Releases 20028-17084 17714-17084 No Security Update 2.0.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20028-17084 17714-17084 CBL-Mariner Releases CBL-Mariner Releases 17545-17084 No Security Update 3.12.9-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17545-17084 CBL-Mariner Releases CBL-Mariner Releases 18017-16823 No Security Update 1.26.18-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18017-16823 CBL-Mariner Releases CBL-Mariner Releases 17690-17084 17693-17084 No Security Update 24.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17690-17084 17693-17084 CBL-Mariner Releases CBL-Mariner Releases 19849-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19849-17086 CBL-Mariner Releases CBL-Mariner Releases 19681-17086 No Security Update 3.9.19-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19681-17086 CBL-Mariner Releases 2.2 2024-10-25T00:00:00 <p>Added python-pip to Azure Linux 3.0 Added python-urllib3 to Azure Linux 3.0 Added python-urllib3 to CBL-Mariner 2.0</p> 2.3 2025-03-14T00:00:00 <p>Added python3 to Azure Linux 3.0 Added python-pip to Azure Linux 3.0 Added python-urllib3 to Azure Linux 3.0 Added python-urllib3 to CBL-Mariner 2.0</p> 3.0 2025-07-18T00:00:00 <p>Added python3 to CBL-Mariner 2.0 Added python-urllib3 to CBL-Mariner 2.0 Added python3 to Azure Linux 3.0 Added python-pip to Azure Linux 3.0 Added python-urllib3 to Azure Linux 3.0</p> 1.0 2023-10-23T00:00:00 <p>Information published.</p> 1.1 2024-08-29T00:00:00 <p>Information published.</p> 1.2 2024-08-30T00:00:00 <p>Information published.</p> 1.3 2024-08-31T00:00:00 <p>Information published.</p> 1.4 2024-09-01T00:00:00 <p>Information published.</p> 1.5 2024-09-02T00:00:00 <p>Information published.</p> 1.6 2024-09-03T00:00:00 <p>Information published.</p> 1.7 2024-09-05T00:00:00 <p>Information published.</p> 1.8 2024-09-06T00:00:00 <p>Information published.</p> 1.9 2024-09-07T00:00:00 <p>Information published.</p> 2.0 2024-09-08T00:00:00 <p>Information published.</p> 2.1 2024-09-11T00:00:00 <p>Information published.</p> 4.0 2026-02-20T23:15:38 <p>Information published.</p> An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-45862 Allocation of Resources Without Limits or Throttling 17917-16823 17917-16823 Moderate 17917-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17917-16823 CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases 1.0 2023-10-20T00:00:00 <p>Information published.</p> The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c related to ext4_es_insert_extent. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-45898 Use After Free 17917-16823 17917-16823 Important 17917-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17917-16823 CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases 1.0 2023-10-20T00:00:00 <p>Information published.</p> xkeys Seal encryption used fixed key for all encryption <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-46129 Use of Hard-coded Cryptographic Key 18186-16823 18164-17084 19664-17084 18186-16823 18164-17084 19664-17084 Important 18186-16823 Important 18164-17084 Important 19664-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 18186-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 18164-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19664-17084 CBL-Mariner Releases 18186-16823 No Security Update 1.27.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18186-16823 CBL-Mariner Releases CBL-Mariner Releases 18164-17084 19664-17084 No Security Update 1.29.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18164-17084 19664-17084 CBL-Mariner Releases 1.2 2026-02-18T02:09:47 <p>Information published.</p> 1.0 2023-11-07T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> Werkzeug vulnerable to high resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-46136 Out-of-bounds Write 19958-17084 18276-16823 18277-17084 19958-17084 18276-16823 18277-17084 Important 19958-17084 Important 18276-16823 Important 18277-17084 8.0 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19958-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18276-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18277-17084 CBL-Mariner Releases 19958-17084 18277-17084 No Security Update 3.0.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19958-17084 18277-17084 CBL-Mariner Releases CBL-Mariner Releases 18276-16823 No Security Update 2.3.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18276-16823 CBL-Mariner Releases 1.2 2026-02-18T01:32:43 <p>Information published.</p> 1.0 2023-10-30T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> Integer Overflow in :history command in Vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-46246 Integer Overflow or Wraparound 18250-16823 18250-16823 Moderate 18250-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18250-16823 CBL-Mariner Releases 18250-16823 No Security Update 9.0.2112-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18250-16823 CBL-Mariner Releases 1.0 2023-10-30T00:00:00 <p>Information published.</p> An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data leading to a crash. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-46752 20139-17084 18275-16823 18267-17084 20139-17084 18275-16823 18267-17084 Moderate 20139-17084 Moderate 18275-16823 Moderate 18267-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20139-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 18275-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 18267-17084 CBL-Mariner Releases 20139-17084 18267-17084 No Security Update 9.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20139-17084 18267-17084 CBL-Mariner Releases CBL-Mariner Releases 18275-16823 No Security Update 8.5.3-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18275-16823 CBL-Mariner Releases 1.2 2026-02-18T02:14:23 <p>Information published.</p> 1.0 2023-10-30T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes e.g. one with only an unknown transit attribute. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-46753 Incorrect Authorization 20139-17084 18275-16823 18267-17084 20139-17084 18275-16823 18267-17084 Moderate 20139-17084 Moderate 18275-16823 Moderate 18267-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20139-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 18275-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 18267-17084 CBL-Mariner Releases 20139-17084 18267-17084 No Security Update 9.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20139-17084 18267-17084 CBL-Mariner Releases CBL-Mariner Releases 18275-16823 No Security Update 8.5.3-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18275-16823 CBL-Mariner Releases 1.0 2023-11-01T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2026-02-18T02:11:25 <p>Information published.</p> An issue was discovered in the Linux kernel before 6.5.9 exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-46813 17785-17084 18259-16823 17748-17084 17785-17084 18259-16823 17748-17084 Important 17785-17084 Important 18259-16823 Important 17748-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17785-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 18259-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17748-17084 CBL-Mariner Releases 17785-17084 17748-17084 No Security Update 6.6.29.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17785-17084 17748-17084 CBL-Mariner Releases CBL-Mariner Releases 18259-16823 No Security Update 5.15.137.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18259-16823 CBL-Mariner Releases 1.2 2026-02-19T01:03:52 <p>Information published.</p> 1.0 2023-11-08T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> In Memcached before 1.6.22 a buffer overflow exists when processing multiget requests in proxy mode if there are many spaces after the "get" substring. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-46852 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 18273-16823 18274-17084 19776-17084 18273-16823 18274-17084 19776-17084 Important 18273-16823 Important 18274-17084 Important 19776-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18273-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18274-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19776-17084 CBL-Mariner Releases 18273-16823 No Security Update 1.6.22-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18273-16823 CBL-Mariner Releases CBL-Mariner Releases 18274-17084 19776-17084 No Security Update 1.6.27-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18274-17084 19776-17084 CBL-Mariner Releases 1.0 2023-10-31T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2026-02-18T01:07:52 <p>Information published.</p> An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-46862 NULL Pointer Dereference 18220-16823 18220-16823 Moderate 18220-16823 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 18220-16823 CBL-Mariner Releases 18220-16823 No Security Update 5.15.143.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18220-16823 CBL-Mariner Releases 1.0 2023-11-08T00:00:00 <p>Information published.</p> Grub2: out-of-bounds read at fs/ntfs.c <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-4693 Out-of-bounds Read 18278-16823 18279-17084 19663-17084 18278-16823 18279-17084 19663-17084 Moderate 18278-16823 Moderate 18279-17084 Moderate 19663-17084 4.6 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 18278-16823 4.6 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 18279-17084 5.3 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 19663-17084 CBL-Mariner Releases 18278-16823 No Security Update 2.06-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18278-16823 CBL-Mariner Releases CBL-Mariner Releases 18279-17084 19663-17084 No Security Update 2.06-18 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18279-17084 19663-17084 CBL-Mariner Releases 1.0 2023-10-27T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2026-02-19T01:02:45 <p>Information published.</p> Heap-based Buffer Overflow in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2023-5344 18290-16823 18290-16823 Important 18290-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18290-16823 CBL-Mariner Releases 18290-16823 No Security Update 9.0.2010-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18290-16823 CBL-Mariner Releases 1.0 2023-10-05T00:00:00 <p>Information published.</p> Use-after-free in Linux kernel's fs/smb/client component <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-5345 Use After Free 17834-16823 17917-16823 17834-16823 17917-16823 Important 17834-16823 Important 17917-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17834-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17917-16823 CBL-Mariner Releases 17834-16823 No Security Update 5.15.135.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17834-16823 CBL-Mariner Releases CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases 1.0 2023-10-11T00:00:00 <p>Information published.</p> 1.1 2023-11-01T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0</p> Incorrect cipher key & IV length processing <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openssl Yes CVE-2023-5363 Incorrect Provision of Specified Functionality 19801-17086 19807-17084 17459-17084 16977-16823 16982-17084 19809-17086 17238-17086 19801-17086 19807-17084 17459-17084 16977-16823 16982-17084 19809-17086 17238-17086 Important 19801-17086 Important 19807-17084 Important 17459-17084 Important 16977-16823 Important 16982-17084 19809-17086 Important 17238-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19801-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19807-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17459-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 16977-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 16982-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19809-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17238-17086 CBL-Mariner Releases 19801-17086 19807-17084 No Security Update 38.0.72.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19801-17086 19807-17084 CBL-Mariner Releases CBL-Mariner Releases 16977-16823 16982-17084 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16977-16823 16982-17084 CBL-Mariner Releases CBL-Mariner Releases 19809-17086 17238-17086 No Security Update 1.0.1-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19809-17086 17238-17086 CBL-Mariner Releases 1.0 2023-10-31T00:00:00 <p>Information published.</p> 1.1 2024-07-13T00:00:00 <p>Information published.</p> 1.2 2024-08-29T00:00:00 <p>Information published.</p> 1.3 2024-08-30T00:00:00 <p>Information published.</p> 1.4 2024-08-31T00:00:00 <p>Information published.</p> 1.5 2024-09-01T00:00:00 <p>Information published.</p> 1.6 2024-09-02T00:00:00 <p>Information published.</p> 1.7 2024-09-03T00:00:00 <p>Information published.</p> 1.8 2024-09-05T00:00:00 <p>Information published.</p> 1.9 2024-09-06T00:00:00 <p>Information published.</p> 2.0 2024-09-07T00:00:00 <p>Information published.</p> 2.1 2024-09-08T00:00:00 <p>Information published.</p> 2.2 2024-09-11T00:00:00 <p>Information published.</p> 2.3 2024-11-28T00:00:00 <p>Added hvloader to CBL-Mariner 2.0 Added cloud-hypervisor-cvm to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0 Added cloud-hypervisor-cvm to Azure Linux 3.0</p> 3.0 2026-02-19T01:53:27 <p>Information published.</p> Xorg-x11-server: use-after-free bug in destroywindow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-5380 Use After Free 17430-16823 17430-16823 Moderate 17430-16823 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17430-16823 CBL-Mariner Releases 17430-16823 No Security Update 1.20.10-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17430-16823 CBL-Mariner Releases 1.0 2023-10-30T00:00:00 <p>Information published.</p> NULL Pointer Dereference in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2023-5441 18290-16823 18290-16823 Moderate 18290-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18290-16823 CBL-Mariner Releases 18290-16823 No Security Update 9.0.2010-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18290-16823 CBL-Mariner Releases 1.0 2023-10-09T00:00:00 <p>Information published.</p> Use After Free in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2023-5535 18290-16823 18290-16823 Important 18290-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18290-16823 CBL-Mariner Releases 18290-16823 No Security Update 9.0.2010-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18290-16823 CBL-Mariner Releases 1.0 2024-07-12T00:00:00 <p>Information published.</p> Xorg-x11-server: use-after-free bug in damagedestroy <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-5574 Use After Free 17430-16823 17430-16823 Important 17430-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17430-16823 CBL-Mariner Releases 17430-16823 No Security Update 1.20.10-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17430-16823 CBL-Mariner Releases 1.0 2023-10-30T00:00:00 <p>Information published.</p> Out-of-bounds write in Linux kernel's Linux Kernel Performance Events (perf) component <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-5717 Out-of-bounds Write 18260-16823 18259-16823 18260-16823 18259-16823 Important 18260-16823 Important 18259-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18260-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18259-16823 CBL-Mariner Releases 18260-16823 18259-16823 No Security Update 5.15.137.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18260-16823 18259-16823 CBL-Mariner Releases 1.0 2023-11-04T00:00:00 <p>Information published.</p> 1.1 2023-11-08T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0</p> Mercurial configuration injectable in repo revision when installing via pip <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner PSF Yes CVE-2023-5752 Improper Neutralization of Special Elements used in a Command ('Command Injection') 18469-17084 19964-17084 17712-17084 17667-17084 19849-17086 19681-17086 17171-17086 18469-17084 19964-17084 17712-17084 17667-17084 19849-17086 19681-17086 17171-17086 Low 18469-17084 Low 19964-17084 Low 17712-17084 Low 17667-17084 19849-17086 Moderate 19681-17086 Moderate 17171-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 18469-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 19964-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 17712-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 17667-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 19849-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 19681-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 17171-17086 CBL-Mariner Releases 19964-17084 17712-17084 No Security Update 3.12.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19964-17084 17712-17084 CBL-Mariner Releases CBL-Mariner Releases 19681-17086 No Security Update 3.9.19-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19681-17086 CBL-Mariner Releases 2.0 2025-07-18T00:00:00 <p>Added python3 to CBL-Mariner 2.0 Added python3 to Azure Linux 3.0</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 3.0 2026-02-18T15:14:42 <p>Information published.</p> Openvswitch don't match packets on nd_target field <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-5366 Insufficient Verification of Data Authenticity 18166-16823 18167-17084 18166-16823 18167-17084 Moderate 18166-16823 Moderate 18167-17084 7.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H 18166-16823 7.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H 18167-17084 CBL-Mariner Releases 18166-16823 No Security Update 2.17.9-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18166-16823 CBL-Mariner Releases CBL-Mariner Releases 18167-17084 No Security Update 3.3.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18167-17084 CBL-Mariner Releases 1.0 2025-10-01T23:11:33 <p>Information published.</p> twisted.web has disordered HTTP pipeline response <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-46137 Inconsistent Interpretation of HTTP Requests (&#39;HTTP Request/Response Smuggling&#39;) 18263-16823 18264-17084 18263-16823 18264-17084 Moderate 18263-16823 Moderate 18264-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 18263-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 18264-17084 CBL-Mariner Releases 18263-16823 18264-17084 No Security Update 22.10.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18263-16823 18264-17084 CBL-Mariner Releases 1.0 2025-02-14T00:00:00 <p>Information published.</p> 2.0 2025-03-27T00:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server.</p> Windows Message Queuing Microsoft Yes CVE-2023-35349 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p> <p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p> wkai with Codesafe Team of Legendsec at QI-ANXIN Group <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows Runtime Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Client/Server Runtime Subsystem Microsoft Yes CVE-2023-36902 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10852 10853 10816 10855 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 CHEN QINGYANG with Topsec Alpha Team 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft QUIC Denial of Service Vulnerability <p><strong>Where can I find more information?</strong></p> <p>Please see the GitHub Advisory relating to this vulnerability here: <a href="https://github.com/microsoft/msquic/security/advisories/GHSA-xh5m-8qqp-c5x7#event-111621">https://github.com/microsoft/msquic/security/advisories/GHSA-xh5m-8qqp-c5x7#event-111621</a></p> Microsoft QUIC Microsoft Yes CVE-2023-38171 NULL Pointer Dereference 12051 12129 12187 12222 11923 11924 11926 11927 12085 12086 12130 12131 Denial of Service 12051 Denial of Service 12129 Denial of Service 12187 Denial of Service 12222 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 12085 Denial of Service 12086 Denial of Service 12130 Denial of Service 12131 Important 12051 Important 12129 Important 12187 Important 12222 Important 11923 Important 11924 Important 11926 Important 11927 Important 12085 Important 12086 Important 12130 Important 12131 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12129 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12187 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12222 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12130 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12131 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.21 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.13 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.9 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.7 12222 Maybe Security Update 17.7.6 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12222 Release Notes 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5032875 https://dotnet.microsoft.com/en-us/download/dotnet/7.0 12130 Maybe Security Update 7.0.13 https://support.microsoft.com/help/5032875 12130 5032875 Release Notes https://github.com/PowerShell/Announcements/issues/53 12131 Maybe Security Update 7.3.9 https://github.com/PowerShell/Announcements/issues/53 12131 Release Notes <a href="https://twitter.com/ezrak1e">ziming zhang</a> with Ant Security Light-Year Lab <a href="https://twitter.com/ezrak1e">ziming zhang</a> with Ant Security Light-Year Lab <a href="https://twitter.com/ezrak1e">ziming zhang</a> with Ant Security Light-Year Lab 1.0 2023-10-10T07:00:00 <p>Information published.</p> 3.0 2024-12-10T08:00:00 <p>To comprehensively address CVE-2023-38171, Microsoft released security updates on October 24, 2023 for all affected versions of .NET and Microsoft Visual Studio.</p> <p>Microsoft recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> 2.0 2023-10-26T07:00:00 <p>Revised the Security Updates table to include PowerShell 7.3 because this version of PowerShell 7 is affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/53">https://github.com/PowerShell/Announcements/issues/53</a> for more information.</p> Azure Network Watcher VM Agent Elevation of Privilege Vulnerability <p><strong>What is Network Watcher?</strong></p> <p>Azure Network Watcher provides tools to monitor, diagnose, view metrics, and enable or disable logs for resources in an Azure virtual network. Network Watcher is designed to monitor and repair the network health of IaaS (Infrastructure-as-a-Service) products including Virtual Machines (VM), Virtual Networks, Application Gateways, Load balancers, etc. For more details, please refer to: <a href="https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview">What is Azure Network Watcher?</a>.</p> <p><strong>What privileges would an attacker gain by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could route Packet Captures to a location in their control and perform file deletions that would limit the victim's troubleshooting and diagnostic capabilities.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An attacker must have access to the target virtual machine as an <a href="https://learn.microsoft.com/en-us/azure/role-based-access-control/overview">RBAC user</a> with <a href="https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#all">Reader role</a> permissions or above.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). What does this mean for this vulnerability?</strong></p> <p>To successfully exploit this vulnerability, an attacker would need access to the virtual machine to be able to interfere with the Network Watcher Agent installation process.</p> <p><strong>Is there any action Azure customers need to take?</strong></p> <p>Azure customers who have enabled auto updates are mitigated automatically by the update deployed across Azure and do not need to take any action. Customers <strong>without</strong> auto updates enabled must re-install the NetworkWatcher Extension on their virtual machines to mitigate the risks of this vulnerability. These customers will receive additional messaging through the Azure Portal via Azure Service Health with further guidance.</p> Azure Microsoft Yes CVE-2023-36737 Improper Link Resolution Before File Access ('Link Following') 12127 Elevation of Privilege 12127 Important 12127 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12127 Release Notes https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/network-watcher-update?tabs=windows 12127 Maybe Security Update 1.4.2798.3 https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/network-watcher-update?tabs=windows 12127 Release Notes <a href="https://twitter.com/linhlhq">L&#234; Hữu Quang Linh</a> with <a href="https://twitter.com/starlabs_sg">STAR Labs SG Pte. Ltd.</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Skype for Business Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this path traversal vulnerability by leveraging the OcsPowershell endpoint within Skype for Business Server 2019 CU7 Hotfix 2 and Skype for Business Server 2015 CU13 Hotfix 1.</p> <p>Exploitation of this vulnerability requires the authenticated remote user be granted either the CsVoiceAdministrator or CsServerAdministrator role in order to create arbitrary files on the server.</p> <p>This exploit would allow the attacker to execute arbitrary code on the server.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker or targeted user to be granted an administrative role in the Skype for Business Control Panel.</p> <p>To help retain security and role-based access control integrity, add users to the groups that define what role the user performs in management of the Skype for Business Server deployment.</p> Skype for Business Microsoft Yes CVE-2023-36786 Absolute Path Traversal 12224 12223 Remote Code Execution 12224 Remote Code Execution 12223 Important 12224 Important 12223 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12224 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12223 3061064 https://www.microsoft.com/download/details.aspx?familyid=0d08ed37-106a-456f-a5c6-61df22588bec 12224 Maybe Security Update 6.0.9319.869 https://support.microsoft.com/help/3061064 12224 3061064 3061064 https://support.microsoft.com/help/3061064 12224 4470124 https://support.microsoft.com/help/4470124 12223 Maybe Security Update 7.0.246.530 https://support.microsoft.com/help/4470124 12223 4470124 4470124 https://support.microsoft.com/help/4470124 12223 Anonymous 1.0 2023-10-10T07:00:00 <p>Information published.</p> Skype for Business Remote Code Execution Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could execute code in the security context of the “NT AUTHORITY\Network Service” account.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker or targeted user to be granted an administrative role in the Skype for Business Control Panel.</p> <p>To help retain security and role-based access control integrity, add users to the groups that define what role the user performs in management of the Skype for Business Server deployment.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by leveraging the OcsPowershell endpoint within Skype for Business 2019 and elevate their privileges to execute code as NT Authority\Network Service user.</p> <p>Exploitation of this vulnerability requires the authenticated remote user be granted either the CsVoiceAdministrator or CsServerAdministrator role.</p> Skype for Business Microsoft Yes CVE-2023-36789 Improper Control of Generation of Code ('Code Injection') 12223 12224 Remote Code Execution 12223 Remote Code Execution 12224 Important 12223 Important 12224 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12223 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12224 4470124 https://support.microsoft.com/help/4470124 12223 Maybe Security Update 7.0.246.530 https://support.microsoft.com/help/4470124 12223 4470124 4470124 https://support.microsoft.com/help/4470124 12223 3061064 https://www.microsoft.com/download/details.aspx?familyid=0d08ed37-106a-456f-a5c6-61df22588bec 12224 Maybe Security Update 6.0.9319.869 https://support.microsoft.com/help/3061064 12224 3061064 3061064 https://support.microsoft.com/help/3061064 12224 Anonymous 1.0 2023-10-10T07:00:00 <p>Information published.</p> Skype for Business Elevation of Privilege Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could make a specially crafted network call to the target Skype for Business server, which could cause the parsing of an http request made to an arbitrary address. This could disclose IP addresses or port numbers or both to the attacker.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> <p><strong>If the successful attacker only could view some sensitive information, how is this an elevation of privilege vulnerability?</strong></p> <p>In some cases, the exposed sensitive information could provide access to internal networks.</p> Skype for Business Microsoft Yes CVE-2023-41763 Server-Side Request Forgery (SSRF) 12224 12223 Elevation of Privilege 12224 Elevation of Privilege 12223 Important 12224 Important 12223 Publicly Disclosed:Yes;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A 5.3 4.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12224 5.3 4.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12223 3061064 https://www.microsoft.com/download/details.aspx?familyid=0d08ed37-106a-456f-a5c6-61df22588bec 12224 Maybe Security Update 6.0.9319.869 https://support.microsoft.com/help/3061064 12224 3061064 3061064 https://support.microsoft.com/help/3061064 12224 4470124 https://support.microsoft.com/help/4470124 12223 Maybe Security Update 7.0.246.530 https://support.microsoft.com/help/4470124 12223 4470124 4470124 https://support.microsoft.com/help/4470124 12223 Anonymous Dr. Florian Hauser (@frycos) with Code White GmbH Anonymous Anonymous 1.0 2023-10-10T07:00:00 <p>Information published.</p> Layer 2 Tunneling Protocol Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p> Windows Layer 2 Tunneling Protocol Microsoft Yes CVE-2023-41765 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <p>The following mitigation might be helpful in your situation:</p> <p>This vulnerability is only exploitable on Windows Servers that have installed and configured the Routing and Remote Access Service (RRAS) role with L2TP support, which is not installed and configured by default.</p> <p>Please see <a href="https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn614140(v=ws.11)">Routing and Remote Access Server (RRAS) | Microsoft Learn</a> for more information. You might also benefit by reading more about Roles here: <a href="https://learn.microsoft.com/en-us/windows-server/administration/server-core/server-core-roles-and-services">Roles, Role Services, and Features included in Windows Server - Server Core | Microsoft Learn</a>.</p> <a href="https://twitter.com/ze0rx">Guanghui Xia(@ze0r)</a> with Hebei Huace 1.0 2023-10-10T07:00:00 <p>Information published.</p> 1.2 2023-10-16T07:00:00 <p>Added mitigation. This is an informational change only.</p> Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Client Server Run-time Subsystem (CSRSS) Microsoft Yes CVE-2023-41766 Untrusted Search Path 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 Naceri with MSRC Vulnerabilities &amp; Mitigations 1.0 2023-10-10T07:00:00 <p>Information published.</p> Layer 2 Tunneling Protocol Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p> Windows Layer 2 Tunneling Protocol Microsoft Yes CVE-2023-41770 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 Microsoft’s Windows Servicing and Delivery Group – Network Security and Containers (NSC) Team 1.0 2023-10-10T07:00:00 <p>Information published.</p> Layer 2 Tunneling Protocol Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p> Windows Layer 2 Tunneling Protocol Microsoft Yes CVE-2023-41768 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 Microsoft’s Windows Servicing and Delivery Group – Network Security and Containers (NSC) Team 1.0 2023-10-10T07:00:00 <p>Information published.</p> Layer 2 Tunneling Protocol Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Layer 2 Tunneling Protocol Microsoft Yes CVE-2023-41767 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 Microsoft’s Windows Servicing and Delivery Group – Network Security and Containers (NSC) Team 1.0 2023-10-10T07:00:00 <p>Information published.</p> Layer 2 Tunneling Protocol Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p> Windows Layer 2 Tunneling Protocol Microsoft Yes CVE-2023-41771 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 Microsoft’s Windows Servicing and Delivery Group – Network Security and Containers (NSC) Team 1.0 2023-10-10T07:00:00 <p>Information published.</p> Layer 2 Tunneling Protocol Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p> Windows Layer 2 Tunneling Protocol Microsoft Yes CVE-2023-41769 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 Microsoft’s Windows Servicing and Delivery Group – Network Security and Containers (NSC) Team 1.0 2023-10-10T07:00:00 <p>Information published.</p> Win32k Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Win32K Microsoft Yes CVE-2023-41772 Improper Access Control 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 <a href="https://www.linkedin.com/in/sascha-meyer-7656201a8">Sascha Meyer</a> with <a href="https://gai-netconsult.de/">GAI NetConsult</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Layer 2 Tunneling Protocol Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p> Windows Layer 2 Tunneling Protocol Microsoft Yes CVE-2023-41773 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 Microsoft’s Windows Servicing and Delivery Group – Network Security and Containers (NSC) Team 1.0 2023-10-10T07:00:00 <p>Information published.</p> Layer 2 Tunneling Protocol Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p> Windows Layer 2 Tunneling Protocol Microsoft Yes CVE-2023-41774 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 Microsoft’s Windows Servicing and Delivery Group – Network Security and Containers (NSC) Team 1.0 2023-10-10T07:00:00 <p>Information published.</p> Win32k Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Win32K Microsoft Yes CVE-2023-36732 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 Marcin Wiazowski working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Win32k Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Win32K Microsoft Yes CVE-2023-36731 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 Marcin Wiazowski working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable).</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft ODBC Driver 17 or 18 for SQL Server. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft ODBC Driver 17 or 18 for SQL Server. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5029503</td> <td>Security update for SQL Server 2022 CU8+GDR</td> <td>16.0.4003.1 - 16.0.4075.1</td> <td>KB 5029666 - SQL2022 RTM CU8</td> </tr> <tr> <td>5029379</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1050.5</td> <td>KB 5021522 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5029378</td> <td>Security update for SQL Server 2019 CU22+GDR</td> <td>15.0.4003.23 - 15.0.4322.2</td> <td>KB 5027702 - SQL2019 RTM CU22</td> </tr> <tr> <td>5029377</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2101.7</td> <td>KB 5021125 - Previous SQL2019 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the client receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p> SQL Server Microsoft Yes CVE-2023-36730 Heap-based Buffer Overflow 11821 12147 12193 12194 12195 12196 12197 12198 12229 12230 Remote Code Execution 11821 Remote Code Execution 12147 Remote Code Execution 12193 Remote Code Execution 12194 Remote Code Execution 12195 Remote Code Execution 12196 Remote Code Execution 12197 Remote Code Execution 12198 Remote Code Execution 12229 Remote Code Execution 12230 Important 11821 Important 12147 Important 12193 Important 12194 Important 12195 Important 12196 Important 12197 Important 12198 Important 12229 Important 12230 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12193 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12194 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12195 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12196 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12197 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12198 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12229 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12230 5029377 https://www.microsoft.com/download/details.aspx?familyid=4ad4dd87-9e09-4848-92b0-4c06058a8fcf 5021125 11821 Maybe Security Update 15.0.2104.1 https://support.microsoft.com/help/5029377 11821 5029377 5029379 https://www.microsoft.com/download/details.aspx?familyid=59387692-a103-47b7-aae0-96a679fdd2e6 5021522 12147 Maybe Security Update 16.0.1105.1 https://support.microsoft.com/help/5029379 12147 5029379 Release Notes https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17105 12193 Maybe Security Update 17.10.5.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17105 12193 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/release-notes-odbc-sql-server-linux-mac#1832-october-2023 12194 Maybe Security Update 17.10.5.1 https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#18 12194 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/release-notes-odbc-sql-server-linux-mac#17105-october-2023 12195 Maybe Security Update 17.10.5.1 https://learn.microsoft.com/sql/connect/odbc/linux-mac/install-microsoft-odbc-driver-sql-server-macos#17 12195 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1832 12196 Maybe Security Update 18.3.2.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1832 12196 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/release-notes-odbc-sql-server-linux-mac#1832-october-2023 12197 12198 Maybe Security Update 18.3.2.1 https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#18 12197 12198 Release Notes 5029503 https://www.microsoft.com/download/details.aspx?familyid=93bbe74d-c4b6-49d7-844d-7990605a5e7e 12229 Maybe Security Update 16.0.4080.1 https://support.microsoft.com/help/5029503 12229 5029503 5029378 https://www.microsoft.com/download/details.aspx?familyid=133ae486-39ae-43a4-a2b8-248af9727190 5021124 12230 Maybe Security Update 15.0.4326.1 https://support.microsoft.com/help/5029378 12230 5029378 <p><strong>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigating factors</a> might be helpful in your situation:</strong></p> <p>Exploitation of this vulnerability requires an attacker to trick or convince the victim into connecting to their malicious server. If your environment only connects to known, trusted servers and there is no ability to reconfigure existing connections to point to another location (for example you use TLS encryption with certificate validation), the vulnerability cannot be exploited.</p> bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> 1.1 2023-10-11T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> Named Pipe File System Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Named Pipe File System Microsoft Yes CVE-2023-36729 Stack-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 greenbamboo 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft SQL Server Denial of Service Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of availability (A:H)? What does that mean for this vulnerability?</strong></p> <p>An attacker could impact availability of the service resulting in Denial of Service (DoS).</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft ODBC Driver 17 (or 18) for SQL Server or Microsoft OLE DB Driver 18 (or 19). Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft ODBC Driver 17 (or 18) for SQL Server or Microsoft OLE DB Driver 18 (or 19). Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5029503</td> <td>Security update for SQL Server 2022 CU8+GDR</td> <td>16.0.4003.1 - 16.0.4075.1</td> <td>KB 5029666 - SQL2022 RTM CU8</td> </tr> <tr> <td>5029379</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1050.5</td> <td>KB 5021522 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5029378</td> <td>Security update for SQL Server 2019 CU22+GDR</td> <td>15.0.4003.23 - 15.0.4322.2</td> <td>KB 5027702 - SQL2019 RTM CU22</td> </tr> <tr> <td>5029377</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2101.7</td> <td>KB 5021125 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5029376</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3460.9</td> <td>KB 5021126 - SQL2017 RTM CU31</td> </tr> <tr> <td>5029375</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2047.8</td> <td>KB 5021127 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5029187</td> <td>Security update for SQL Server 2016 SP3 Azure Connect Feature Pack+GDR</td> <td>13.0.7000.253 - 13.0.7024.30</td> <td>KB 5021128 - Previous Azure Connect Feature Pack GDR</td> </tr> <tr> <td>5029186</td> <td>Security update for SQL Server 2016 SP3+GDR</td> <td>13.0.6300.2 - 13.0.6430.49</td> <td>KB 5021129 - Previous SQL2016 SP3 GDR</td> </tr> <tr> <td>5029185</td> <td>Security update for SQL Server 2014 SP3 CU4+GDR</td> <td>12.0.6205.1 - 12.0.6444.4</td> <td>KB 5021045 - SQL2014 SP3 CU4</td> </tr> <tr> <td>5029184</td> <td>Security update for SQL Server 2014 SP3+GDR</td> <td>12.0.6024.0 - 12.0.6174.8</td> <td>KB 5021037 - Previous SQL2014 SP3 GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2023-36728 Out-of-bounds Read 12230 12229 11478 11667 11671 11672 11821 11825 12048 12053 12145 12147 12180 12181 12193 12194 12195 12196 12197 12198 Denial of Service 12230 Denial of Service 12229 Denial of Service 11478 Denial of Service 11667 Denial of Service 11671 Denial of Service 11672 Denial of Service 11821 Denial of Service 11825 Denial of Service 12048 Denial of Service 12053 Denial of Service 12145 Denial of Service 12147 Denial of Service 12180 Denial of Service 12181 Denial of Service 12193 Denial of Service 12194 Denial of Service 12195 Denial of Service 12196 Denial of Service 12197 Denial of Service 12198 Important 12230 Important 12229 Important 11478 Important 11667 Important 11671 Important 11672 Important 11821 Important 11825 Important 12048 Important 12053 Important 12145 Important 12147 Important 12180 Important 12181 Important 12193 Important 12194 Important 12195 Important 12196 Important 12197 Important 12198 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12230 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12229 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11478 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11667 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11671 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11672 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11821 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11825 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12048 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12053 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12145 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12147 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12180 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12181 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12193 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12194 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12195 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12196 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12197 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12198 5029378 https://www.microsoft.com/download/details.aspx?familyid=133ae486-39ae-43a4-a2b8-248af9727190 5021124 12230 Maybe Security Update 15.0.4326.1 https://support.microsoft.com/help/5029378 12230 5029378 5029503 https://www.microsoft.com/download/details.aspx?familyid=93bbe74d-c4b6-49d7-844d-7990605a5e7e 12229 Maybe Security Update 16.0.4080.1 https://support.microsoft.com/help/5029503 12229 5029503 5029375 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 5021127 11478 Maybe Security Update 14.0.2052.1 https://support.microsoft.com/help/5029375 11478 5029375 5029184 https://www.microsoft.com/download/details.aspx?familyid=8a363441-5900-45ba-a6c0-be5c6e865074 5021037 11667 11671 Maybe Security Update 12.0.6179.1 https://support.microsoft.com/help/5029184 11667 11671 5029184 5029185 https://www.microsoft.com/download/details.aspx?familyid=22c5bb82-69e3-4c28-a833-f1017c5ff826 5021045 11672 11825 Maybe Security Update 12.0.6449.1 https://support.microsoft.com/help/5029185 11672 11825 5029185 5029377 https://www.microsoft.com/download/details.aspx?familyid=4ad4dd87-9e09-4848-92b0-4c06058a8fcf 5021125 11821 Maybe Security Update 15.0.2104.1 https://support.microsoft.com/help/5029377 11821 5029377 5029186 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 5021129 12048 Maybe Security Update 13.0.6435.1 https://support.microsoft.com/help/5029186 12048 5029186 5029187 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 5021128 12053 Maybe Security Update 13.0.7029.3 https://support.microsoft.com/help/5029187 12053 5029187 5029376 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 5021126 12145 Maybe Security Update 14.0.3465.1 https://support.microsoft.com/help/5029376 12145 5029376 5029379 https://www.microsoft.com/download/details.aspx?familyid=59387692-a103-47b7-aae0-96a679fdd2e6 5021522 12147 Maybe Security Update 16.0.1105.1 https://support.microsoft.com/help/5029379 12147 5029379 Release Notes https://learn.microsoft.com/sql/connect/oledb/release-notes-for-oledb-driver-for-sql-server#1932 12180 Maybe Security Update 19.3.0002.0 https://learn.microsoft.com/sql/connect/oledb/release-notes-for-oledb-driver-for-sql-server#1932 12180 Release Notes Release Notes https://learn.microsoft.com/sql/connect/oledb/release-notes-for-oledb-driver-for-sql-server#1867 12181 Maybe Security Update 18.6.0007.0 https://learn.microsoft.com/sql/connect/oledb/release-notes-for-oledb-driver-for-sql-server#1867 12181 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17105 12193 Maybe Security Update 17.10.5.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17105 12193 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/release-notes-odbc-sql-server-linux-mac#1832-october-2023 12194 Maybe Security Update 17.10.5.1 https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#18 12194 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/release-notes-odbc-sql-server-linux-mac#17105-october-2023 12195 Maybe Security Update 17.10.5.1 https://learn.microsoft.com/sql/connect/odbc/linux-mac/install-microsoft-odbc-driver-sql-server-macos#17 12195 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1832 12196 Maybe Security Update 18.3.2.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1832 12196 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/release-notes-odbc-sql-server-linux-mac#1832-october-2023 12197 12198 Maybe Security Update 18.3.2.1 https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#18 12197 12198 Release Notes <a href="https://twitter.com/vv474172261">VictorV(Tang tianwen)</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> 1.1 2023-10-11T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> 1.2 2023-11-14T08:00:00 <p>Updated links to security updates. This is an informational change only.</p> Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.</p> Windows IKE Extension Microsoft Yes CVE-2023-36726 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows NT OS Kernel Microsoft Yes CVE-2023-36725 Improper Access Control 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 Anonymous 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows Power Management Service Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.</p> Windows Power Management Service Microsoft Yes CVE-2023-36724 Improper Authentication 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 Daniel F. 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows Container Manager Service Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.</p> Windows Container Manager Service Microsoft Yes CVE-2023-36723 Improper Link Resolution Before File Access ('Link Following') 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 <a href="https://twitter.com/filip_dragovic">Filip Dragović</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Active Directory Domain Services Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to have specific privileges and to use a brute force method to discover an attribute.</p> Active Directory Domain Services Microsoft Yes CVE-2023-36722 Improper Access Control 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 Andrew Bartlett with <a href="https://catalyst.net.nz/services/samba">Catalyst</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows Error Reporting Service Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Error Reporting Microsoft Yes CVE-2023-36721 Improper Privilege Management 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 <a href="https://twitter.com/securiteam_ssd">Anonymous</a> with <a href="https://ssd-disclosure.com/">SSD Secure Disclosure</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows Mixed Reality Developer Tools Denial of Service Vulnerability Windows Mixed Reality Developer Tools Microsoft Yes CVE-2023-36720 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10852 10853 10816 10855 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 Charles Truluck with Clemson University and Tillson Galloway with Georgia Tech 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability <p><strong>According to the CVSS Metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability would rely upon complex memory shaping techniques to attempt an attack.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer Isolation</a> for more information.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. The vulnerable endpoint is only available over the local VM interface as all external communication is blocked. This means an attacker needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Virtual Trusted Platform Module?</strong></strong></p> <p>Yes, the attacker must be authenticated as a guest mode user to escape the virtual machine.</p> Windows Virtual Trusted Platform Module Microsoft Yes CVE-2023-36718 11569 11571 11572 11923 11924 11926 11927 11931 12085 12086 12097 10735 10853 10816 10855 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 10735 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 10735 Critical 10853 Critical 10816 Critical 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11569 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11569 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11931 12097 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10853 10816 10855 5031362 <a href="https://twitter.com/rthhh17">HongZhenhao</a> with <a href="https://twitter.com/tiangonglab">TianGong Team of Legendsec at Qi&#39;anxin Group</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows Virtual Trusted Platform Module Denial of Service Vulnerability <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host.</p> Windows TPM Microsoft Yes CVE-2023-36717 11569 11571 11572 11923 11924 11926 11927 11931 12085 12086 12097 10735 10853 10816 10855 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 10735 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11931 Important 12085 Important 12086 Important 12097 Important 10735 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11569 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11569 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11931 12097 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10853 10816 10855 5031362 <a href="https://twitter.com/rthhh17">HongZhenhao</a> with <a href="https://twitter.com/tiangonglab">TianGong Team of Legendsec at Qi&#39;anxin Group</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows Common Log File System Driver Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows Common Log File System Driver Microsoft Yes CVE-2023-36713 Use of Uninitialized Resource 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <a href="https://twitter.com/tacbliw">Lê Trần Hải Tùng</a> and Namnp of Viettel Cyber Security 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious input file and convince the user to open said input file.</p> Windows Kernel Microsoft Yes CVE-2023-36712 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 Yossef Kuszer with Intel Corporation 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows Runtime C++ Template Library Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker would only be able to move targeted files on a system.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker would only be able to delete targeted files on a system.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could create or delete files in the security context of the “NT AUTHORITY\ LOCAL SERVICE” account.</p> Windows Runtime C++ Template Library Microsoft Yes CVE-2023-36711 Improper Link Resolution Before File Access ('Link Following') 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <a href="https://twitter.com/filip_dragovic">Filip Dragović</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows Media Foundation Core Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Microsoft Windows Media Foundation Microsoft Yes CVE-2023-36710 Numeric Truncation Error 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <a href="https://twitter.com/nachoskrnl">Ben Barnea</a> with <a href="https://www.akamai.com/">Akamai Technologies</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft AllJoyn API Denial of Service Vulnerability Windows AllJoyn API Microsoft Yes CVE-2023-36709 NULL Pointer Dereference 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 <a href="https://twitter.com/baixia4">Jarvis_1oop</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows Deployment Services Denial of Service Vulnerability Windows Deployment Services Microsoft Yes CVE-2023-36707 Improper Input Validation 11571 11572 11923 11924 10816 10855 10378 10379 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 10816 Denial of Service 10855 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10816 10855 5031362 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 Anonymous 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows Deployment Services Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows Deployment Services Microsoft Yes CVE-2023-36706 Improper Input Validation 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 Anonymous 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows Setup Files Cleanup Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Windows Setup Files Cleanup Microsoft Yes CVE-2023-36704 Use of Uninitialized Resource 11568 11569 11570 11571 11572 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 kap0k 1.0 2023-10-10T07:00:00 <p>Information published.</p> DHCP Server Service Denial of Service Vulnerability Windows DHCP Server Microsoft Yes CVE-2023-36703 Uncontrolled Resource Consumption 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <a href="https://www.netciip.com/">linfeng with hebei huace</a> with <a href="https://www.netciip.com/">guanghui-xia with hebei huace</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft DirectMusic Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Windows Microsoft DirectMusic Microsoft Yes CVE-2023-36702 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <a href="https://twitter.com/tacbliw">L&#234; Trần Hải T&#249;ng (@tacbliw)</a> with <a href="https://viettelcybersecurity.com/">Viettel Cyber Security</a> <a href="https://twitter.com/quangnh89">Nguyễn Hồng Quang (@quangnh89)</a> with <a href="https://viettelcybersecurity.com/">Viettel Cyber Security</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Resilient File System (ReFS) Microsoft Yes CVE-2023-36701 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <a href="https://twitter.com/20brokensp">Sam Pope</a> with MSRC Vulnerabilities &amp; Mitigations and Benjamin Rodes with Microsoft CodeQL 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows Kernel Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass the Windows Arbitrary Code Guard exploit protection feature.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L) and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p> <p>An attacker can craft a malicious file that would bypass the Arbitrary Code Guard (ACG) exploit protection feature. However, after ACG is bypassed, while the data processed or protected can't be fully trusted, the attacker does not have full control over an exploited component with only this bypass. As a result, confidentiality of information resources managed by Windows is not in itself compromised (C:N), but both system integrity (I:L) and system availability (A:L) might experience limited compromises by this bypass.</p> <p>For more on this feature please see: <a href="https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exploit-protection-reference?view=o365-worldwide#arbitrary-code-guard">Arbitrary code guard</a>.</p> Windows Kernel Microsoft Yes CVE-2023-36698 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11568 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11569 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11570 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11571 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11572 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11923 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11924 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11926 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11927 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11929 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11930 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11931 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12085 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12086 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12097 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12098 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12099 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 <a href="https://twitter.com/ezrak1e">ziming zhang</a> with Ant Security Light-Year Lab 1.0 2023-10-10T07:00:00 <p>Information published.</p> 1.1 2023-11-06T08:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or compromise a legitimate MSMQ server host and make it run as a malicious server.</p> Windows Message Queuing Microsoft Yes CVE-2023-36697 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p> <p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p> wkai with Codesafe Team of Legendsec at QI-ANXIN Group 1.0 2023-10-10T07:00:00 <p>Information published.</p> 1.1 2023-10-17T07:00:00 <p>Added mitigation. This is an informational change only.</p> Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Windows Message Queuing Microsoft Yes CVE-2023-36606 Uncontrolled Resource Consumption 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows Named Pipe Filesystem Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Named Pipe File System Microsoft Yes CVE-2023-36605 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 greenbamboo 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows TCP/IP Denial of Service Vulnerability Windows TCP/IP Microsoft Yes CVE-2023-36603 NULL Pointer Dereference 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 <p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigating factors</a> might be helpful in your situation:</p> <p>This vulnerability requires a non-default firewall setting of <strong>EnablePacketQueue</strong>. With the default configuration of <strong>EnablePacketQueue</strong> as <strong>Not configured (none)</strong>, systems are not vulnerable. This setting can be set through Intune/MDM or a group policy setting. <strong>EnablePacketQueue</strong> is an Intune Endpoint Protection feature, but also a standard firewall feature. For more information, see <a href="https://learn.microsoft.com/en-us/windows/client-management/mdm/firewall-csp">Firewall CSP</a>.</p> Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows TCP/IP Denial of Service Vulnerability Windows TCP/IP Microsoft Yes CVE-2023-36602 NULL Pointer Dereference 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Microsoft WDAC ODBC Driver Microsoft Yes CVE-2023-36598 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Remote Procedure Call Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows Remote Procedure Call Microsoft Yes CVE-2023-36596 Untrusted Pointer Dereference 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> 1.1 2023-11-06T08:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> Windows Graphics Component Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Graphics Component Microsoft Yes CVE-2023-36594 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 Marcin Wiazowski working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> <a href="https://twitter.com/jq0904">Quan Jin</a> with <a href="https://www.dbappsecurity.com.cn/product/cloud250.html">DBAPPSecurity WeBin Lab</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or compromise a legitimate MSMQ server host and make it run as a malicious server.</p> Windows Message Queuing Microsoft Yes CVE-2023-36593 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p> <p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p> <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or compromise a legitimate MSMQ server host and make it run as a malicious server.</p> Windows Message Queuing Microsoft Yes CVE-2023-36592 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p> <p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p> <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or compromise a legitimate MSMQ server host and make it run as a malicious server.</p> Windows Message Queuing Microsoft Yes CVE-2023-36591 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p> <p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p> <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or compromise a legitimate MSMQ server host and make it run as a malicious server.</p> Windows Message Queuing Microsoft Yes CVE-2023-36590 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p> <p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p> <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or compromise a legitimate MSMQ server host and make it run as a malicious server.</p> Windows Message Queuing Microsoft Yes CVE-2023-36589 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p> <p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p> <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows upnphost.dll Denial of Service Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of availability (A:H)? What does that mean for this vulnerability?</strong></p> <p>An attacker could impact availability of the service resulting in Denial of Service (DoS).</p> Windows UPnP Device Host Microsoft Yes CVE-2023-36585 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <a href="https://twitter.com/vv474172261">VictorV (Tang tianwen)</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> 1.1 2023-12-13T08:00:00 <p>Corrected CVE title. This is an informational change only.</p> Windows Mark of the Web Security Feature Bypass Vulnerability <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker could host a file on an attacker-controlled server, then convince a targeted user to download and open the file. This could allow the attacker to interfere with the Mark of the Web functionality.</p> <p>Please see <a href="https://learn.microsoft.com/en-us/deployoffice/security/internet-macros-blocked#additional-information-about-mark-of-the-web">Additional information about Mark of the Web</a> for further clarification</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L) and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p> <p>An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.</p> Windows Mark of the Web (MOTW) Microsoft Yes CVE-2023-36584 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 9312 Security Feature Bypass 10287 Security Feature Bypass 9318 Security Feature Bypass 9344 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11568 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11569 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11570 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11571 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11572 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11923 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11924 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11926 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11927 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11929 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11930 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11931 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 12085 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 12086 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 12097 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 12098 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 12099 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 10729 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 10735 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 10852 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 10853 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 10816 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 10855 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 9312 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 10287 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 9318 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 9344 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 10051 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 10049 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 10378 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 10379 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 10483 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <a href="https://twitter.com/birkaneli">Eli Birkan</a>, Dan Yashnik, and Bar Lahav with Palo Alto Networks 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or compromise a legitimate MSMQ server host and make it run as a malicious server.</p> Windows Message Queuing Microsoft Yes CVE-2023-36583 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p> <p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p> <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or compromise a legitimate MSMQ server host and make it run as a malicious server.</p> Windows Message Queuing Microsoft Yes CVE-2023-36582 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p> <p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p> <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Windows Message Queuing Microsoft Yes CVE-2023-36581 Buffer Over-read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Windows Message Queuing Microsoft Yes CVE-2023-36579 Uncontrolled Resource Consumption 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or compromise a legitimate MSMQ server host and make it run as a malicious server.</p> Windows Message Queuing Microsoft Yes CVE-2023-36578 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p> <p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p> <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2023-36577 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <p><strong>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigating factors</a> might be helpful in your situation:</strong></p> <p>Exploitation of this vulnerability requires an attacker to trick or convince the victim into connecting to their malicious server. If your environment only connects to known, trusted servers and there is no ability to reconfigure existing connections to point to another location (for example you use TLS encryption with certificate validation), the vulnerability cannot be exploited.</p> <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows Kernel Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is device information like resource ids, sas tokens, user properties, and other sensitive information.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Windows Kernel Microsoft Yes CVE-2023-36576 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10852 10853 10816 10855 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or compromise a legitimate MSMQ server host and make it run as a malicious server.</p> Windows Message Queuing Microsoft Yes CVE-2023-36575 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p> <p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p> <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or compromise a legitimate MSMQ server host and make it run as a malicious server.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Windows Message Queuing Microsoft Yes CVE-2023-36574 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p> <p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p> <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or compromise a legitimate MSMQ server host and make it run as a malicious server.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Windows Message Queuing Microsoft Yes CVE-2023-36573 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p> <p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p> <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or compromise a legitimate MSMQ server host and make it run as a malicious server.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Windows Message Queuing Microsoft Yes CVE-2023-36572 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p> <p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p> <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or compromise a legitimate MSMQ server host and make it run as a malicious server.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Windows Message Queuing Microsoft Yes CVE-2023-36571 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p> <p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p> <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or compromise a legitimate MSMQ server host and make it run as a malicious server.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Windows Message Queuing Microsoft Yes CVE-2023-36570 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p> <p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p> <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Office Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Microsoft Yes CVE-2023-36569 11573 11574 11762 11763 11952 11953 Elevation of Privilege 11573 Elevation of Privilege 11574 Elevation of Privilege 11762 Elevation of Privilege 11763 Elevation of Privilege 11952 Elevation of Privilege 11953 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run Luke Papandrea, Microsoft Corporation 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Office Click-To-Run Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to perform file operations at a specific time on the machine with the duration of a few seconds.</p> Microsoft Office Microsoft Yes CVE-2023-36568 Improper Link Resolution Before File Access ('Link Following') 11573 11574 11762 11763 11952 11953 Elevation of Privilege 11573 Elevation of Privilege 11574 Elevation of Privilege 11762 Elevation of Privilege 11763 Elevation of Privilege 11952 Elevation of Privilege 11953 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run <a href="https://twitter.com/filip_dragovic">Filip Dragović</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows Deployment Services Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows Deployment Services Microsoft Yes CVE-2023-36567 Use of Uninitialized Resource 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows Search Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A security feature bypass vulnerability exists when MapUrlToZone fails to correctly handle certain paths. This could allow an attacker to plant files without Mark-of-the-Web (MotW).</p> <p>To exploit this vulnerability, an attacker could email or otherwise provide a specially crafted link to a victim and convince them to open it.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> Microsoft Windows Search Component Microsoft Yes CVE-2023-36564 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 9312 Security Feature Bypass 10287 Security Feature Bypass 9318 Security Feature Bypass 9344 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 Microsoft Threat Intelligence 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft WordPad Information Disclosure Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of NTLM hashes.</p> Microsoft WordPad Microsoft Yes CVE-2023-36563 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:Yes;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11568 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11569 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11570 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11571 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11572 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11923 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11924 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11926 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11927 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11929 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11930 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11931 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12085 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12086 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12097 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12098 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12099 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10729 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10735 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10852 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10853 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10816 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10855 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 9312 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10287 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 9318 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 9344 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10051 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10049 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10378 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10379 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10483 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 Microsoft Threat Intelligence 1.0 2023-10-10T07:00:00 <p>Information published.</p> 1.1 2023-10-11T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> Azure DevOps Server Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>The attacker would gain access to the secrets of the user of the affected application.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?</strong></p> <p>While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.</p> Azure DevOps Microsoft Yes CVE-2023-36561 Improper Access Control 12189 12212 12143 Elevation of Privilege 12189 Elevation of Privilege 12212 Elevation of Privilege 12143 Important 12189 Important 12212 Important 12143 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 12189 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 12212 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 12143 Release Notes file://cpvsbuild/drops/mseng/tfs/Dev19/releases_M205.AzureDevOps2022.0.1/layouts/x86ret/Tfs2018Sgn_20230926.1/enu/devops/Patch 12189 Maybe Security Update 20230926.1 https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2022?view=azure-devops 12189 Release Notes Release Notes file://cpvsbuild/drops/mseng/tfs/Dev18/releases_M170.AzureDevOps2020.0.1RTWpublic/layouts/x86ret/Tfs2018Sgn_20230927.1/enu/devops/Patch 12212 Maybe Security Update 20230927.1 https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2020?view=azure-devops 12212 Release Notes Release Notes file://cpvsbuild/drops/mseng/tfs/Dev18/releases_M181.AzureDevOps2020.1.1public/layouts/x86ret/Tfs2018Sgn_20230926.2/enu/devops/Patch 12143 Maybe Security Update 20230926.2 https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2020u1?view=azure-devops 12143 Release Notes <a href="https://www.linkedin.com/company/legitsecurity/">Legit Security</a> with <a href="https://www.legitsecurity.com/">Legit Security</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> PrintHTML API Remote Code Execution Vulnerability <p><strong>How could an attacker successfully exploit this vulnerability?</strong></p> <p>An attacker could successfully exploit this vulnerability by invoking the PrintHTML API from a locally running application (or by tricking a user into doing so) which could allow the attacker to launch an app via application protocols without prompting the user.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Windows HTML Platform Microsoft Yes CVE-2023-36557 12086 12085 12099 11923 11924 12097 11929 11927 12098 11931 11930 11926 11568 11571 11570 10735 10816 10855 10852 11572 10853 11569 10729 Remote Code Execution 12086 Remote Code Execution 12085 Remote Code Execution 12099 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12097 Remote Code Execution 11929 Remote Code Execution 11927 Remote Code Execution 12098 Remote Code Execution 11931 Remote Code Execution 11930 Remote Code Execution 11926 Remote Code Execution 11568 Remote Code Execution 11571 Remote Code Execution 11570 Remote Code Execution 10735 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10852 Remote Code Execution 11572 Remote Code Execution 10853 Remote Code Execution 11569 Remote Code Execution 10729 Important 12086 Important 12085 Important 12099 Important 11923 Important 11924 Important 12097 Important 11929 Important 11927 Important 12098 Important 11931 Important 11930 Important 11926 Important 11568 Important 11571 Important 11570 Important 10735 Important 10816 Important 10855 Important 10852 Important 11572 Important 10853 Important 11569 Important 10729 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12086 12085 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12086 12085 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12099 12097 12098 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12099 12097 12098 5031356 5031356 https://support.microsoft.com/help/5031356 12099 12097 11929 12098 11931 11930 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11931 11930 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11931 11930 5031356 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11927 11926 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11927 11926 5031358 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11571 11570 11572 11569 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11571 11570 11572 11569 5031361 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10735 10729 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10735 10729 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10816 10855 10852 10853 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10816 10855 10852 10853 5031362 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows TCP/IP Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the unencrypted contents of IPsec packets from other sessions on a server.</p> Windows TCP/IP Microsoft Yes CVE-2023-36438 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft QUIC Denial of Service Vulnerability <p><strong>Where can I find more information?</strong></p> <p>Please see the GitHub Advisory relating to this vulnerability here: <a href="https://github.com/microsoft/msquic/security/advisories/GHSA-fr44-546p-7xcp#event-111622">https://github.com/microsoft/msquic/security/advisories/GHSA-fr44-546p-7xcp#event-111622</a></p> Microsoft QUIC Microsoft Yes CVE-2023-36435 Uncontrolled Resource Consumption 12131 11923 11924 11926 11927 12085 12086 12130 Denial of Service 12131 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 12085 Denial of Service 12086 Denial of Service 12130 Important 12131 Important 11923 Important 11924 Important 11926 Important 11927 Important 12085 Important 12086 Important 12130 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12131 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12130 Release Notes https://github.com/PowerShell/Announcements/issues/52 12131 Maybe Security Update 7.3.9 https://github.com/PowerShell/Announcements/issues/52 12131 Release Notes 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5032875 https://dotnet.microsoft.com/en-us/download/dotnet/7.0 12130 Maybe Security Update 7.0.13 https://support.microsoft.com/help/5032875 12130 5032875 <a href="https://twitter.com/ezrak1e">ziming zhang</a> with Ant Security Light-Year Lab <a href="https://twitter.com/ezrak1e">ziming zhang</a> with Ant Security Light-Year Lab 1.0 2023-10-10T07:00:00 <p>Information published.</p> 2.0 2023-10-26T07:00:00 <p>Revised the Security Updates table to include PowerShell 7.3 because this version of PowerShell 7 is affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/52">https://github.com/PowerShell/Announcements/issues/52</a> for more information.</p> 3.0 2024-12-10T08:00:00 <p>To comprehensively address CVE-2023-36435, Microsoft has released security updates on October 24, 2023 for .NET 7.0.</p> <p>Microsoft recommends that customers running .NET install the updates to be fully protected from the vulnerability.</p> Windows IIS Server Elevation of Privilege Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>In a network-based attack, an attacker could brute force user account passwords to log in as that user. Microsoft encourages the use of strong passwords that are more difficult for an attacker to brute force.</p> <p><strong>Why is the severity for this CVE rated as Important, but the CVSS score is 9.8?</strong></p> <p>The Microsoft proprietary severity rating does not align with the CVSS scoring system. In this case, the severity rating of Important (rather than Critical) reflects the fact that brute-force attacks are unlikely to succeed against users with strong passwords. The CVSS scoring system doesn't allow for this type of nuance.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>The attacker would be able to login as another user successfully.</p> Windows IIS Microsoft Yes CVE-2023-36434 Improper Restriction of Excessive Authentication Attempts 12098 12097 12086 12085 12099 11926 11930 11924 11931 11929 11923 11927 11571 11569 10852 11568 9318 10853 10287 10379 10049 10483 10855 9344 9312 10816 10729 11570 11572 10051 10378 10543 10735 Elevation of Privilege 12098 Elevation of Privilege 12097 Elevation of Privilege 12086 Elevation of Privilege 12085 Elevation of Privilege 12099 Elevation of Privilege 11926 Elevation of Privilege 11930 Elevation of Privilege 11924 Elevation of Privilege 11931 Elevation of Privilege 11929 Elevation of Privilege 11923 Elevation of Privilege 11927 Elevation of Privilege 11571 Elevation of Privilege 11569 Elevation of Privilege 10852 Elevation of Privilege 11568 Elevation of Privilege 9318 Elevation of Privilege 10853 Elevation of Privilege 10287 Elevation of Privilege 10379 Elevation of Privilege 10049 Elevation of Privilege 10483 Elevation of Privilege 10855 Elevation of Privilege 9344 Elevation of Privilege 9312 Elevation of Privilege 10816 Elevation of Privilege 10729 Elevation of Privilege 11570 Elevation of Privilege 11572 Elevation of Privilege 10051 Elevation of Privilege 10378 Elevation of Privilege 10543 Elevation of Privilege 10735 Important 12098 Important 12097 Important 12086 Important 12085 Important 12099 Important 11926 Important 11930 Important 11924 Important 11931 Important 11929 Important 11923 Important 11927 Important 11571 Important 11569 Important 10852 Important 11568 Important 9318 Important 10853 Important 10287 Important 10379 Important 10049 Important 10483 Important 10855 Important 9344 Important 9312 Important 10816 Important 10729 Important 11570 Important 11572 Important 10051 Important 10378 Important 10543 Important 10735 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12098 12097 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12098 12097 12099 5031356 5031356 https://support.microsoft.com/help/5031356 12098 12097 12099 11930 11931 11929 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12086 12085 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12086 12085 5031354 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11930 11931 11929 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11930 11931 11929 5031356 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11924 11923 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11924 11923 5031364 5031364 http://support.microsoft.com/help/5031364 11924 11923 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11571 11569 11568 11570 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11571 11569 11568 11570 11572 5031361 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10855 10816 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10855 10816 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9318 10287 9344 9312 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9318 10287 9344 9312 5031416 5031416 http://support.microsoft.com/kb/5031416 9318 10287 9344 9312 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9318 10287 9344 9312 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9318 10287 9344 9312 5031411 5031411 http://support.microsoft.com/kb/5031411 9318 10287 9344 9312 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10379 10378 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10379 10378 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10379 10378 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10379 10378 5031427 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10049 10051 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10049 10051 5031408 5031408 http://support.microsoft.com/kb/5031408 10049 10051 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10049 10051 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10049 10051 5031441 5031441 http://support.microsoft.com/kb/5031441 10049 10051 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 <a href="https://twitter.com/stwalker32">Steve Walker</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.</p> <p><strong>What updates do I need to install to be protected from this vulnerability?</strong></p> <p>Customers need to install the September 2023 Microsoft Dynamics 365 (on premises) security updates which are listed in the Security Updates table. Customers who have installed the September 2023 security updates are already protected from this vulnerability.</p> Microsoft Dynamics Microsoft Yes CVE-2023-36433 Improper Neutralization of Data within XPath Expressions ('XPath Injection') 11664 11921 Information Disclosure 11664 Information Disclosure 11921 Important 11664 Important 11921 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11664 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11921 5029396 https://www.microsoft.com/download/details.aspx?familyid=fd1aae50-1888-4e5f-b85e-bd48d3e0d267 11664 Maybe Security Update 9.0.49.04 https://support.microsoft.com/help/5029396 11664 5029396 5030608 https://www.microsoft.com/download/details.aspx?familyid=d12ebd05-1177-464e-ad78-9370e7abda09 11921 Maybe Security Update 9.1.21.05 https://support.microsoft.com/help/5030608 11921 5030608 <a href="https://www.linkedin.com/in/talha--gunay/">TALHA G&#220;NAY</a> 1.0 2023-10-10T07:00:00 <p>Information published. This CVE was addressed by updates that were released in September 2023, but the CVE was inadvertently omitted from the September 2023 Security Updates. Microsoft strongly recommends that customers running affected versions of Microsoft Dynamics 365 (on-premises) install the September 2023 updates to be protected from this vulnerability.</p> Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Windows Message Queuing Microsoft Yes CVE-2023-36431 Uncontrolled Resource Consumption 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.</p> Microsoft Dynamics Microsoft Yes CVE-2023-36429 Improper Neutralization of Data within XPath Expressions ('XPath Injection') 11664 11921 Information Disclosure 11664 Information Disclosure 11921 Important 11664 Important 11921 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11664 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11921 5031499 https://www.microsoft.com/download/details.aspx?familyid=daf2c4d9-ad17-4bca-a4c6-8a6dc2e4c6c8 11664 Maybe Security Update 9.0.50.03 https://support.microsoft.com/help/5031499 11664 5031499 5031500 https://www.microsoft.com/download/details.aspx?familyid=0b11db21-7406-48c1-a465-d2bf1c89f769 11921 Maybe Security Update 9.1.22.04 https://support.microsoft.com/help/5031500 11921 5031500 <a href="https://www.linkedin.com/in/talha--gunay/">TALHA G&#220;NAY</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft ODBC Driver 17 or 18 for SQL Server. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft ODBC Driver 17 or 18 for SQL Server. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5029503</td> <td>Security update for SQL Server 2022 CU8+GDR</td> <td>16.0.4003.1 - 16.0.4075.1</td> <td>KB 5029666 - SQL2022 RTM CU8</td> </tr> <tr> <td>5029379</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1050.5</td> <td>KB 5021522 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5029378</td> <td>Security update for SQL Server 2019 CU22+GDR</td> <td>15.0.4003.23 - 15.0.4322.2</td> <td>KB 5027702 - SQL2019 RTM CU22</td> </tr> <tr> <td>5029377</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2101.7</td> <td>KB 5021125 - Previous SQL2019 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the client receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p> SQL Server Microsoft Yes CVE-2023-36420 Double Free 11821 12147 12193 12194 12195 12196 12197 12198 12229 12230 Remote Code Execution 11821 Remote Code Execution 12147 Remote Code Execution 12193 Remote Code Execution 12194 Remote Code Execution 12195 Remote Code Execution 12196 Remote Code Execution 12197 Remote Code Execution 12198 Remote Code Execution 12229 Remote Code Execution 12230 Important 11821 Important 12147 Important 12193 Important 12194 Important 12195 Important 12196 Important 12197 Important 12198 Important 12229 Important 12230 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12193 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12194 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12195 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12196 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12197 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12198 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12229 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12230 5029377 https://www.microsoft.com/download/details.aspx?familyid=4ad4dd87-9e09-4848-92b0-4c06058a8fcf 5021125 11821 Maybe Security Update 15.0.2104.1 https://support.microsoft.com/help/5029377 11821 5029377 5029379 https://www.microsoft.com/download/details.aspx?familyid=59387692-a103-47b7-aae0-96a679fdd2e6 5021522 12147 Maybe Security Update 16.0.1105.1 https://support.microsoft.com/help/5029379 12147 5029379 Release Notes https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17105 12193 Maybe Security Update 17.10.5.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17105 12193 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/release-notes-odbc-sql-server-linux-mac#1832-october-2023 12194 Maybe Security Update 17.10.5.1 https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#18 12194 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/release-notes-odbc-sql-server-linux-mac#17105-october-2023 12195 Maybe Security Update 17.10.5.1 https://learn.microsoft.com/sql/connect/odbc/linux-mac/install-microsoft-odbc-driver-sql-server-macos#17 12195 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1832 12196 Maybe Security Update 18.3.2.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1832 12196 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/release-notes-odbc-sql-server-linux-mac#1832-october-2023 12197 12198 Maybe Security Update 18.3.2.1 https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#18 12197 12198 Release Notes 5029503 https://www.microsoft.com/download/details.aspx?familyid=93bbe74d-c4b6-49d7-844d-7990605a5e7e 12229 Maybe Security Update 16.0.4080.1 https://support.microsoft.com/help/5029503 12229 5029503 5029378 https://www.microsoft.com/download/details.aspx?familyid=133ae486-39ae-43a4-a2b8-248af9727190 5021124 12230 Maybe Security Update 15.0.4326.1 https://support.microsoft.com/help/5029378 12230 5029378 <p><strong>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigating factors</a> might be helpful in your situation:</strong></p> <p>Exploitation of this vulnerability requires an attacker to trick or convince the victim into connecting to their malicious server. If your environment only connects to known, trusted servers and there is no ability to reconfigure existing connections to point to another location (for example you use TLS encryption with certificate validation), the vulnerability cannot be exploited.</p> bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> 1.1 2023-10-11T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> 1.2 2023-10-26T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain cluster administrator privileges.</p> <p><strong>What action is required to secure my resources against this vulnerability?</strong></p> <p>A script action has been made available to assist customers with updating their resources as required which can be found here: <a href="https://hdiconfigactions2.blob.core.windows.net/msrc-script/script_action.sh">CVE-2023-36419 Script Action</a></p> Azure Microsoft Yes CVE-2023-36419 Improper Restriction of XML External Entity Reference 11987 Elevation of Privilege 11987 Important 11987 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11987 Release Notes https://learn.microsoft.com/en-us/azure/hdinsight/hdinsight-upgrade-cluster 11987 Maybe Security Update 2308221128 https://learn.microsoft.com/en-us/azure/hdinsight/hdinsight-release-notes 11987 Release Notes Lidor B. with Orca Security 1.0 2023-10-10T07:00:00 <p>Information published.</p> 1.1 2023-11-30T08:00:00 <p>Updated CVE title. This is an informational change only.</p> Microsoft SQL OLE DB Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable).</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5029503</td> <td>Security update for SQL Server 2022 CU8+GDR</td> <td>16.0.4003.1 - 16.0.4075.1</td> <td>KB 5029666 - SQL2022 RTM CU8</td> </tr> <tr> <td>5029379</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1050.5</td> <td>KB 5021522 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5029378</td> <td>Security update for SQL Server 2019 CU22+GDR</td> <td>15.0.4003.23 - 15.0.4322.2</td> <td>KB 5027702 - SQL2019 RTM CU22</td> </tr> <tr> <td>5029377</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2101.7</td> <td>KB 5021125 - Previous SQL2019 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2023-36417 Heap-based Buffer Overflow 11821 12147 12180 12181 12229 12230 Remote Code Execution 11821 Remote Code Execution 12147 Remote Code Execution 12180 Remote Code Execution 12181 Remote Code Execution 12229 Remote Code Execution 12230 Important 11821 Important 12147 Important 12180 Important 12181 Important 12229 Important 12230 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12180 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12181 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12229 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12230 5029377 https://www.microsoft.com/download/details.aspx?familyid=4ad4dd87-9e09-4848-92b0-4c06058a8fcf 5021125 11821 Maybe Security Update 15.0.2104.1 https://support.microsoft.com/help/5029377 11821 5029377 5029379 https://www.microsoft.com/download/details.aspx?familyid=59387692-a103-47b7-aae0-96a679fdd2e6 5021522 12147 Maybe Security Update 16.0.1105.1 https://support.microsoft.com/help/5029379 12147 5029379 Release Notes https://learn.microsoft.com/sql/connect/oledb/release-notes-for-oledb-driver-for-sql-server#1932 12180 Maybe Security Update 19.3.0002.0 https://learn.microsoft.com/sql/connect/oledb/release-notes-for-oledb-driver-for-sql-server#1932 12180 Release Notes Release Notes https://learn.microsoft.com/sql/connect/oledb/release-notes-for-oledb-driver-for-sql-server#1867 12181 Maybe Security Update 18.6.0007.0 https://learn.microsoft.com/sql/connect/oledb/release-notes-for-oledb-driver-for-sql-server#1867 12181 Release Notes 5029503 https://www.microsoft.com/download/details.aspx?familyid=93bbe74d-c4b6-49d7-844d-7990605a5e7e 12229 Maybe Security Update 16.0.4080.1 https://support.microsoft.com/help/5029503 12229 5029503 5029378 https://www.microsoft.com/download/details.aspx?familyid=133ae486-39ae-43a4-a2b8-248af9727190 5021124 12230 Maybe Security Update 15.0.4326.1 https://support.microsoft.com/help/5029378 12230 5029378 bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> 1.1 2023-10-16T07:00:00 <p>Updated product information in the Software Update table. This is an informational change only.</p> Azure Identity SDK Remote Code Execution Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), and privilege required is low (PR:L). What is the target used in the context of the remote code execution?</strong></p> <p>The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.</p> <p>The privilege requirement is low because the attacker needs to be authenticated as a normal user.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by passing a specially crafted OS-level command to a specific SDK property which is passed to the underlying CLI and results in remote code execution.</p> <p><strong>Which credential types provided by the Azure Identity client library are affected?</strong></p> <p>The vulnerability exists in the following credential types:</p> <ol> <li>DefaultAzureCredential</li> <li>AzureCliCredential</li> <li>AzureDeveloperCliCredential</li> <li>AzurePowerShellCredential</li> </ol> Azure SDK Microsoft Yes CVE-2023-36415 Improper Neutralization of Special Elements used in a Command ('Command Injection') 12236 12237 12235 12234 Remote Code Execution 12236 Remote Code Execution 12237 Remote Code Execution 12235 Remote Code Execution 12234 Important 12236 Important 12237 Important 12235 Important 12234 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12236 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12237 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12235 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12234 More Information https://central.sonatype.com/artifact/com.azure/azure-identity/1.10.2 12236 Maybe Security Update 1.10.2 https://github.com/Azure/azure-sdk-for-java 12236 More Information More Information https://pypi.org/project/azure-identity/1.14.1/ 12237 Maybe Security Update 1.14.1 https://github.com/Azure/azure-sdk-for-python 12237 More Information More Information https://www.nuget.org/packages/Azure.Identity/1.10.2 12235 Maybe Security Update 1.10.2 https://github.com/Azure/azure-sdk-for-net 12235 More Information More Information https://www.npmjs.com/package/@azure/identity/v/3.3.1 12234 Maybe Security Update 3.3.1 https://github.com/Azure/azure-sdk-for-js 12234 More Information <a href="https://www.xing.com/profile/martin_wrona3">Martin Wrona (martin_jw)</a> with <a href="https://www.galaxus.ch/">Digitec Galaxus AG</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> 1.1 2023-10-13T07:00:00 <p>Added an FAQ. This is an information change only.</p> Azure Identity SDK Remote Code Execution Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), and privilege required is low (PR:L). What is the target used in the context of the remote code execution?</strong></p> <p>The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.</p> <p>The privilege requirement is low because the attacker needs to be authenticated as a normal user.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by passing a specially crafted OS-level command to a specific SDK property which is passed to the underlying CLI and results in remote code execution.</p> <p><strong>Which credential types provided by the Azure Identity client library are affected?</strong></p> <p>The vulnerability exists in the following credential types:</p> <ol> <li>DefaultAzureCredential</li> <li>AzureCliCredential</li> <li>AzureDeveloperCliCredential</li> <li>AzurePowerShellCredential</li> </ol> Azure SDK Microsoft Yes CVE-2023-36414 Improper Neutralization of Special Elements used in a Command ('Command Injection') 12235 Remote Code Execution 12235 Important 12235 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:W/RC:C 12235 More Information https://www.nuget.org/packages/Azure.Identity/1.10.2 12235 Maybe Security Update 1.10.2 https://github.com/Azure/azure-sdk-for-net 12235 More Information <a href="https://www.xing.com/profile/martin_wrona3">Martin Wrona (martin_jw)</a> with <a href="https://www.galaxus.ch/">Digitec Galaxus AG</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> 1.1 2023-10-13T07:00:00 <p>Added an FAQ. This is an information change only.</p> Microsoft Edge (Chromium-based) Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:N). What does that mean for this vulnerability?</strong></p> <p>There are limited impact to Confidentiality and Integrity and no Avaibility impact from exploiting this vulnerability. An attacker would need to combine this with other vulnerabilities to perform an attack.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-36559 11655 Spoofing 11655 Low 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.2 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 118.0.2088.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Ahmed ElMasry <a href="https://www.linkedin.com/in/sazzad-mahmud-tomal-4422b0236">Sazzad Mahmud Tomal</a> <a href="https://www.linkedin.com/in/hafiizh-7aa6bb31/">Hafiizh</a> with https://www.linkedin.com/in/hafiizh-7aa6bb31/ 1.0 2023-10-13T07:00:00 <p>Information published.</p> 1.1 2023-11-03T07:00:00 <p>Added an acknowledgement. This is an informational change only.</p> Hackerone: CVE-2023-38545 SOCKS5 heap buffer overflow <p><strong>1. When will an update be available to address this vulnerability?</strong></p> <p>UPDATE: Microsoft has included version 8.4.0 of curl.exe in Windows updates released on November 14, 2023 for currently supported, on-premise versions of Windows clients and servers. See the Security Updates table in this CVE for the applicable Windows update KB numbers. Windows security updates are cumulative, so future updates will include curl 8.4.0 or higher.</p> <p>Microsoft is fully aware of this issue and is actively working to release version 8.4.0 of curl.exe in a future Windows update for currently supported, on-premise versions of Windows clients and servers. The Security Updates table for this CVE will be updated with the Windows update KB numbers for all supported versions as they are released. Customers will be notified via a revision to this security vulnerability when those KB numbers are available. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this CVE. See <a href="https://www.microsoft.com/en-us/msrc/technical-security-notifications?rtc=1">Microsoft Technical Security Notifications</a> and <a href="https://msrc-blog.microsoft.com/2022/08/09/security-update-guide-notification-system-news-create-your-profile-now/">Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center</a>.</p> <p><strong>2. What is the curl open-source project?</strong></p> <p>Curl is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various network protocols. The name stands for &quot;Client for URL&quot;. The Windows implementation provides access to the command-line tool, not the library.</p> <p><strong>3. Why is this Hackerone CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in curl.exe software which is consumed by Microsoft Windows. It is being documented in the Security Update Guide to make customers aware that Microsoft Windows is affected by this CVE, and that Microsoft will be including the curl fix for this vulnerability in a future Windows security update. Note that we do not provide CVSS scores for non-Microsoft CVEs. See <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-38545">NVD</a> for scoring information on this CVE.</p> <p><strong>4. How could an attacker exploit the vulnerability?</strong></p> <p>This vulnerability is not active by default. To exploit it, the victim must:</p> <ul> <li>Manually execute the curl.exe utility.</li> <li>Be using a SOCKS5 proxy.</li> <li>Have a rate limit option (--limit-rate) set to 65540 or lower in the case of the curl.exe utility.</li> <li>Use curl to request an attacker-controlled domain OR the attacker must be a machine-in-the-middle (MITM).</li> </ul> <p>For more information see <a href="https://curl.se/docs/CVE-2023-38545.html">CVE-2023-38545 SOCKS5 heap buffer overflow</a>.</p> <p><strong>5. What version of curl addresses this CVE?</strong></p> <p>Curl version 8.4.0 addresses this vulnerability.</p> <p><strong>6. Where can I find more information about this curl vulnerability?</strong></p> <p>More information can be found at <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-38545">NVD</a> and <a href="https://curl.se/docs/CVE-2023-38545.html">curl.se</a>.</p> <p><strong>7. Are there any workarounds that can be implemented?</strong></p> <p>IMPORTANT: Under no circumstances should you remove or replace <code>curl.exe</code>, the curl tool executable, as doing so may damage the Windows Update component store and prevent the installation of further security updates. Instead, we recommend deploying a code integrity policy that restricts the execution of vulnerable versions of <code>curl.exe</code>.</p> <p>Note that after you have implemented any of the workarounds the file will still exist on disk, and can still be detected by scanning software. The workaround only provides an operating system level guarantee that the vulnerable version of the curl tool cannot be executed.</p> <p><strong>Workaround</strong> Use a WDAC policy to deny execution of the \system32\curl.exe executable. You can merge the deny into an existing policy or create a new policy with it using the Merge-CIPolicy cmdlet; <a href="https://learn.microsoft.com/en-us/powershell/module/configci/merge-cipolicy?view=windowsserver2022-ps">Merge-CIPolicy (ConfigCI) | Microsoft Learn</a>. After the policy XML file with the deny has been created or merged with an existing policy it must be deployed.</p> <p>Choose how to deploy the policy by using one of the following methods <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide#choose-how-to-deploy-wdac-policies">Deploying Windows Defender Application Control (WDAC) policies | Microsoft Learn</a>:</p> <ul> <li>Deploy using a <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune">Mobile Device Management (MDM) </a>solution, such as Microsoft Intune</li> <li>Deploy using <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm">Microsoft Configuration Manager</a></li> <li>Deploy via <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script">script</a></li> <li>Deploy via <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy">group policy</a> Note that after you have deployed a code integrity policy workaround, the file will still exist on disk, and can still be detected by scanning software. The workaround only provides an operating system level guarantee that the vulnerable version of the curl tool cannot be executed.</li> </ul> <p>For example:</p> <p><strong>Create a new policy: (These steps will create a new policy named Deny-Curl.xml by merging the deny using the example policy named AllowAll.xml)</strong></p> <pre><code>$rule = new-cipolicyrule -DriverFilePath &quot;$env:systemroot\system32\curl.exe&quot; -Level FilePublisher -Deny $rule[0].attributes[&quot;MinimumFileVersion&quot;] = &quot;0.0.0.0&quot; $rule[0].attributes[&quot;MaximumFileVersion&quot;] = &quot;8.4.0.0&quot; merge-cipolicy &quot;$env:systemroot\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml&quot; -Rules $rule -OutputFilePath &quot;Deny-Curl.xml&quot; </code></pre> <p><strong>Merge into an existing policy</strong></p> <pre><code>$rule = new-cipolicyrule -DriverFilePath &quot;$env:systemroot\system32\curl.exe&quot; -Level FilePublisher -Deny $rule[0].attributes[&quot;MinimumFileVersion&quot;] = &quot;0.0.0.0&quot; $rule[0].attributes[&quot;MaximumFileVersion&quot;] = &quot;8.4.0.0&quot; merge-cipolicy &quot;existing_policy.xml&quot; -Rules $rule -OutputFilePath &quot;existing_policy.xml&quot; </code></pre> <p><strong>How to undo this workaround?</strong></p> <p>Guidance for how to remove WDAC policies can be found in the following documentation: <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies">Remove Windows Defender Application Control (WDAC) policies</a>.</p> Windows cURL Implementation Hackerone Yes CVE-2023-38545 Heap-based Buffer Overflow 11573 11574 11762 11763 11952 11953 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:N/A;DOS:N/A Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 11929 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 11929 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 11929 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11930 11931 Yes Security Update 10.0.19044.3693 https://support.microsoft.com/help/5032189 11930 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11930 11931 12097 12098 12099 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 12098 12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 12098 12099 5032189 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 Michael Scovetta of Microsoft Customer Security And Trust Engineering Team 1.0 2023-10-19T07:00:00 <p>Information published.</p> 1.1 2023-10-20T07:00:00 <p>Updated FAQ #4 information. This is an informational change only.</p> 2.0 2023-11-14T08:00:00 <p>Microsoft is announcing that the Windows security updates released on November 14, 2023 include curl 8.4.0, which addresses this vulnerability. Microsoft recommends that customers install the November 14, 2023 updates to ensure they have the most up-to-date version of curl. Customers whose Windows devices are configured to receive automatic updates do not need to take any further action.</p> 3.0 2024-07-09T07:00:00 <p>Microsoft is announcing that the security updates for the following supported versions of Microsoft Office include curl 8.4.0, which addresses this vulnerability: Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, and Microsoft Office 2019.</p> Hackerone: CVE-2023-38039 HTTP headers eat all memory https://nvd.nist.gov/vuln/detail/CVE-2023-38039 https://nvd.nist.gov/vuln/detail/CVE-2023-38039 <p><strong>1. When will an update be available to address this vulnerability?</strong></p> <p>Microsoft is fully aware of this issue and is actively working to release version 8.4.0 of curl.exe in a future Windows update for currently supported, on-premise versions of Windows clients and servers. The Security Updates table for this CVE will be updated with the Windows update KB numbers for all supported versions as they are released. Customers will be notified via a revision to this security vulnerability when those KB numbers are available. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this CVE. See <a href="https://www.microsoft.com/en-us/msrc/technical-security-notifications?rtc=1">Microsoft Technical Security Notifications</a> and <a href="https://msrc-blog.microsoft.com/2022/08/09/security-update-guide-notification-system-news-create-your-profile-now/">Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center</a>.</p> <p><strong>2. What is the curl open-source project?</strong></p> <p>Curl is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various network protocols. The name stands for &quot;Client for URL&quot;. The Windows implementation provides access to the command-line tool, not the library.</p> <p><strong>3. Why is this Hackerone CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in curl.exe software which is consumed by Microsoft Windows. It is being documented in the Security Update Guide to make customers aware that Microsoft Windows is affected by this CVE, and that Microsoft will be including the curl fix for this vulnerability in a future Windows security update. Note that we do not provide CVSS scores for non-Microsoft CVEs. See <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-38039">NVD</a> for scoring information on this CVE.</p> <p><strong>4. How could an attacker exploit the vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would have to convince the victim to manually launch the curl utility and direct it to connect to a compromised server. This causes a denial of service of curl.</p> <p>For more information see <a href="https://curl.se/docs/CVE-2023-38039.html">HTTP headers eat all memory</a>.</p> <p><strong>5. What version of curl addresses this CVE?</strong></p> <p>Curl version 8.4.0 addresses this vulnerability.</p> <p><strong>6. Where can I find more information about this curl vulnerability?</strong></p> <p>More information can be found at <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-38039">NVD</a> and <a href="https://curl.se/docs/CVE-2023-38039.html">curl.se</a>.</p> <p><strong>7. Are there any workarounds that can be implemented?</strong></p> <p>IMPORTANT: Under no circumstances should you remove or replace <code>curl.exe</code>, the curl tool executable, as doing so may damage the Windows Update component store and prevent the installation of further security updates. Instead, we recommend deploying a code integrity policy that restricts the execution of vulnerable versions of <code>curl.exe</code>.</p> <p>Note that after you have implemented any of the workarounds the file will still exist on disk, and can still be detected by scanning software. The workaround only provides an operating system level guarantee that the vulnerable version of the curl tool cannot be executed.</p> <p><strong>Workaround</strong> Use a WDAC policy to deny execution of the \system32\curl.exe executable. You can merge the deny into an existing policy or create a new policy with it using the Merge-CIPolicy cmdlet; <a href="https://learn.microsoft.com/en-us/powershell/module/configci/merge-cipolicy?view=windowsserver2022-ps">Merge-CIPolicy (ConfigCI) | Microsoft Learn</a>. After the policy XML file with the deny has been created or merged with an existing policy it must be deployed.</p> <p>Choose how to deploy the policy by using one of the following methods <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide#choose-how-to-deploy-wdac-policies">Deploying Windows Defender Application Control (WDAC) policies | Microsoft Learn</a>:</p> <ul> <li>Deploy using a <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune">Mobile Device Management (MDM) </a>solution, such as Microsoft Intune</li> <li>Deploy using <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm">Microsoft Configuration Manager</a></li> <li>Deploy via <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script">script</a></li> <li>Deploy via <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy">group policy</a> Note that after you have deployed a code integrity policy workaround, the file will still exist on disk, and can still be detected by scanning software. The workaround only provides an operating system level guarantee that the vulnerable version of the curl tool cannot be executed.</li> </ul> <p>For example:</p> <p><strong>Create a new policy: (These steps will create a new policy named Deny-Curl.xml by merging the deny using the example policy named AllowAll.xml)</strong></p> <pre><code>$rule = new-cipolicyrule -DriverFilePath &quot;$env:systemroot\system32\curl.exe&quot; -Level FilePublisher -Deny $rule[0].attributes[&quot;MinimumFileVersion&quot;] = &quot;0.0.0.0&quot; $rule[0].attributes[&quot;MaximumFileVersion&quot;] = &quot;8.4.0.0&quot; merge-cipolicy &quot;$env:systemroot\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml&quot; -Rules $rule -OutputFilePath &quot;Deny-Curl.xml&quot; </code></pre> <p><strong>Merge into an existing policy</strong></p> <pre><code>$rule = new-cipolicyrule -DriverFilePath &quot;$env:systemroot\system32\curl.exe&quot; -Level FilePublisher -Deny $rule[0].attributes[&quot;MinimumFileVersion&quot;] = &quot;0.0.0.0&quot; $rule[0].attributes[&quot;MaximumFileVersion&quot;] = &quot;8.4.0.0&quot; merge-cipolicy &quot;existing_policy.xml&quot; -Rules $rule -OutputFilePath &quot;existing_policy.xml&quot; </code></pre> <p><strong>How to undo this workaround?</strong></p> <p>Guidance for how to remove WDAC policies can be found in the following documentation: <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies">Remove Windows Defender Application Control (WDAC) policies</a>.</p> Windows cURL Implementation HackerOne Yes CVE-2023-38039 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12140 12139 12242 12243 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12140 12139 Denial of Service 12242 Denial of Service 12243 Low 11568 Low 11569 Low 11570 Low 11571 Low 11572 Low 11923 Low 11924 Low 11926 Low 11927 Low 11929 Low 11930 Low 11931 Low 12085 Low 12086 Low 12097 Low 12098 Low 12099 Low 12140 12139 Low 12242 Low 12243 Publicly Disclosed:Yes;Exploited:No;DOS:N/A 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032196 5032196 https://support.microsoft.com/help/5032196 11568 11569 11570 11571 11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 11923 11924 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 11923 11924 5032198 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 11926 11927 11929 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 11926 11927 11929 5032192 5032192 https://support.microsoft.com/help/5032192 11926 11927 11929 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 11930 11931 Yes Security Update 10.0.19044.3693 https://support.microsoft.com/help/5032189 11930 11931 5032189 5032189 https://support.microsoft.com/help/5032189 11930 11931 12097 12098 12099 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12085 12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12085 12086 5032190 5032190 https://support.microsoft.com/help/5032190 12085 12086 12242 12243 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12097 12098 12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12097 12098 12099 5032189 curl 12140 curl-8.3.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 curl-devel-8.3.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 curl-libs-8.3.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 curl-debuginfo-8.3.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.3.0-1 https://nvd.nist.gov/vuln/detail/CVE-2023-38039 12140 curl curl 12139 curl-8.3.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 curl-devel-8.3.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 curl-libs-8.3.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 curl-debuginfo-8.3.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.3.0-1 https://nvd.nist.gov/vuln/detail/CVE-2023-38039 12139 curl 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12242 12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12242 12243 5032190 HackerOne with <a href="https://www.hackerone.com/">HackerOne</a> Anonymous 1.0 2023-10-19T07:00:00 <p>Information published.</p> 1.1 2023-10-20T07:00:00 <p>Updated FAQ #4 and corrected one or more links in the FAQs. These are informational changes only.</p> 2.0 2023-11-14T08:00:00 <p>Microsoft is announcing that the Windows security updates released on November 14, 2023 include curl 8.4.0, which addresses this vulnerability. Microsoft recommends that customers install the November 14, 2023 updates to ensure they have the most up-to-date version of curl. Customers whose Windows devices are configured to receive automatic updates do not need to take any further action.</p> Layer 2 Tunneling Protocol Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p> Windows Layer 2 Tunneling Protocol Microsoft Yes CVE-2023-38166 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 Microsoft’s Windows Servicing and Delivery Group – Network Security and Containers (NSC) Team 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows Graphics Component Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Microsoft Graphics Component Microsoft Yes CVE-2023-38159 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 Anonymous working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft ODBC Driver 17 or 18 for SQL Server. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft ODBC Driver 17 or 18 for SQL Server. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5029503</td> <td>Security update for SQL Server 2022 CU8+GDR</td> <td>16.0.4003.1 - 16.0.4075.1</td> <td>KB 5029666 - SQL2022 RTM CU8</td> </tr> <tr> <td>5029379</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1050.5</td> <td>KB 5021522 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5029378</td> <td>Security update for SQL Server 2019 CU22+GDR</td> <td>15.0.4003.23 - 15.0.4322.2</td> <td>KB 5027702 - SQL2019 RTM CU22</td> </tr> <tr> <td>5029377</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2101.7</td> <td>KB 5021125 - Previous SQL2019 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable).</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the client receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p> SQL Server Microsoft Yes CVE-2023-36785 Integer Underflow (Wrap or Wraparound) 11821 12147 12193 12194 12195 12196 12197 12198 12230 12229 Remote Code Execution 11821 Remote Code Execution 12147 Remote Code Execution 12193 Remote Code Execution 12194 Remote Code Execution 12195 Remote Code Execution 12196 Remote Code Execution 12197 Remote Code Execution 12198 Remote Code Execution 12230 Remote Code Execution 12229 Important 11821 Important 12147 Important 12193 Important 12194 Important 12195 Important 12196 Important 12197 Important 12198 Important 12230 Important 12229 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12193 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12194 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12195 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12196 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12197 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12198 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12230 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12229 5029377 https://www.microsoft.com/download/details.aspx?familyid=4ad4dd87-9e09-4848-92b0-4c06058a8fcf 5021125 11821 Maybe Security Update 15.0.2104.1 https://support.microsoft.com/help/5029377 11821 5029377 5029379 https://www.microsoft.com/download/details.aspx?familyid=59387692-a103-47b7-aae0-96a679fdd2e6 5021522 12147 Maybe Security Update 16.0.1105.1 https://support.microsoft.com/help/5029379 12147 5029379 Release Notes https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17105 12193 Maybe Security Update 17.10.5.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17105 12193 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/release-notes-odbc-sql-server-linux-mac#1832-october-2023 12194 Maybe Security Update 17.10.5.1 https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#18 12194 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/release-notes-odbc-sql-server-linux-mac#17105-october-2023 12195 Maybe Security Update 17.10.5.1 https://learn.microsoft.com/sql/connect/odbc/linux-mac/install-microsoft-odbc-driver-sql-server-macos#17 12195 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1832 12196 Maybe Security Update 18.3.2.1 https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1832 12196 Release Notes Release Notes https://learn.microsoft.com/sql/connect/odbc/linux-mac/release-notes-odbc-sql-server-linux-mac#1832-october-2023 12197 12198 Maybe Security Update 18.3.2.1 https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#18 12197 12198 Release Notes 5029378 https://www.microsoft.com/download/details.aspx?familyid=133ae486-39ae-43a4-a2b8-248af9727190 5021124 12230 Maybe Security Update 15.0.4326.1 https://support.microsoft.com/help/5029378 12230 5029378 5029503 https://www.microsoft.com/download/details.aspx?familyid=93bbe74d-c4b6-49d7-844d-7990605a5e7e 12229 Maybe Security Update 16.0.4080.1 https://support.microsoft.com/help/5029503 12229 5029503 <p><strong>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigating factors</a> might be helpful in your situation:</strong></p> <p>Exploitation of this vulnerability requires an attacker to trick or convince the victim into connecting to their malicious server. If your environment only connects to known, trusted servers and there is no ability to reconfigure existing connections to point to another location (for example you use TLS encryption with certificate validation), the vulnerability cannot be exploited.</p> bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.1 2023-10-11T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Skype for Business Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this input validation vulnerability, an attacker would need access to an authenticated user account holding CsHelpDesk administrative privileges, hosting a malicious <code>C++/CLI</code> assembly in the shared directory.</p> <p>The attacker would also need to create a remote PowerShell session in order to run the insecure <code>Get-Help</code> cmdlet at server context.</p> <p>This exploit would allow the attacker to gain remote code execution on the Skype for Business Server backend.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker or targeted user to be granted an administrative role in the Skype for Business Control Panel.</p> <p>To help retain security and role-based access control integrity, add users to the groups that define what role the user performs in management of the Skype for Business Server deployment.</p> <p><strong>If I’m running PowerShell, how am I exposed to this vulnerability?</strong></p> <p>The vulnerability exists in PowerShell when exposed through Microsoft Exchange or Skype. This occurs when someone creates a custom endpoint, called restricted remoting, that exposes the &quot;GetHelp&quot; command without a proxy that validates the input.</p> Skype for Business Microsoft Yes CVE-2023-36780 Untrusted Search Path 12223 12224 Remote Code Execution 12223 Remote Code Execution 12224 Important 12223 Important 12224 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12223 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12224 4470124 https://support.microsoft.com/help/4470124 12223 Maybe Security Update 7.0.246.530 https://support.microsoft.com/help/4470124 12223 4470124 4470124 https://support.microsoft.com/help/4470124 12223 3061064 https://www.microsoft.com/download/details.aspx?familyid=0d08ed37-106a-456f-a5c6-61df22588bec 12224 Maybe Security Update 6.0.9319.869 https://support.microsoft.com/help/3061064 12224 3061064 3061064 https://support.microsoft.com/help/3061064 12224 Anonymous 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Exchange Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker could exploit this vulnerability with LAN access.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker who is on the same intranet as the Exchange server can achieve remote code execution via a PowerShell remoting session.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?</strong></p> <p>Yes, the attacker must be authenticated with LAN-access and have credentials for a valid Exchange user.</p> <p><strong>What can cause this vulnerability?</strong></p> <p>The vulnerability occurs due to improper validation of cmdlet arguments.</p> <p><strong>Does the attacker need to be in an authenticated role in the Exchange Server?</strong></p> <p>Yes, the attacker must be authenticated.</p> Microsoft Exchange Server Microsoft Yes CVE-2023-36778 Untrusted Search Path 12191 12038 12039 Remote Code Execution 12191 Remote Code Execution 12038 Remote Code Execution 12039 Important 12191 Important 12038 Important 12039 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12191 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12038 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 5030877 https://www.microsoft.com/download/details.aspx?familyid=b06d4704-241a-48a1-9be8-a079804e2987 5030524 12191 Yes Security Update 15.02.1258.027 https://support.microsoft.com/help/5030877 12191 5030877 5030877 https://www.microsoft.com/download/details.aspx?familyid=d4fedb8b-301b-452c-80a6-b5ea046b4c05 5030524 12038 Yes Security Update 15.02.1118.039 https://support.microsoft.com/help/5030877 12038 5030877 5030877 https://www.microsoft.com/download/details.aspx?familyid=4fae83a5-23d7-4495-aa07-1a69916a96d7 5026261 12039 Yes Security Update 15.01.2507.034 https://support.microsoft.com/help/5030877 12039 5030877 <a href="https://github.com/zcgonvh">zcgonvh</a> 1.0 2023-10-10T07:00:00 <p>Information published.</p> Win32k Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Win32K Microsoft Yes CVE-2023-36776 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 jackery 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows RDP Microsoft Yes CVE-2023-36790 Improper Access Control 9312 10287 9318 9344 10051 10049 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 OUYANG FEI 1.0 2023-10-10T07:00:00 <p>Information published.</p> Win32k Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Win32K Microsoft Yes CVE-2023-36743 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 Anonymous 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Common Data Model SDK Denial of Service Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Microsoft Common Data Model SDK Microsoft Yes CVE-2023-36566 Improper Input Validation 12239 12240 12241 12238 Denial of Service 12239 Denial of Service 12240 Denial of Service 12241 Denial of Service 12238 Important 12239 Important 12240 Important 12241 Important 12238 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12239 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12240 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12241 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12238 Release Notes https://central.sonatype.com/artifact/com.microsoft.commondatamodel/objectmodel?smo=true 12239 Maybe Security Update 1.7.4 https://github.com/microsoft/CDM 12239 Release Notes Release Notes https://www.npmjs.com/package/cdm.objectmodel 12240 Maybe Security Update 1.7.4 https://github.com/microsoft/CDM 12240 Release Notes Release Notes https://pypi.org/project/commondatamodel-objectmodel/ 12241 Maybe Security Update 1.7.4 https://github.com/microsoft/CDM 12241 Release Notes Release Notes https://www.nuget.org/profiles/CommonDataModel/ 12238 Maybe Security Update 1.7.4 https://github.com/microsoft/CDM 12238 Release Notes Degant Puri Scott Gorlick 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Office Graphics Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> Microsoft Office Microsoft Yes CVE-2023-36565 Use After Free 11575 11951 12155 12156 Elevation of Privilege 11575 Elevation of Privilege 11951 Elevation of Privilege 12155 Elevation of Privilege 12156 Important 11575 Important 11951 Important 12155 Important 12156 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11575 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12155 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12156 Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Maybe Security Update 16.78.23100802 https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Release Notes Release Notes https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow 12155 Maybe Security Update 16.0.16827.20138 https://support.google.com/googleplay/answer/113412?hl=en 12155 Release Notes Release Notes https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 12156 Maybe Security Update 16.0.14326.21606 https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 12156 Release Notes jackery 1.0 2023-10-10T07:00:00 <p>Information published.</p> Windows MSHTML Platform Remote Code Execution Vulnerability <p><strong>How could an attacker successfully exploit this vulnerability?</strong></p> <p>An attacker could successfully exploit this vulnerability by invoking the PrintHTML API from a locally running application (or by tricking a user into doing so) which could allow the attacker to launch an app via application protocols without prompting the user.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2012 and Windows Server 2012 R2?</strong></p> <p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p> <p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p> Windows HTML Platform Microsoft Yes CVE-2023-36436 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19041.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031377 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031377 5030220 10729 10735 Yes Security Update 10.0.10240.20232 https://support.microsoft.com/help/5031377 10729 10735 5031377 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 https://support.microsoft.com/help/5031416 9312 10287 9318 9344 5031416 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 https://support.microsoft.com/help/5031411 9312 10287 9318 9344 5031411 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031355 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031355 5030209 10378 10379 10483 10543 Yes IE Cumulative 1.001 https://support.microsoft.com/help/5031355 10378 10379 10483 10543 5031355 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 Daniel Weglowski 1.0 2023-10-10T07:00:00 <p>Information published.</p> 1.1 2023-11-08T08:00:00 <p>Updated acknowledgment.</p> Azure RTOS GUIX Studio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Azure Real Time Operating System Microsoft Yes CVE-2023-36418 Double Free 12055 12231 Remote Code Execution 12055 Remote Code Execution 12231 Important 12055 Important 12231 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12055 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12231 More Information https://apps.microsoft.com/store/detail/azure-rtos-guix-studio/9PBM1K1R7Q0F?hl=en-us&gl=us 12055 Yes Security Update 6.3.0 https://learn.microsoft.com/en-us/azure/rtos/guix/guix-studio-2 12055 More Information More Information https://apps.microsoft.com/store/detail/azure-rtos-guix-studio/9PBM1K1R7Q0F?hl=en-us&gl=us&ocid=pdpshare 12231 Yes Security Update 6.3.0 https://apps.microsoft.com/store/detail/azure-rtos-guix-studio/9PBM1K1R7Q0F?hl=en-us&gl=us&ocid=pdpshare 12231 More Information kap0k 1.0 2023-10-10T07:00:00 <p>Information published.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Limited information from the victim's browser associated with the vulnerable URL can be sent to the attacker by the malicious code.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>What updates do I need to install to be protected from this vulnerability?</strong></p> <p>Customers need to install the July 2023 Microsoft Dynamics 365 (on premises) security updates which are listed in the Security Updates table. Customers who have installed the July 2023 security updates are already protected from this vulnerability.</p> Microsoft Dynamics Microsoft Yes CVE-2023-36416 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11921 11664 Spoofing 11921 Spoofing 11664 Important 11921 Important 11664 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11921 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11664 5026501 https://www.microsoft.com/en-us/download/details.aspx?id=105284 11921 Maybe Security Update 9.1.18.22 https://support.microsoft.com/help/5026501 11921 5026501 5026500 https://www.microsoft.com/en-us/download/details.aspx?id=105283 11664 Maybe Security Update 9.0.47.08 https://support.microsoft.com/help/5026500 11664 5026500 <a href="https://batr.am/">batram</a> 1.0 2023-10-10T07:00:00 <p>Information published. This CVE was addressed by updates that were released in July 2023, but the CVE was inadvertently omitted from the July 2023 Security Updates. Microsoft strongly recommends that customers running affected versions of Microsoft Dynamics 365 (on-premises) install the July 2023 updates to be protected from this vulnerability.</p> Chromium: CVE-2023-5346 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>117.0.2045.55</td> <td>117.0.5938.149/.150</td> <td>10/4/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5346 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 117.0.2045.55 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-10-04T21:51:34 <p>Information published.</p> Chromium: CVE-2023-5487 Inappropriate implementation in Fullscreen <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>118.0.2088.46</td> <td>118.0.5993.70/.71</td> <td>10/13/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5487 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 118.0.2088.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-10-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5486 Inappropriate implementation in Input <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>118.0.2088.46</td> <td>118.0.5993.70/.71</td> <td>10/13/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5486 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 118.0.2088.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-10-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5484 Inappropriate implementation in Navigation <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>118.0.2088.46</td> <td>118.0.5993.70/.71</td> <td>10/13/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5484 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 118.0.2088.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-10-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5485 Inappropriate implementation in Autofill <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>118.0.2088.46</td> <td>118.0.5993.70/.71</td> <td>10/13/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5485 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 118.0.2088.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-10-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5481 Inappropriate implementation in Downloads <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>118.0.2088.46</td> <td>118.0.5993.70/.71</td> <td>10/13/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5481 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 118.0.2088.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-10-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5483 Inappropriate implementation in Intents <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>118.0.2088.46</td> <td>118.0.5993.70/.71</td> <td>10/13/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5483 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 118.0.2088.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-10-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5479 Inappropriate implementation in Extensions API <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>118.0.2088.46</td> <td>118.0.5993.70/.71</td> <td>10/13/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5479 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 118.0.2088.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-10-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5478 Inappropriate implementation in Autofill <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>118.0.2088.46</td> <td>118.0.5993.70/.71</td> <td>10/13/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5478 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 118.0.2088.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-10-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5477 Inappropriate implementation in Installer <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>118.0.2088.46</td> <td>118.0.5993.70/.71</td> <td>10/13/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5477 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 118.0.2088.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-10-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5476 Use after free in Blink History <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>118.0.2088.46</td> <td>118.0.5993.70/.71</td> <td>10/13/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5476 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 118.0.2088.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-10-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5475 Inappropriate implementation in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>118.0.2088.46</td> <td>118.0.5993.70/.71</td> <td>10/13/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5475 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 118.0.2088.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-10-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5473 Use after free in Cast <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>118.0.2088.46</td> <td>118.0.5993.70/.71</td> <td>10/13/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5473 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 118.0.2088.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-10-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5218 Use after free in Site Isolation <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>118.0.2088.46</td> <td>118.0.5993.70/.71</td> <td>10/13/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5218 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 118.0.2088.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-10-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5474 Heap buffer overflow in PDF <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>118.0.2088.46</td> <td>118.0.5993.70/.71</td> <td>10/13/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5474 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 118.0.2088.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-10-13T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Information Disclosure Vulnerability <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>118.0.2088.46</td> <td>118.0.5993.70/.71</td> <td>10/13/2023</td> </tr> </tbody> </table> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Enclave memory read - unprivileged write to enclave memory from a host application, which can leak memory contents of the enclave.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker who successfully exploits the vulnerability could lead to file overwrite, which has minimal impact.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-36409 11655 Information Disclosure 11655 Moderate 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 118.0.2088.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Alex Gough with Google 1.0 2023-10-20T07:00:00 <p>Information published.</p> Adobe: CVE-2023-44323 Adobe PDF Remote Code Execution Vulnerability <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>118.0.2088.76</td> <td>10/27/2023</td> <td>118.0.5993.117/.118</td> </tr> </tbody> </table> <p><strong>Why is this Adobe CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Adobe software which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Adobe Adobe Systems Incorporated Yes CVE-2023-44323 11655 Remote Code Execution 11655 Moderate 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Release Notes 11655 No Security Update 118.0.2088.76 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes HAO LI of VenusTech ADLab 1.0 2023-10-27T07:00:00 <p>Information published.</p> Chromium: CVE-2023-5472: Use after free in Profiles <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>118.0.2088.76</td> <td>10/27/2023</td> <td>118.0.5993.117/.118</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5472 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 118.0.2088.76 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-10-27T21:36:28 <p>Information published.</p> Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is remote heap memory.</p> Windows RDP Microsoft Yes CVE-2023-29348 Exposure of Sensitive Information to an Unauthorized Actor 11571 11572 11923 11924 10816 10855 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10816 10855 5031362 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 https://support.microsoft.com/help/5031408 10051 10049 5031408 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 https://support.microsoft.com/help/5031441 10051 10049 5031441 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 https://support.microsoft.com/help/5031442 10378 10379 5031442 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 https://support.microsoft.com/help/5031427 10378 10379 5031427 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 https://support.microsoft.com/help/5031419 10483 10543 5031419 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 https://support.microsoft.com/help/5031407 10483 10543 5031407 Microsoft Offensive Research & Security Engineering (MORSE) 1.0 2023-10-10T07:00:00 <p>Information published.</p> 1.1 2023-10-20T07:00:00 <p>Added an FAQ. This is an information change only.</p> 1.3 2023-11-06T08:00:00 <p>Added FAQ information. This is an informational change only.</p> 1.4 2024-07-19T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-25661 https://nvd.nist.gov/vuln/detail/CVE-2023-25661 Mariner security-advisories@github.com Yes CVE-2023-25661 12139 12140 12139 12140 12139 12140 DOS:N/A 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 tensorflow 12139 python3-tensorflow-2.11.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-tf-nightly-2.11.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 tensorflow-debuginfo-2.11.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.11.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-25661 12139 tensorflow tensorflow 12140 CBL-Mariner 2.11.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-25661 12140 tensorflow 1.0 2023-10-11T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-42753 https://nvd.nist.gov/vuln/detail/CVE-2023-42753 https://nvd.nist.gov/vuln/detail/CVE-2023-42753 https://nvd.nist.gov/vuln/detail/CVE-2023-42753 Mariner secalert@redhat.com Yes CVE-2023-42753 12139 12140 12139 12140 12139 12140 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 hyperv-daemons 12139 hyperv-daemons-5.15.133.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.133.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.133.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.133.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.133.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.133.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.133.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.133.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-42753 12139 hyperv-daemons kernel 12139 kernel-5.15.135.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.135.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.135.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.135.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.135.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.135.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.135.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.135.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.135.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.135.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.135.1-2 https://nvd.nist.gov/vuln/detail/CVE-2023-42753 12139 kernel hyperv-daemons 12140 hyperv-daemons-5.15.133.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.133.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.133.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.133.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.133.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.133.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.133.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.133.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-42753 12140 hyperv-daemons kernel 12140 kernel-5.15.135.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.135.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.135.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.135.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.135.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.135.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.135.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.135.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.135.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.135.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.135.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.135.1-2 https://nvd.nist.gov/vuln/detail/CVE-2023-42753 12140 kernel 1.0 2023-10-03T00:00:00 <p>Information published.</p> 1.1 2023-09-27T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 Mariner cve@mitre.org Yes CVE-2023-24329 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 12137 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 12138 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 12140 python2 12137 python2-2.7.18-12.cm1.x86_64.rpm 0001-01-01T00:00:00 python2-libs-2.7.18-12.cm1.x86_64.rpm 0001-01-01T00:00:00 python-xml-2.7.18-12.cm1.x86_64.rpm 0001-01-01T00:00:00 python-curses-2.7.18-12.cm1.x86_64.rpm 0001-01-01T00:00:00 python2-devel-2.7.18-12.cm1.x86_64.rpm 0001-01-01T00:00:00 python2-tools-2.7.18-12.cm1.x86_64.rpm 0001-01-01T00:00:00 python2-test-2.7.18-12.cm1.x86_64.rpm 0001-01-01T00:00:00 python2-debuginfo-2.7.18-12.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.7.18-12 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 12137 python2 python3 12137 python3-3.7.13-6.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-libs-3.7.13-6.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-xml-3.7.13-6.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-curses-3.7.13-6.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-devel-3.7.13-6.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-tools-3.7.13-6.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-pip-3.7.13-6.cm1.noarch.rpm 0001-01-01T00:00:00 python3-setuptools-3.7.13-6.cm1.noarch.rpm 0001-01-01T00:00:00 python3-test-3.7.13-6.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-debuginfo-3.7.13-6.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.7.13-6 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 12137 python3 python2 12138 python2-2.7.18-12.cm1.aarch64.rpm 0001-01-01T00:00:00 python2-libs-2.7.18-12.cm1.aarch64.rpm 0001-01-01T00:00:00 python-xml-2.7.18-12.cm1.aarch64.rpm 0001-01-01T00:00:00 python-curses-2.7.18-12.cm1.aarch64.rpm 0001-01-01T00:00:00 python2-devel-2.7.18-12.cm1.aarch64.rpm 0001-01-01T00:00:00 python2-tools-2.7.18-12.cm1.aarch64.rpm 0001-01-01T00:00:00 python2-test-2.7.18-12.cm1.aarch64.rpm 0001-01-01T00:00:00 python2-debuginfo-2.7.18-12.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.7.18-12 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 12138 python2 python3 12138 python3-3.7.13-6.cm1.aarch64.rpm 0001-01-01T00:00:00 python3-libs-3.7.13-6.cm1.aarch64.rpm 0001-01-01T00:00:00 python3-xml-3.7.13-6.cm1.aarch64.rpm 0001-01-01T00:00:00 python3-curses-3.7.13-6.cm1.aarch64.rpm 0001-01-01T00:00:00 python3-devel-3.7.13-6.cm1.aarch64.rpm 0001-01-01T00:00:00 python3-tools-3.7.13-6.cm1.aarch64.rpm 0001-01-01T00:00:00 python3-pip-3.7.13-6.cm1.noarch.rpm 0001-01-01T00:00:00 python3-setuptools-3.7.13-6.cm1.noarch.rpm 0001-01-01T00:00:00 python3-test-3.7.13-6.cm1.aarch64.rpm 0001-01-01T00:00:00 python3-debuginfo-3.7.13-6.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.7.13-6 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 12138 python3 python3 12139 python3-3.9.14-8.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-libs-3.9.14-8.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-curses-3.9.14-8.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-devel-3.9.14-8.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-tools-3.9.14-8.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-pip-3.9.14-8.cm2.noarch.rpm 0001-01-01T00:00:00 python3-setuptools-3.9.14-8.cm2.noarch.rpm 0001-01-01T00:00:00 python3-test-3.9.14-8.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-debuginfo-3.9.14-8.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.9.14-8 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 12139 python3 python3 12140 python3-3.9.14-8.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-libs-3.9.14-8.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-curses-3.9.14-8.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-devel-3.9.14-8.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-tools-3.9.14-8.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-pip-3.9.14-8.cm2.noarch.rpm 0001-01-01T00:00:00 python3-setuptools-3.9.14-8.cm2.noarch.rpm 0001-01-01T00:00:00 python3-test-3.9.14-8.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-debuginfo-3.9.14-8.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.9.14-8 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 12140 python3 1.0 2023-02-27T00:00:00 <p>Information published.</p> 1.1 2023-02-28T00:00:00 <p>Added python2 to CBL-Mariner 1.0</p> 1.2 2023-10-11T00:00:00 <p>Added python3 to CBL-Mariner 2.0</p> https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 Mariner cve@mitre.org Yes CVE-2023-40217 12139 12140 12139 12140 12139 12140 DOS:N/A 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 12139 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 12140 python3 12139 python3-3.9.19-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-libs-3.9.19-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-curses-3.9.19-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-devel-3.9.19-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-tools-3.9.19-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-pip-3.9.19-1.cm2.noarch.rpm 0001-01-01T00:00:00 python3-setuptools-3.9.19-1.cm2.noarch.rpm 0001-01-01T00:00:00 python3-test-3.9.19-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-debuginfo-3.9.19-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.9.19-1 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 12139 python3 python3 12140 python3-3.9.19-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-libs-3.9.19-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-curses-3.9.19-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-devel-3.9.19-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-tools-3.9.19-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-pip-3.9.19-1.cm2.noarch.rpm 0001-01-01T00:00:00 python3-setuptools-3.9.19-1.cm2.noarch.rpm 0001-01-01T00:00:00 python3-test-3.9.19-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-debuginfo-3.9.19-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.9.19-1 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 12140 python3 1.0 2023-10-11T00:00:00 <p>Information published.</p> MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack HTTP/2 MITRE Corporation Yes CVE-2023-44487 Uncontrolled Resource Consumption 12009 11968 12130 12051 12129 12187 12222 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10852 10853 10816 10855 12233 Denial of Service 12009 Denial of Service 11968 Denial of Service 12130 Denial of Service 12051 Denial of Service 12129 Denial of Service 12187 Denial of Service 12222 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 12233 Important 12009 Important 11968 Important 12130 Important 12051 Important 12129 Important 12187 Important 12222 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10852 Important 10853 Important 10816 Important 10855 Important 12233 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A 5032874 https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.24 https://support.microsoft.com/help/5032874 12009 5032874 Release Notes https://dotnet.microsoft.com/download/dotnet/6.0 11968 Maybe Security Update 6.0.24 https://github.com/dotnet/aspnetcore/issues/51264 11968 Release Notes 5032875 https://dotnet.microsoft.com/en-us/download/dotnet/7.0 12130 Maybe Security Update 7.0.13 https://support.microsoft.com/help/5032875 12130 5032875 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.21 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.13 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.9 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.7 12222 Maybe Security Update 17.7.6 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12222 Release Notes 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4974 https://support.microsoft.com/help/5031361 11568 11569 11570 11571 11572 5031361 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 https://support.microsoft.com/help/5031364 11923 11924 5031364 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031358 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031358 5030217 11926 11927 Yes Security Update 10.0.22000.2538 https://support.microsoft.com/help/5031358 11926 11927 5031358 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 11929 11930 11931 Yes Security Update 10.0.19044.3570 https://support.microsoft.com/help/5031356 11929 11930 11931 5031356 5031356 https://support.microsoft.com/help/5031356 11929 11930 11931 12097 12098 12099 5031354 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031354 5030219 12085 12086 Yes Security Update 10.0.22621.2428 https://support.microsoft.com/help/5031354 12085 12086 5031354 5031356 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031356 5030211 12097 12098 12099 Yes Security Update 10.0.19045.3570 https://support.microsoft.com/help/5031356 12097 12098 12099 5031356 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10852 10853 10816 10855 Yes Security Update 10.0.14393.6351 https://support.microsoft.com/help/5031362 10852 10853 10816 10855 5031362 Release Notes https://dotnet.microsoft.com/download/dotnet/7.0 12233 Maybe Security Update 7.0.13 https://github.com/dotnet/aspnetcore/issues/51264 12233 Release Notes <p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">workarounds</a> might be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as possible even if you plan to leave either of these workarounds in place:</p> <p><strong>Disable the HTTP/2 protocol on your web server by using the Registry Editor</strong></p> <p><strong>Note</strong> Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the &quot;Changing Keys and Values&quot; Help topic in Registry Editor (Regedit.exe) or view the &quot;Add and Delete Information in the Registry&quot; and &quot;Edit Registry Data&quot; Help topics in Regedt32.exe.</p> <ol> <li>Click <strong>Start</strong>, click <strong>Run</strong>, type <strong>Regedit</strong> in the <strong>Open</strong> box, and then click <strong>OK</strong>.</li> <li>Locate and then click the following registry subkey: <code>HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters</code></li> <li>Set <strong>DWORD</strong> type values <code>EnableHttp2Tls</code> and <code>EnableHttp2Cleartext</code> to one of the following: <ul> <li>Set to <strong>0</strong> to disable HTTP/2</li> <li>Set to <strong>1</strong> to enable HTTP/2</li> </ul> </li> <li>Exit Registry Editor.</li> <li>Restart the computer.</li> </ol> <p><strong>Include a protocols setting for each Kestrel endpoint to limit your application to HTTP1.1</strong></p> <p>For .NET and Kestrel, servers without HTTP/2 enabled are not affected. To limit your application to HTTP1.1 via config, edit your appsettings.json to include a protocols setting for each endpoint:</p> <pre><code> &quot;Kestrel&quot;: { &quot;Endpoints&quot;: { &quot;http&quot;: { // your existing config &quot;Protocols&quot;: &quot;Http1&quot; }, &quot;https&quot;: { // your existing config &quot;Protocols&quot;: &quot;Http1&quot; } } } ``` </code></pre> Amazon, Cloudflare, and Google 1.0 2023-10-10T07:00:00 <p>Information published.</p> 1.3 2023-10-16T07:00:00 <p>Updated product information in the Software Update table. This is an informational change only.</p> 2.0 2024-12-10T08:00:00 <p>To comprehensively address CVE-2023-44487, Microsoft released security updates on October 24, 2023 for all affected versions of .NET and Microsoft Visual Studio.</p> <p>Microsoft recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> 1.1 2023-10-12T07:00:00 <p>In the Security Updates table, corrected Article links for ASP.NET Core 6.0 and ASP.NET Core 7.0. This is an informational change only.</p> 1.2 2023-10-13T07:00:00 <p>In the Workarounds section, corrected the font for the DWORD values &quot;EnableHttp2Tls&quot; (TLS as in Transport Layer Security) and EnableHttp2Cleartext for readability. Note that the &quot;I&quot; should be interpreted as &quot;L&quot; and not an &quot;i&quot;.</p> 2.1 2025-04-15T07:00:00 <p>Corrected Build Numbers in the Security Updates table. This is an informational change only.</p>