September 2023 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2023-Sep 2023-Sep Final 1.0 76 2026-02-18T03:13:21 September 2023 Security Updates 2023-09-12T07:00:00 2026-02-18T03:13:21 <h2 id="this-release-consists-of-the-following-59-microsoft-cves">This release consists of the following 59 Microsoft CVEs:</h2> <table> <thead> <tr> <th>Tag</th> <th>CVE</th> <th>Base Score</th> <th>CVSS Vector</th> <th>Exploitability</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Microsoft Azure Kubernetes Service</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29332">CVE-2023-29332</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure DevOps</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33136">CVE-2023-33136</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cloud Files Mini Filter Driver</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35355">CVE-2023-35355</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Identity Linux Broker</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36736">CVE-2023-36736</a></td> <td>4.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>3D Viewer</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36739">CVE-2023-36739</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>3D Viewer</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36740">CVE-2023-36740</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Visual Studio Code</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36742">CVE-2023-36742</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36744">CVE-2023-36744</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36745">CVE-2023-36745</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36756">CVE-2023-36756</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36757">CVE-2023-36757</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36758">CVE-2023-36758</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36759">CVE-2023-36759</a></td> <td>6.7</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>3D Viewer</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36760">CVE-2023-36760</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36761">CVE-2023-36761</a></td> <td>6.2</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36762">CVE-2023-36762</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Outlook</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36763">CVE-2023-36763</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36764">CVE-2023-36764</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36765">CVE-2023-36765</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36766">CVE-2023-36766</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36767">CVE-2023-36767</a></td> <td>4.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>3D Builder</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36770">CVE-2023-36770</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>3D Builder</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36771">CVE-2023-36771</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>3D Builder</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36772">CVE-2023-36772</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>3D Builder</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36773">CVE-2023-36773</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36777">CVE-2023-36777</a></td> <td>5.7</td> <td>CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET Framework</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36788">CVE-2023-36788</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET and Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36792">CVE-2023-36792</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET and Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36793">CVE-2023-36793</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET and Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36794">CVE-2023-36794</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET and Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36796">CVE-2023-36796</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET Core &amp; Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36799">CVE-2023-36799</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics Finance &amp; Operations</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36800">CVE-2023-36800</a></td> <td>7.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DHCP Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36801">CVE-2023-36801</a></td> <td>5.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Microsoft Streaming Service</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36802">CVE-2023-36802</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36803">CVE-2023-36803</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows GDI</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36804">CVE-2023-36804</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Scripting</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36805">CVE-2023-36805</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36886">CVE-2023-36886</a></td> <td>7.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38139">CVE-2023-38139</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38140">CVE-2023-38140</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38141">CVE-2023-38141</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38142">CVE-2023-38142</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Common Log File System Driver</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38143">CVE-2023-38143</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Common Log File System Driver</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38144">CVE-2023-38144</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Themes</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38146">CVE-2023-38146</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows Codecs Library</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38147">CVE-2023-38147</a></td> <td>8.8</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Internet Connection Sharing (ICS)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38148">CVE-2023-38148</a></td> <td>8.8</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows TCP/IP</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38149">CVE-2023-38149</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td><strong>Yes</strong></td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38150">CVE-2023-38150</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DHCP Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38152">CVE-2023-38152</a></td> <td>5.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Azure DevOps</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38155">CVE-2023-38155</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure HDInsights</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38156">CVE-2023-38156</a></td> <td>7.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows TCP/IP</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38160">CVE-2023-38160</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows GDI</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38161">CVE-2023-38161</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DHCP Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38162">CVE-2023-38162</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Defender</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38163">CVE-2023-38163</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38164">CVE-2023-38164</a></td> <td>7.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-41764">CVE-2023-41764</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="we-are-republishing-21-non-microsoft-cves">We are republishing 21 non-Microsoft CVEs:</h2> <table> <thead> <tr> <th>CNA</th> <th>Tag</th> <th>CVE</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Autodesk</td> <td>3D Viewer</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41303">CVE-2022-41303</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-1999">CVE-2023-1999</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Electron</td> <td>Visual Studio Code</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-39956">CVE-2023-39956</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-4761">CVE-2023-4761</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-4762">CVE-2023-4762</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-4763">CVE-2023-4763</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-4764">CVE-2023-4764</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-4863">CVE-2023-4863</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-4900">CVE-2023-4900</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-4901">CVE-2023-4901</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-4902">CVE-2023-4902</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-4903">CVE-2023-4903</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-4904">CVE-2023-4904</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-4905">CVE-2023-4905</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-4906">CVE-2023-4906</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-4907">CVE-2023-4907</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-4908">CVE-2023-4908</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-4909">CVE-2023-4909</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-5186">CVE-2023-5186</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-5187">CVE-2023-5187</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-5217">CVE-2023-5217</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-resources">Relevant Resources</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5002472">5002472</a></td> <td>SharePoint Server 2019 Core</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5002474">5002474</a></td> <td>SharePoint Server Subscription Edition</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5002494">5002494</a></td> <td>SharePoint Enterprise Server 2016</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5002501">5002501</a></td> <td>SharePoint Enterprise Server 2016</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5030216">5030216</a></td> <td>Windows Server 2022</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5030261">5030261</a></td> <td>Windows Server 2008 R2 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5030265">5030265</a></td> <td>Windows Server 2008 R2 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5030271">5030271</a></td> <td>Windows Server 2008 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5030286">5030286</a></td> <td>Windows Server 2008 (Security-only update)</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Azure Kubernetes Service Azure DevOps Server 2022.0.1 Azure HDInsight Microsoft Identity Linux Broker Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems WebP Image Extension Azure DevOps Server 2020.0.2 Azure DevOps Server 2019.1.2 Azure DevOps Server 2020.1.2 Azure DevOps Server 2019.0.1 Microsoft Visual Studio 2022 version 17.2 Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Visual Studio 2022 version 17.4 Microsoft Visual Studio 2022 version 17.7 Microsoft Visual Studio 2022 version 17.6 Visual Studio Code .NET 6.0 .NET 7.0 PowerShell 7.2 PowerShell 7.3 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft Visual Studio 2013 Update 5 Microsoft Visual Studio 2015 Update 3 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2016 Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2012 R2 Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 3.5 and 4.6.2 on Windows 10 for x64-based Systems Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 3.5 and 4.6.2 on Windows 10 for 32-bit Systems Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.5 on Windows Server 2012 Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5 on Windows Server 2012 R2 Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office Online Server Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Teams for Desktop Microsoft Teams for Mac Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019 Microsoft SharePoint Server Subscription Edition Microsoft Outlook 2016 (32-bit edition) Microsoft Outlook 2016 (64-bit edition) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Word 2013 RT Service Pack 1 Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Teams for Mac, Classic Edition Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 12 Microsoft Exchange Server 2019 Cumulative Update 13 Microsoft Edge (Chromium-based) Microsoft Dynamics 365 (on-premises) version 9.1 Microsoft Dynamics 365 (on-premises) version 9.0 Dynamics 365 for Finance and Operations 3D Builder 3D Viewer Microsoft Defender Security Intelligence Updates CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft Visual Studio 2013 Update 5 Microsoft Visual Studio 2015 Update 3 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Outlook 2016 (32-bit edition) Microsoft Outlook 2016 (64-bit edition) Windows Server 2016 Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Microsoft SharePoint Enterprise Server 2016 Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Microsoft SharePoint Server 2019 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft Office Online Server Visual Studio Code Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows Server 2012 Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 R2 Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2016 Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) Microsoft Edge (Chromium-based) Microsoft Dynamics 365 (on-premises) version 9.0 Azure DevOps Server 2019.0.1 Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation) 3D Viewer Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Dynamics 365 for Finance and Operations WebP Image Extension Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Azure Kubernetes Service Microsoft Dynamics 365 (on-premises) version 9.1 Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft SharePoint Server Subscription Edition PowerShell 7.2 Azure HDInsight .NET 6.0 Microsoft Exchange Server 2019 Cumulative Update 12 Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Visual Studio 2022 version 17.2 Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 3.5 and 4.6.2 on Windows 10 for 32-bit Systems Microsoft .NET Framework 3.5 and 4.6.2 on Windows 10 for x64-based Systems Microsoft Visual Studio 2022 version 17.4 .NET 7.0 PowerShell 7.3 CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM 3D Builder Azure DevOps Server 2020.1.2 Microsoft Defender Security Intelligence Updates Microsoft Teams for Desktop Microsoft Visual Studio 2022 version 17.6 Azure DevOps Server 2022.0.1 Microsoft Exchange Server 2019 Cumulative Update 13 Azure DevOps Server 2019.1.2 Azure DevOps Server 2020.0.2 Microsoft Teams for Mac Microsoft Visual Studio 2022 version 17.7 Microsoft Identity Linux Broker Azure Linux 3.0 x64 Azure Linux 3.0 ARM azl3 bind 9.16.44-2 on Azure Linux 3.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 cbl2 hyperv-daemons 5.15.158.1-1 on CBL Mariner 2.0 cbl2 glibc 2.35-7 on CBL Mariner 2.0 cbl2 cri-o 1.21.7-2 on CBL Mariner 2.0 cbl2 golang 1.21.6-1 on CBL Mariner 2.0 azl3 qemu 8.2.0-16 on Azure Linux 3.0 azl3 virtiofsd 1.8.0-3 on Azure Linux 3.0 azl3 tensorflow 2.16.1-9 on Azure Linux 3.0 azl3 kata-containers 3.2.0.azl1-1 on Azure Linux 3.0 azl3 cups 2.4.10-1 on Azure Linux 3.0 cbl2 hyperv-daemons 5.15.135.1-1 on CBL Mariner 2.0 azl3 grpc 1.62.0-2 on Azure Linux 3.0 cbl2 kernel 5.15.135.1-2 on CBL Mariner 2.0 azl3 tcl 8.6.13-3 on Azure Linux 3.0 cbl2 msft-golang 1.20.10-1 on CBL Mariner 2.0 cbl2 golang 1.20.10-1 on CBL Mariner 2.0 azl3 golang 1.20.10-1 on Azure Linux 3.0 cbl2 cups 2.3.3op2-7 on CBL Mariner 2.0 cbl2 qemu 6.2.0-23 on CBL Mariner 2.0 azl3 qemu 8.2.0-1 on Azure Linux 3.0 cbl2 kernel 5.15.131.1-2 on CBL Mariner 2.0 azl3 glibc 2.38-6 on Azure Linux 3.0 cbl2 libnbd 1.12.1-3 on CBL Mariner 2.0 azl3 libnbd 1.12.1-3 on Azure Linux 3.0 cbl2 libvpx 1.13.1-1 on CBL Mariner 2.0 cbl2 python-gevent 1.3.6-9 on CBL Mariner 2.0 cbl2 hyperv-daemons 5.15.133.1-1 on CBL Mariner 2.0 cbl2 glibc 2.35-6 on CBL Mariner 2.0 cbl2 gawk 5.1.1-1 on CBL Mariner 2.0 cbl2 bind 9.16.44-1 on CBL Mariner 2.0 azl3 bind 9.16.44-1 on Azure Linux 3.0 cbl2 kernel 5.15.133.1-1 on CBL Mariner 2.0 cbl2 terraform 1.3.2-19 on CBL Mariner 2.0 cbl2 pmix 4.1.3-1 on CBL Mariner 2.0 cbl2 glib 2.71.0-4 on CBL Mariner 2.0 cbl2 gcc 11.2.0-6 on CBL Mariner 2.0 azl3 gcc 13.2.0-7 on Azure Linux 3.0 cbl2 mutt 2.2.12-1 on CBL Mariner 2.0 cbl2 vim 9.0.1897-1 on CBL Mariner 2.0 cbl2 lldpd 1.0.14-3 on CBL Mariner 2.0 cbl2 libtommath 1.1.0-5 on CBL Mariner 2.0 cbl2 tcl 8.6.13-2 on CBL Mariner 2.0 azl3 libtommath 1.1.0-5 on Azure Linux 3.0 azl3 crash 8.0.4-3 on Azure Linux 3.0 azl3 kata-containers 3.2.0.azl0-2 on Azure Linux 3.0 azl3 accountsservice 23.13.9-1 on Azure Linux 3.0 azl3 mozjs 102.15.1-1 on Azure Linux 3.0 azl3 qemu 6.2.0-18 on Azure Linux 3.0 azl3 openmpi 4.1.7-2 on Azure Linux 3.0 cbl2 cri-o 1.22.3-1 on CBL Mariner 2.0 azl3 glibc 2.38-11 on Azure Linux 3.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0 azl3 rust 1.75.0-14 on Azure Linux 3.0 azl3 golang 1.23.9-1 on Azure Linux 3.0 azl3 rust 1.86.0-1 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 azl3 golang 1.24.3-1 on Azure Linux 3.0 cbl2 virtiofsd 1.8.0-3 on CBL Mariner 2.0 azl3 kata-containers 3.1.3-2 on Azure Linux 3.0 cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0 cbl2 nodejs18 18.18.2-7 on CBL Mariner 2.0 cbl2 dhcp 4.4.3.P1-2 on CBL Mariner 2.0 azl3 glibc 2.38-10 on Azure Linux 3.0 cbl2 cri-o 1.22.3-14 on CBL Mariner 2.0 cbl2 golang 1.17.13-2 on CBL Mariner 2.0 cbl2 golang 1.18.8-7 on CBL Mariner 2.0 azl3 javapackages-bootstrap 1.14.0-3 on Azure Linux 3.0 cbl2 cups 2.3.3op2-9 on CBL Mariner 2.0 azl3 golang 1.22.10-2 on Azure Linux 3.0 azl3 cups 2.3.3op2-6 on Azure Linux 3.0 azl3 snappy 1.1.10-2 on Azure Linux 3.0 azl3 kata-containers-cc 3.2.0.azl0-3 on Azure Linux 3.0 cbl2 kata-containers 3.2.0.azl0-2 on CBL Mariner 2.0 azl3 grpc 1.42.0-7 on Azure Linux 3.0 Microsoft .NET Framework 3.5 on Windows Server 2012 Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5 on Windows Server 2012 R2 Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Incorrect Verifier Branch Pruning Logic Leads To Arbitrary Read/Write In Linux Kernel and Lateral Privilege Escalation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-2163 Incorrect Calculation 18310-16823 18310-16823 Important 18310-16823 8.8 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 18310-16823 CBL-Mariner Releases 18310-16823 No Security Update 5.15.133.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18310-16823 CBL-Mariner Releases 1.0 2023-09-22T00:00:00 <p>Information published.</p> Qemu: vnc: infinite loop in inflate_buffer() leads to denial of service <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3255 Loop with Unreachable Exit Condition ('Infinite Loop') 18535-17084 18160-16823 18233-17084 18535-17084 18160-16823 18233-17084 Moderate 18535-17084 Moderate 18160-16823 Moderate 18233-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18535-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18160-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18233-17084 CBL-Mariner Releases 18535-17084 18233-17084 No Security Update 8.2.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18535-17084 18233-17084 CBL-Mariner Releases CBL-Mariner Releases 18160-16823 No Security Update 6.2.0-23 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18160-16823 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2025-04-17T00:00:00 <p>Added qemu to CBL-Mariner 2.0 Added qemu to Azure Linux 3.0</p> 1.2 2026-02-18T01:45:38 <p>Information published.</p> Triggerable assertion due to race condition in hot-unplug <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3301 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 18535-17084 18160-16823 18233-17084 18535-17084 18160-16823 18233-17084 Moderate 18535-17084 Moderate 18160-16823 Moderate 18233-17084 5.6 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H 18535-17084 5.6 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H 18160-16823 5.6 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H 18233-17084 CBL-Mariner Releases 18535-17084 18233-17084 No Security Update 8.2.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18535-17084 18233-17084 CBL-Mariner Releases CBL-Mariner Releases 18160-16823 No Security Update 6.2.0-23 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18160-16823 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2025-04-17T00:00:00 <p>Added qemu to CBL-Mariner 2.0 Added qemu to Azure Linux 3.0</p> 1.2 2026-02-18T01:46:21 <p>Information published.</p> A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner isc Yes CVE-2023-3341 Out-of-bounds Write 18308-16823 18309-17084 19750-17086 17073-17084 18308-16823 18309-17084 19750-17086 17073-17084 Important 18308-16823 Important 18309-17084 Important 19750-17086 Important 17073-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18308-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18309-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19750-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17073-17084 CBL-Mariner Releases 18308-16823 18309-17084 No Security Update 9.16.44-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18308-16823 18309-17084 CBL-Mariner Releases CBL-Mariner Releases 17073-17084 No Security Update 9.19.21-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17073-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2026-02-18T02:47:25 <p>Information published.</p> Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 allows attackers to execute arbitrary code and cause a denial of service (DoS). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-36328 Integer Overflow or Wraparound 18319-16823 18320-16823 18321-17084 18110-17084 18319-16823 18320-16823 18321-17084 18110-17084 Critical 18319-16823 Critical 18320-16823 Critical 18321-17084 Critical 18110-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18319-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18320-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18321-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18110-17084 CBL-Mariner Releases 18319-16823 18321-17084 No Security Update 1.1.0-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18319-16823 18321-17084 CBL-Mariner Releases CBL-Mariner Releases 18320-16823 No Security Update 8.6.13-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18320-16823 CBL-Mariner Releases CBL-Mariner Releases 18110-17084 No Security Update 8.6.13-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18110-17084 CBL-Mariner Releases 1.0 2023-09-05T00:00:00 <p>Information published.</p> 1.1 2023-09-06T00:00:00 <p>Added libtommath to CBL-Mariner 2.0</p> 1.2 2024-06-30T07:00:00 <p>Information published.</p> GCC's-fstack-protector fails to guard dynamically-sized local variables on AArch64 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Arm Yes CVE-2023-4039 Protection Mechanism Failure 18314-16823 18315-17084 18314-16823 18315-17084 Moderate 18314-16823 Moderate 18315-17084 4.8 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 18314-16823 4.8 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 18315-17084 CBL-Mariner Releases 18314-16823 No Security Update 11.2.0-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18314-16823 CBL-Mariner Releases CBL-Mariner Releases 18315-17084 No Security Update 13.2.0-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18315-17084 CBL-Mariner Releases 1.0 2023-09-15T00:00:00 <p>Information published.</p> 1.1 2024-07-03T00:00:00 <p>Information published.</p> An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-41419 18304-16823 18304-16823 Critical 18304-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18304-16823 CBL-Mariner Releases 18304-16823 No Security Update 1.3.6-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18304-16823 CBL-Mariner Releases 1.0 2023-10-03T00:00:00 <p>Information published.</p> An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-41910 Out-of-bounds Read 18318-16823 18318-16823 Critical 18318-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18318-16823 CBL-Mariner Releases 18318-16823 No Security Update 1.0.14-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18318-16823 CBL-Mariner Releases 1.0 2023-09-09T00:00:00 <p>Information published.</p> Use-after-free in Linux kernel's net/sched: cls_route component <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-4206 Use After Free 18282-16823 18282-16823 Important 18282-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18282-16823 CBL-Mariner Releases 18282-16823 No Security Update 5.15.131.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18282-16823 CBL-Mariner Releases 1.0 2023-09-12T00:00:00 <p>Information published.</p> Use-after-free in Linux kernel's net/sched: cls_fw component <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-4207 Use After Free 18282-16823 18282-16823 Important 18282-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18282-16823 CBL-Mariner Releases 18282-16823 No Security Update 5.15.131.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18282-16823 CBL-Mariner Releases 1.0 2023-09-12T00:00:00 <p>Information published.</p> Kernel: netfilter: potential slab-out-of-bound access due to integer underflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-42753 Out-of-bounds Write 18305-16823 17917-16823 18305-16823 17917-16823 Important 18305-16823 Important 17917-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18305-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17917-16823 CBL-Mariner Releases 18305-16823 No Security Update 5.15.133.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18305-16823 CBL-Mariner Releases CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases 1.0 2023-10-03T00:00:00 <p>Information published.</p> 1.1 2023-09-27T00:00:00 <p>Information published.</p> github.com/gomarkdown/markdown Out-of-bounds Read while parsing citations <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-42821 Out-of-bounds Read 17367-16823 19777-17086 17367-16823 19777-17086 Important 17367-16823 Important 19777-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17367-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19777-17086 CBL-Mariner Releases 17367-16823 19777-17086 No Security Update 1.21.7-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17367-16823 19777-17086 CBL-Mariner Releases 1.0 2024-04-15T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:21:00 <p>Information published.</p> VP9 in libvpx before 1.13.1 mishandles widths leading to a crash related to encoding. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-44488 Improper Handling of Exceptional Conditions 18469-17084 18303-16823 18469-17084 18303-16823 Important 18469-17084 Important 18303-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18469-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18303-16823 CBL-Mariner Releases 18303-16823 No Security Update 1.13.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18303-16823 CBL-Mariner Releases 1.0 2023-10-04T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:26:41 <p>Information published.</p> Integer Overflow or Wraparound in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2023-4734 Integer Overflow or Wraparound 18317-16823 18317-16823 Important 18317-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18317-16823 CBL-Mariner Releases 18317-16823 No Security Update 9.0.1897-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18317-16823 CBL-Mariner Releases 1.0 2023-09-04T00:00:00 <p>Information published.</p> Untrusted Search Path in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2023-4736 18317-16823 18317-16823 Important 18317-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18317-16823 CBL-Mariner Releases 18317-16823 No Security Update 9.0.1897-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18317-16823 CBL-Mariner Releases 1.0 2023-09-05T00:00:00 <p>Information published.</p> Use After Free in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2023-4752 Use After Free 18317-16823 18317-16823 Important 18317-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18317-16823 CBL-Mariner Releases 18317-16823 No Security Update 9.0.1897-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18317-16823 CBL-Mariner Releases 1.0 2023-09-09T00:00:00 <p>Information published.</p> Glibc: potential use-after-free in getaddrinfo() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-4806 Use After Free 19587-17084 18306-16823 19587-17084 18306-16823 Moderate 19587-17084 Moderate 18306-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 19587-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 18306-16823 CBL-Mariner Releases 19587-17084 No Security Update 2.38-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19587-17084 CBL-Mariner Releases CBL-Mariner Releases 18306-16823 No Security Update 2.35-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18306-16823 CBL-Mariner Releases 2.1 2026-02-18T03:10:41 <p>Information published.</p> 1.0 2023-09-25T00:00:00 <p>Information published.</p> 2.0 2025-07-11T00:00:00 <p>Added glibc to Azure Linux 3.0 Added glibc to CBL-Mariner 2.0</p> Undefined Behavior for Input to API in Mutt <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2023-4874 NULL Pointer Dereference 18316-16823 18316-16823 Moderate 18316-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18316-16823 CBL-Mariner Releases 18316-16823 No Security Update 2.2.12-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18316-16823 CBL-Mariner Releases 1.0 2023-09-14T00:00:00 <p>Information published.</p> Undefined Behavior for Input to API in Mutt <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2023-4875 NULL Pointer Dereference 18316-16823 18316-16823 Moderate 18316-16823 5.7 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H 18316-16823 CBL-Mariner Releases 18316-16823 No Security Update 2.2.12-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18316-16823 CBL-Mariner Releases 1.0 2023-09-14T00:00:00 <p>Information published.</p> Glibc: dos due to memory leak in getaddrinfo.c <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-5156 Missing Release of Memory after Effective Lifetime 19758-17084 18306-16823 18299-17084 19758-17084 18306-16823 18299-17084 Important 19758-17084 Important 18306-16823 Important 18299-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19758-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18306-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18299-17084 CBL-Mariner Releases 19758-17084 18299-17084 No Security Update 2.38-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19758-17084 18299-17084 CBL-Mariner Releases CBL-Mariner Releases 18306-16823 No Security Update 2.35-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18306-16823 CBL-Mariner Releases 1.0 2023-09-27T00:00:00 <p>Information published.</p> 1.1 2024-07-03T00:00:00 <p>Information published.</p> 1.2 2026-02-18T03:10:18 <p>Information published.</p> Libnbd: crash or misbehaviour when nbd server returns an unexpected block size <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-5215 Unchecked Return Value 18301-16823 18302-17084 18301-16823 18302-17084 Moderate 18301-16823 Moderate 18302-17084 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18301-16823 5.3 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 18302-17084 CBL-Mariner Releases 18301-16823 18302-17084 No Security Update 1.12.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18301-16823 18302-17084 CBL-Mariner Releases 1.0 2023-10-06T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> Improper handling of HTML-like comments in script contexts in html/template <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2023-39318 Improper Neutralization of Input During Web Page Generation (&#39;Cross-site Scripting&#39;) 19778-17086 19668-17086 19693-17084 17667-17084 19697-17084 17375-16823 18142-16823 18143-16823 18144-17084 18315-17084 19679-17084 19785-17086 19712-17086 19990-17084 19778-17086 19668-17086 19693-17084 17667-17084 19697-17084 17375-16823 18142-16823 18143-16823 18144-17084 18315-17084 19679-17084 19785-17086 19712-17086 19990-17084 Moderate 19778-17086 Moderate 19668-17086 Moderate 19693-17084 Moderate 17667-17084 Moderate 19697-17084 Moderate 17375-16823 Moderate 18142-16823 Moderate 18143-16823 Moderate 18144-17084 Moderate 18315-17084 Moderate 19679-17084 Moderate 19785-17086 Moderate 19712-17086 Moderate 19990-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19778-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19668-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19693-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 17667-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19697-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 17375-16823 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 18142-16823 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 18143-16823 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 18144-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 18315-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19679-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19785-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19712-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19990-17084 CBL-Mariner Releases 19778-17086 19785-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19778-17086 19785-17086 CBL-Mariner Releases CBL-Mariner Releases 17375-16823 No Security Update 1.21.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17375-16823 CBL-Mariner Releases CBL-Mariner Releases 18142-16823 18143-16823 18144-17084 No Security Update 1.20.10-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18142-16823 18143-16823 18144-17084 CBL-Mariner Releases 1.0 2025-09-03T23:18:21 <p>Information published.</p> 1.1 2026-02-18T02:30:29 <p>Information published.</p> Improper handling of special tags within script contexts in html/template <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2023-39319 Improper Neutralization of Input During Web Page Generation (&#39;Cross-site Scripting&#39;) 18315-17084 19778-17086 19668-17086 19712-17086 17667-17084 19679-17084 19697-17084 17375-16823 18142-16823 18143-16823 18144-17084 19990-17084 19785-17086 19693-17084 18315-17084 19778-17086 19668-17086 19712-17086 17667-17084 19679-17084 19697-17084 17375-16823 18142-16823 18143-16823 18144-17084 19990-17084 19785-17086 19693-17084 Moderate 18315-17084 Moderate 19778-17086 Moderate 19668-17086 Moderate 19712-17086 Moderate 17667-17084 Moderate 19679-17084 Moderate 19697-17084 Moderate 17375-16823 Moderate 18142-16823 Moderate 18143-16823 Moderate 18144-17084 Moderate 19990-17084 Moderate 19785-17086 Moderate 19693-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 18315-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19778-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19668-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19712-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 17667-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19679-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19697-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 17375-16823 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 18142-16823 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 18143-16823 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 18144-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19990-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19785-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19693-17084 CBL-Mariner Releases 19778-17086 19785-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19778-17086 19785-17086 CBL-Mariner Releases CBL-Mariner Releases 17375-16823 No Security Update 1.21.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17375-16823 CBL-Mariner Releases CBL-Mariner Releases 18142-16823 18143-16823 18144-17084 No Security Update 1.20.10-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18142-16823 18143-16823 18144-17084 CBL-Mariner Releases 1.0 2025-09-04T01:51:46 <p>Information published.</p> 1.1 2026-02-18T02:54:40 <p>Information published.</p> Gvariant deserialisation does not match spec for non-normal data <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-32665 Uncontrolled Resource Consumption 18313-16823 18313-16823 Moderate 18313-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18313-16823 CBL-Mariner Releases 18313-16823 No Security Update 2.71.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18313-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:31 <p>Information published.</p> Cri-o: /etc/passwd tampering privesc <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-4318 Insertion of Sensitive Information into Externally-Accessible File or Directory 19511-16823 19777-17086 19511-16823 19777-17086 Important 19511-16823 Important 19777-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19511-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19777-17086 CBL-Mariner Releases 19511-16823 19777-17086 No Security Update 1.22.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19511-16823 19777-17086 CBL-Mariner Releases 1.0 2025-09-03T19:54:46 <p>Information published.</p> 1.1 2026-02-18T02:25:06 <p>Information published.</p> Gvariant offset table entry size is not checked in is_normal() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-29499 Uncontrolled Resource Consumption 18313-16823 18313-16823 Moderate 18313-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18313-16823 CBL-Mariner Releases 18313-16823 No Security Update 2.71.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18313-16823 CBL-Mariner Releases 1.0 2025-02-25T00:00:00 <p>Information published.</p> Field `file_table` of `struct module *module` is uninitialized <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-25585 Use of Uninitialized Variable 18344-17084 18344-17084 Moderate 18344-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H 18344-17084 CBL-Mariner Releases 18344-17084 No Security Update 8.0.4-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18344-17084 CBL-Mariner Releases 1.0 2025-04-23T00:00:00 <p>Information published.</p> 2.0 2025-04-26T00:00:00 <p>Information published.</p> 2.1 2026-02-18T01:29:28 <p>Information published.</p> Glibc: stack read overflow in getaddrinfo in no-aaaa mode https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-4527 Stack-based Buffer Overflow 12356 12357 19587-17084 12356 12357 19587-17084 12356 12357 Moderate 19587-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H 12356 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H 12357 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H 19587-17084 glibc 12356 glibc-2.38-11.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-devel-2.38-11.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-static-2.38-11.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-lang-2.38-11.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-i18n-2.38-11.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-iconv-2.38-11.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-tools-2.38-11.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-nscd-2.38-11.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-locales-all-2.38-11.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-debuginfo-2.38-11.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.38-11 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 12356 glibc glibc 12357 glibc-2.38-11.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-devel-2.38-11.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-static-2.38-11.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-lang-2.38-11.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-i18n-2.38-11.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-iconv-2.38-11.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-tools-2.38-11.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-nscd-2.38-11.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-locales-all-2.38-11.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-debuginfo-2.38-11.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.38-11 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 12357 glibc CBL-Mariner Releases 19587-17084 No Security Update 2.38-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19587-17084 CBL-Mariner Releases 1.1 2026-02-18T03:09:55 <p>Information published.</p> 1.0 2025-07-11T00:00:00 <p>Information published.</p> An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-44270 Improper Neutralization of Special Elements in Output Used by a Downstream Component (&#39;Injection&#39;) 19693-17084 19693-17084 Moderate 19693-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 19693-17084 1.1 2026-02-18T02:58:25 <p>Information published.</p> 1.0 2025-09-03T21:32:23 <p>Information published.</p> When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2023-4583 18469-17084 18469-17084 18469-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 18469-17084 1.0 2025-09-03T21:50:30 <p>Information published.</p> Unsafe deserialization in knplabs/knp-snappy <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-41330 Deserialization of Untrusted Data 20117-17084 20117-17084 Critical 20117-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20117-17084 1.0 2025-09-03T21:56:48 <p>Information published.</p> 1.1 2026-02-18T02:04:55 <p>Information published.</p> Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2023-5176 Out-of-bounds Write 18469-17084 18469-17084 18469-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18469-17084 1.0 2025-09-04T00:11:43 <p>Information published.</p> Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2023-4580 Missing Encryption of Sensitive Data 18469-17084 18469-17084 Moderate 18469-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 18469-17084 1.1 2026-02-18T02:45:22 <p>Information published.</p> 1.0 2025-09-04T00:36:18 <p>Information published.</p> Apache Commons Compress: Denial of service via CPU consumption for malformed TAR file <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2023-42503 Improper Input Validation 19822-17084 19822-17084 Moderate 19822-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19822-17084 1.0 2025-09-04T01:07:36 <p>Information published.</p> <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner support@hackerone.com Yes CVE-2023-32002 - M 1.0 2023-08-22T00:00:00 <p>Information published.</p> Use-after-free in Linux kernel's netfilter: nf_tables component <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-4015 Use After Free 18282-16823 18282-16823 Important 18282-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18282-16823 CBL-Mariner Releases 18282-16823 No Security Update 5.15.131.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18282-16823 CBL-Mariner Releases 1.0 2023-09-12T00:00:00 <p>Information published.</p> Default functions in VolatileMemory trait lack bounds checks in vm-memory <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-41051 Out-of-bounds Read 19706-17084 17649-17084 19703-17086 19706-17084 17649-17084 19703-17086 19706-17084 17649-17084 19703-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H 19706-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H 17649-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H 19703-17086 CBL-Mariner Releases 19706-17084 No Security Update 3.2.0.azl0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19706-17084 CBL-Mariner Releases 1.0 2023-09-05T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> Sev-es / sev-snp vmgexit double fetch vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-4155 Time-of-check Time-of-use (TOCTOU) Race Condition 17327-16823 17327-16823 Moderate 17327-16823 5.6 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H 17327-16823 CBL-Mariner Releases 17327-16823 No Security Update 5.15.158.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17327-16823 CBL-Mariner Releases 1.0 2023-09-19T00:00:00 <p>Information published.</p> Heap out of bound read in builtin.c <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-4156 Out-of-bounds Read 18307-16823 18307-16823 Important 18307-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 18307-16823 CBL-Mariner Releases 18307-16823 No Security Update 5.1.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18307-16823 CBL-Mariner Releases 1.0 2023-09-27T00:00:00 <p>Information published.</p> OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-41915 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 18838-17084 18312-16823 18838-17084 18312-16823 Important 18838-17084 Important 18312-16823 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 18838-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 18312-16823 CBL-Mariner Releases 18312-16823 No Security Update 4.1.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18312-16823 CBL-Mariner Releases 1.1 2026-02-18T01:17:57 <p>Information published.</p> 1.0 2023-09-19T00:00:00 <p>Information published.</p> Use-after-free in Linux kernel's net/sched: cls_u32 component <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-4208 Use After Free 18282-16823 18282-16823 Important 18282-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18282-16823 CBL-Mariner Releases 18282-16823 No Security Update 5.15.131.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18282-16823 CBL-Mariner Releases 1.0 2023-09-12T00:00:00 <p>Information published.</p> Use-after-free in Linux kernel's netfilter: nf_tables component <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-4244 Use After Free 17917-16823 17917-16823 Important 17917-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17917-16823 CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases 1.0 2023-09-12T00:00:00 <p>Information published.</p> QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-42467 Divide By Zero 18535-17084 18233-17084 18535-17084 18233-17084 Moderate 18535-17084 Moderate 18233-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18535-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18233-17084 CBL-Mariner Releases 18535-17084 18233-17084 No Security Update 8.2.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18535-17084 18233-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:47:44 <p>Information published.</p> Kernel: netfilter: race condition between ipset_cmd_add and ipset_cmd_swap <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-42756 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 17917-16823 17917-16823 Moderate 17917-16823 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17917-16823 CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases 1.0 2023-10-03T00:00:00 <p>Information published.</p> An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-44466 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 17917-16823 17917-16823 Important 17917-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17917-16823 CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases 1.0 2023-10-03T00:00:00 <p>Information published.</p> OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner AHA Yes CVE-2023-4504 Out-of-bounds Write 20071-17084 18159-16823 17722-17084 19950-17086 20071-17084 18159-16823 17722-17084 19950-17086 Important 20071-17084 Important 18159-16823 Important 17722-17084 Important 19950-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 20071-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 18159-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 17722-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 19950-17086 CBL-Mariner Releases 20071-17084 17722-17084 No Security Update 2.4.10-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20071-17084 17722-17084 CBL-Mariner Releases CBL-Mariner Releases 18159-16823 19950-17086 No Security Update 2.3.3op2-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18159-16823 19950-17086 CBL-Mariner Releases 2.2 2026-02-18T01:56:09 <p>Information published.</p> 1.0 2024-04-01T00:00:00 <p>Information published.</p> 1.1 2024-08-29T00:00:00 <p>Information published.</p> 1.2 2024-08-30T00:00:00 <p>Information published.</p> 1.3 2024-08-31T00:00:00 <p>Information published.</p> 1.4 2024-09-01T00:00:00 <p>Information published.</p> 1.5 2024-09-02T00:00:00 <p>Information published.</p> 1.6 2024-09-03T00:00:00 <p>Information published.</p> 1.7 2024-09-05T00:00:00 <p>Information published.</p> 1.8 2024-09-06T00:00:00 <p>Information published.</p> 1.9 2024-09-07T00:00:00 <p>Information published.</p> 2.0 2024-09-08T00:00:00 <p>Information published.</p> 2.1 2024-09-11T00:00:00 <p>Information published.</p> Use-after-free in Linux kernel's af_unix component <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-4622 Use After Free 17834-16823 18282-16823 17834-16823 18282-16823 Important 17834-16823 Important 18282-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17834-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 18282-16823 CBL-Mariner Releases 17834-16823 No Security Update 5.15.135.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17834-16823 CBL-Mariner Releases CBL-Mariner Releases 18282-16823 No Security Update 5.15.131.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18282-16823 CBL-Mariner Releases 1.0 2023-09-12T00:00:00 <p>Information published.</p> 1.1 2023-10-24T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0</p> Use-after-free in Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-4623 Use After Free 17917-16823 17917-16823 Important 17917-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17917-16823 CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases 1.0 2023-10-29T00:00:00 <p>Information published.</p> Use After Free in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2023-4733 Use After Free 18317-16823 18317-16823 Important 18317-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18317-16823 CBL-Mariner Releases 18317-16823 No Security Update 9.0.1897-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18317-16823 CBL-Mariner Releases 1.0 2023-09-09T00:00:00 <p>Information published.</p> Out-of-bounds Write in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2023-4735 18317-16823 18317-16823 Important 18317-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18317-16823 CBL-Mariner Releases 18317-16823 No Security Update 9.0.1897-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18317-16823 CBL-Mariner Releases 1.0 2023-09-05T00:00:00 <p>Information published.</p> Heap-based Buffer Overflow in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2023-4738 Out-of-bounds Write 18317-16823 18317-16823 Important 18317-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18317-16823 CBL-Mariner Releases 18317-16823 No Security Update 9.0.1897-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18317-16823 CBL-Mariner Releases 1.0 2023-09-09T00:00:00 <p>Information published.</p> Use After Free in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2023-4750 Use After Free 18317-16823 18317-16823 Important 18317-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18317-16823 CBL-Mariner Releases 18317-16823 No Security Update 9.0.1897-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18317-16823 CBL-Mariner Releases 1.0 2023-09-09T00:00:00 <p>Information published.</p> Heap-based Buffer Overflow in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2023-4781 Heap-based Buffer Overflow 18317-16823 18317-16823 Important 18317-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18317-16823 CBL-Mariner Releases 18317-16823 No Security Update 9.0.1897-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18317-16823 CBL-Mariner Releases 1.0 2023-09-09T00:00:00 <p>Information published.</p> Terraform Allows Arbitrary File Write During Init Operation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner HashiCorp Yes CVE-2023-4782 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 18311-16823 18311-16823 Important 18311-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18311-16823 CBL-Mariner Releases 18311-16823 No Security Update 1.3.2-19 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18311-16823 CBL-Mariner Releases 1.0 2024-10-17T00:00:00 <p>Information published.</p> Denial of Service in gRPC Core <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-4785 Uncaught Exception 20279-17084 17871-17084 20279-17084 17871-17084 Important 20279-17084 Important 17871-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20279-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17871-17084 CBL-Mariner Releases 20279-17084 17871-17084 No Security Update 1.62.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20279-17084 17871-17084 CBL-Mariner Releases 1.1 2026-02-18T03:13:21 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> POLY1305 MAC implementation corrupts XMM registers on Windows <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openssl Yes CVE-2023-4807 Expected Behavior Violation 19748-17086 19662-17086 19686-17084 17093-17086 17716-17084 20273-17084 19671-17084 20276-17086 18370-17084 17459-17084 19748-17086 19662-17086 19686-17084 17093-17086 17716-17084 20273-17084 19671-17084 20276-17086 18370-17084 17459-17084 Important 19748-17086 19662-17086 Important 19686-17084 Important 17093-17086 Important 17716-17084 Important 20273-17084 Important 19671-17084 Important 20276-17086 Important 18370-17084 Important 17459-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19748-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19662-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19686-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17093-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17716-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20273-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19671-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20276-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18370-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17459-17084 CBL-Mariner Releases 19748-17086 No Security Update 18.20.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19748-17086 CBL-Mariner Releases CBL-Mariner Releases 17716-17084 20273-17084 20276-17086 18370-17084 No Security Update 3.2.0.azl1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17716-17084 20273-17084 20276-17086 18370-17084 CBL-Mariner Releases 2.0 2026-02-18T03:12:14 <p>Information published.</p> 1.0 2024-01-21T00:00:00 <p>Information published.</p> 1.1 2023-10-11T00:00:00 <p>Information published.</p> 1.2 2024-03-07T00:00:00 <p>Added kata-containers to CBL-Mariner 2.0</p> 1.3 2024-04-06T00:00:00 <p>Added hvloader to CBL-Mariner 2.0</p> 1.4 2024-06-30T07:00:00 <p>Information published.</p> Use-after-free in Linux kernel's net/sched: sch_qfq component <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-4921 Use After Free 18310-16823 18310-16823 Important 18310-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18310-16823 CBL-Mariner Releases 18310-16823 No Security Update 5.15.133.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18310-16823 CBL-Mariner Releases 1.0 2023-09-15T00:00:00 <p>Information published.</p> Use-after-free in Linux kernel's netfilter: nf_tables component <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-5197 Use After Free 17917-16823 17917-16823 Moderate 17917-16823 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 17917-16823 CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases 1.0 2023-10-03T00:00:00 <p>Information published.</p> Glibc: potential use-after-free in gaih_inet() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-4813 Use After Free 17348-16823 17348-16823 Moderate 17348-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17348-16823 CBL-Mariner Releases 17348-16823 No Security Update 2.35-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17348-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:33 <p>Information published.</p> G_variant_byteswap() can take a long time with some non-normal inputs <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-32611 Uncontrolled Resource Consumption 18313-16823 18313-16823 Moderate 18313-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18313-16823 CBL-Mariner Releases 18313-16823 No Security Update 2.71.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18313-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:31 <p>Information published.</p> A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-32636 Uncontrolled Resource Consumption 18313-16823 18313-16823 Important 18313-16823 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 18313-16823 CBL-Mariner Releases 18313-16823 No Security Update 2.71.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18313-16823 CBL-Mariner Releases 1.0 2025-02-25T00:00:00 <p>Information published.</p> A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-32643 Heap-based Buffer Overflow 18313-16823 18313-16823 Important 18313-16823 5.3 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 18313-16823 CBL-Mariner Releases 18313-16823 No Security Update 2.71.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18313-16823 CBL-Mariner Releases 1.0 2025-02-25T00:00:00 <p>Information published.</p> In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner canonical Yes CVE-2023-3297 18412-17084 18412-17084 Important 18412-17084 8.1 8.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 18412-17084 CBL-Mariner Releases 18412-17084 No Security Update 23.13.9-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18412-17084 CBL-Mariner Releases 1.0 2025-02-11T00:00:00 <p>Information published.</p> Out of bounds read in parse_module function in bfd/vms-alpha.c <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-25584 Out-of-bounds Read 18344-17084 18344-17084 Important 18344-17084 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H 18344-17084 CBL-Mariner Releases 18344-17084 No Security Update 8.0.4-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18344-17084 CBL-Mariner Releases 1.0 2025-04-23T00:00:00 <p>Information published.</p> 2.1 2026-02-18T01:32:55 <p>Information published.</p> 2.0 2025-04-26T00:00:00 <p>Information published.</p> Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab` <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-25588 Use of Uninitialized Variable 18344-17084 18344-17084 Moderate 18344-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H 18344-17084 CBL-Mariner Releases 18344-17084 No Security Update 8.0.4-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18344-17084 CBL-Mariner Releases 1.0 2025-04-23T00:00:00 <p>Information published.</p> 2.1 2026-02-18T01:32:14 <p>Information published.</p> 2.0 2025-04-26T00:00:00 <p>Information published.</p> Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain Cluster Administrator privileges.</p> <p><strong>How do I protect my resources against this vulnerability?</strong></p> <p>Customers must update or upgrade their Azure Kuberenetes Service resource deployments using the following guidance:</p> <ul> <li><a href="https://learn.microsoft.com/en-us/azure/aks/node-image-upgrade">Upgrade your AKS node image</a> to receive the fix without altering your Kubernetes version.</li> <li><a href="https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster?tabs=azure-cli#upgrade-an-aks-cluster">Upgrade your AKS cluster</a> to a newer version which will also bring your node image to the latest version.</li> </ul> <p><strong>What additional actions can customers take to help ensure their resources are secure?</strong></p> <p>We highly encourage customers to enable automatic node image upgrades for their Azure Kubernetes Resources to get the latest security releases in the future.</p> <p>General Availability Customers:</p> <ul> <li><a href="https://learn.microsoft.com/en-us/azure/aks/auto-upgrade-cluster#use-cluster-auto-upgrade">Automatically upgrade an Azure Kubernetes Service (AKS) cluster - Azure Kubernetes Service | Microsoft Learn</a></li> <li>CLI command: az aks update --resource-group [myResourceGroup] --name [myAKSCluster] --auto-upgrade-channel node-image</li> </ul> <p>Or</p> <p>Preview Customers:</p> <ul> <li><a href="http://https://learn.microsoft.com/en-us/azure/aks/auto-upgrade-node-image">Automatically upgrade Azure Kubernetes Service (AKS) cluster node operating system images - Azure Kubernetes Service | Microsoft Learn</a>:</li> <li>CLI command: az aks update --resource-group [myResourceGroup] --name [myAKSCluster] --node-os-upgrade-channel NodeImage</li> </ul> <p><strong>According to the CVSS metric, attack complexity is high (AC:H) but integrity is none (I:N) and availability is none (A:N). What does that mean for this vulnerability?</strong></p> <p>The Confidentiality is set to High because an attacker who successfully exploits this vulnerability could access tokens beyond a user’s typical privilege.</p> <p>The exploit results in token disclosure, however it does not affect the Integrity and Availability of the system. Thus, both of these are set as None.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability?</strong></p> <p>The attack vector is set to Network because this vulnerability is remotely exploitable and can be exploited from the internet.</p> <p>The attack complexity is set to Low because an attacker does not require significant prior knowledge of the cluster/system and can achieve repeatable success when attempting to exploit this vulnerability.</p> <p><strong>How do I determine if my resources are susceptible to this vulnerability?</strong></p> <p>Azure Kubernetes Service resources using the following image versions are protected against this vulnerability.</p> <ul> <li><p>AKS resources with Ubuntu OS - Image 202308.01 or above</p> </li> <li><p>AKS resources with Windows OS - Image 20348.1906 or above</p> </li> </ul> <p>To determine if any of your resources are susceptible to this CVE, navigate to your cluster's overview page in the Azure Portal, and select <strong>Diagnose and Solve Problems</strong>. Navigate to <strong>Identity and Security</strong> and select <strong>TLS Bootstrap Token CVE</strong> to identify the susceptible agent pools in your AKS cluster.</p> <p><strong>Note:</strong> Agent pools created or upgraded in the last 48 hours are protected; however, this might not immediately reflect in <strong>Diagnose and Solve Problems</strong>. Please allow up to 48 hours for the results to be updated.</p> Microsoft Azure Kubernetes Service Microsoft Yes CVE-2023-29332 Use of Insufficiently Random Values 11870 Elevation of Privilege 11870 Critical 11870 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11870 Release Notes https://learn.microsoft.com/en-us/azure/aks/node-image-upgrade 11870 Maybe Security Update VHD 202308 https://github.com/Azure/AKS/releases 11870 Release Notes Stav Nir 1.0 2023-09-12T07:00:00 <p>Information published.</p> 1.1 2023-09-13T07:00:00 <p>Added FAQ information. This is an informational change only.</p> 1.2 2023-09-13T07:00:00 <p>Corrected one or more links in the FAQ. This is an informational change only.</p> 1.3 2023-09-14T07:00:00 <p>Added FAQ information. This is an informational change only.</p> Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Cloud Files Mini Filter Driver Microsoft Yes CVE-2023-35355 Stack-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5030214 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030214 5029247 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4851 https://support.microsoft.com/help/5030214 11568 11569 11570 11571 11572 5030214 5030216 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030216 5029250 11923 11924 Yes Security Update 10.0.20348.1970 https://support.microsoft.com/help/5030216 11923 11924 5030216 5030216 https://support.microsoft.com/help/5030216 11923 11924 5030325 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030325 11923 11924 Yes AzureHotpatch 10.0.20348.1964 https://support.microsoft.com/help/5030325 11923 11924 5030325 5030217 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030217 5029253 11926 11927 Yes Security Update 10.0.22000.2416 https://support.microsoft.com/help/5030217 11926 11927 5030217 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 11929 11930 11931 Yes Security Update 10.0.19044.3448 https://support.microsoft.com/help/5030211 11929 11930 11931 5030211 5030219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030219 5029263 12085 12086 Yes Security Update 10.0.22621.2283 https://support.microsoft.com/help/5030219 12085 12086 5030219 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 12097 12098 12099 Yes Security Update 10.0.19045.3448 https://support.microsoft.com/help/5030211 12097 12098 12099 5030211 Anonymous 1.0 2023-09-12T07:00:00 <p>Information published.</p> Azure DevOps Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N), attack complexity is low (AC:L), and privilege required is low (PR:L). What is the target used in the context of the remote code execution?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to have Queue Build permissions on an Azure DevOps pipeline that has an overridable variable. An attacker with these permissions could perform remote code execution (RCE) by performing a malicious input injection via a runtime parameter that could be used in place of the overridable variable.</p> Azure DevOps Microsoft Yes CVE-2023-33136 Improper Neutralization of Special Elements used in a Command ('Command Injection') 12212 12211 12143 12189 11675 Remote Code Execution 12212 Remote Code Execution 12211 Remote Code Execution 12143 Remote Code Execution 12189 Remote Code Execution 11675 Important 12212 Important 12211 Important 12143 Important 12189 Important 11675 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C 12212 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C 12211 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C 12143 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C 12189 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C 11675 Release Notes 12212 Maybe Security Update 20230820.2 https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2020?view=azure-devops 12212 Release Notes Release Notes 12211 Maybe Security Update 20230825.1 https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2019u1?view=azure-devops 12211 Release Notes Release Notes 12143 Maybe Security Update 20230823.1 https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2020u1?view=azure-devops 12143 Release Notes Release Notes 12189 Maybe Security Update 20230825.4 https://learn.microsoft.com/azure/devops/server/release-notes/azuredevops2022?view=azure-devops 12189 Release Notes Release Notes 11675 Maybe Security Update 20230601.3 https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2019?view=azure-devops 11675 Release Notes Estevam Arantes, <a href="https://www.microsoft.com/">Microsoft</a> Yogeesh Seralathan, <a href="https://www.microsoft.com/">Microsoft</a> Michael Van Leeuwen, <a href="https://www.microsoft.com/">Microsoft</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> DHCP Server Service Denial of Service Vulnerability Windows DHCP Server Microsoft Yes CVE-2023-38162 Integer Underflow (Wrap or Wraparound) 11571 11572 11923 11924 10816 10855 10378 10379 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 10816 Denial of Service 10855 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5030214 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030214 5029247 11571 11572 Yes Security Update 10.0.17763.4851 https://support.microsoft.com/help/5030214 11571 11572 5030214 5030216 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030216 5029250 11923 11924 Yes Security Update 10.0.20348.1970 https://support.microsoft.com/help/5030216 11923 11924 5030216 5030216 https://support.microsoft.com/help/5030216 11923 11924 5030325 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030325 11923 11924 Yes AzureHotpatch 10.0.20348.1964 https://support.microsoft.com/help/5030325 11923 11924 5030325 5030213 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030213 5029242 10816 10855 Yes Security Update 10.0.14393.6252 https://support.microsoft.com/help/5030213 10816 10855 5030213 5030278 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030278 5029295 10378 10379 Yes Monthly Rollup 6.2.9200.24462 https://support.microsoft.com/help/5030278 10378 10379 5030278 5030279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030279 10378 10379 Yes Security Only 6.2.9200.24462 https://support.microsoft.com/help/5030279 10378 10379 5030279 5030269 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030269 5029312 10483 10543 Yes Monthly Rollup 6.3.9600.21563 https://support.microsoft.com/help/5030269 10483 10543 5030269 5030287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030287 10483 10543 Yes Security Only 6.3.9600.21563 https://support.microsoft.com/help/5030287 10483 10543 5030287 <p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx#Mitigation">mitigating factors</a> might be helpful in your situation:</p> <p>Customers who have not configured their DHCP server as a failover are not affected by this vulnerability.</p> LIU An, WANG Zimeng State Grid Information & Telecommunication Co.,Ltd. 1.0 2023-09-12T07:00:00 <p>Information published.</p> Windows GDI Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows GDI Microsoft Yes CVE-2023-38161 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5030214 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030214 5029247 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4851 https://support.microsoft.com/help/5030214 11568 11569 11570 11571 11572 5030214 5030216 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030216 5029250 11923 11924 Yes Security Update 10.0.20348.1970 https://support.microsoft.com/help/5030216 11923 11924 5030216 5030216 https://support.microsoft.com/help/5030216 11923 11924 5030325 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030325 11923 11924 Yes AzureHotpatch 10.0.20348.1964 https://support.microsoft.com/help/5030325 11923 11924 5030325 5030217 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030217 5029253 11926 11927 Yes Security Update 10.0.22000.2416 https://support.microsoft.com/help/5030217 11926 11927 5030217 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 11929 11930 11931 Yes Security Update 10.0.19044.3448 https://support.microsoft.com/help/5030211 11929 11930 11931 5030211 5030219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030219 5029263 12085 12086 Yes Security Update 10.0.22621.2283 https://support.microsoft.com/help/5030219 12085 12086 5030219 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 12097 12098 12099 Yes Security Update 10.0.19045.3448 https://support.microsoft.com/help/5030211 12097 12098 12099 5030211 5030220 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030220 5029259 10729 10735 Yes Security Update 10.0.10240.20162 https://support.microsoft.com/help/5030220 10729 10735 5030220 5030213 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030213 5029242 10852 10853 10816 10855 Yes Security Update 10.0.14393.6252 https://support.microsoft.com/help/5030213 10852 10853 10816 10855 5030213 5030271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030271 5029318 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22264 https://support.microsoft.com/help/5030271 9312 10287 9318 9344 5030271 5030271 https://support.microsoft.com/help/5030271 9312 10287 9318 9344 5030286 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030286 9312 10287 Yes Security Only 6.0.6003.22264 https://support.microsoft.com/help/5030286 9312 10287 5030286 5030286 https://support.microsoft.com/help/5030286 9312 10287 9318 9344 5030286 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030286 9318 9344 Yes Security Only 6.0.6003.22262 https://support.microsoft.com/help/5030286 9318 9344 5030286 5030265 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030265 5029296 10051 10049 Yes Monthly Rollup 6.1.7601.26713 https://support.microsoft.com/help/5030265 10051 10049 5030265 5030265 https://support.microsoft.com/help/5030265 10051 10049 5030261 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030261 10051 10049 Yes Security Only 6.1.7601.26713 https://support.microsoft.com/help/5030261 10051 10049 5030261 5030261 https://support.microsoft.com/help/5030261 10051 10049 5030278 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030278 5029295 10378 10379 Yes Monthly Rollup 6.2.9200.24462 https://support.microsoft.com/help/5030278 10378 10379 5030278 5030279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030279 10378 10379 Yes Security Only 6.2.9200.24462 https://support.microsoft.com/help/5030279 10378 10379 5030279 5030269 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030269 5029312 10483 10543 Yes Monthly Rollup 6.3.9600.21563 https://support.microsoft.com/help/5030269 10483 10543 5030269 5030287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030287 10483 10543 Yes Security Only 6.3.9600.21563 https://support.microsoft.com/help/5030287 10483 10543 5030287 Marcin Wiazowski working with <a href=https://www.zerodayinitiative.com/>Trend Micro Zero Day Initiative</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with access to the target HDI cluster could send a specially crafted network request to create and assign themselves as a Cluster Administrator. Cluster Administrators can read/write/delete and perform all resource service management operations.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain cluster administrator privileges.</p> Azure HDInsights Microsoft Yes CVE-2023-38156 Improper Input Validation 11987 Elevation of Privilege 11987 Important 11987 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11987 Release Notes https://learn.microsoft.com/en-us/azure/hdinsight/hdinsight-upgrade-cluster 11987 Yes Security Update 2308221128 https://learn.microsoft.com/en-us/azure/hdinsight/hdinsight-release-notes 11987 Release Notes Lidor B. with Orca Security 1.0 2023-09-12T07:00:00 <p>Information published.</p> 1.1 2023-09-13T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> 1.2 2023-11-30T08:00:00 <p>Updated CVE title. This is an informational change only.</p> DHCP Server Service Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> Windows DHCP Server Microsoft Yes CVE-2023-38152 Buffer Over-read 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11571 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11572 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11923 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11924 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10816 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10855 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9312 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10287 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9318 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9344 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10051 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10049 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10378 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10379 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10483 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10543 5030214 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030214 5029247 11571 11572 Yes Security Update 10.0.17763.4851 https://support.microsoft.com/help/5030214 11571 11572 5030214 5030216 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030216 5029250 11923 11924 Yes Security Update 10.0.20348.1970 https://support.microsoft.com/help/5030216 11923 11924 5030216 5030216 https://support.microsoft.com/help/5030216 11923 11924 5030325 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030325 11923 11924 Yes AzureHotpatch 10.0.20348.1964 https://support.microsoft.com/help/5030325 11923 11924 5030325 5030213 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030213 5029242 10816 10855 Yes Security Update 10.0.14393.6252 https://support.microsoft.com/help/5030213 10816 10855 5030213 5030271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030271 5029318 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22264 https://support.microsoft.com/help/5030271 9312 10287 9318 9344 5030271 5030271 https://support.microsoft.com/help/5030271 9312 10287 9318 9344 5030286 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030286 9312 10287 Yes Security Only 6.0.6003.22264 https://support.microsoft.com/help/5030286 9312 10287 5030286 5030286 https://support.microsoft.com/help/5030286 9312 10287 9318 9344 5030286 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030286 9318 9344 Yes Security Only 6.0.6003.22262 https://support.microsoft.com/help/5030286 9318 9344 5030286 5030265 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030265 5029296 10051 10049 Yes Monthly Rollup 6.1.7601.26713 https://support.microsoft.com/help/5030265 10051 10049 5030265 5030265 https://support.microsoft.com/help/5030265 10051 10049 5030261 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030261 10051 10049 Yes Security Only 6.1.7601.26713 https://support.microsoft.com/help/5030261 10051 10049 5030261 5030261 https://support.microsoft.com/help/5030261 10051 10049 5030278 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030278 5029295 10378 10379 Yes Monthly Rollup 6.2.9200.24462 https://support.microsoft.com/help/5030278 10378 10379 5030278 5030279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030279 10378 10379 Yes Security Only 6.2.9200.24462 https://support.microsoft.com/help/5030279 10378 10379 5030279 5030269 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030269 5029312 10483 10543 Yes Monthly Rollup 6.3.9600.21563 https://support.microsoft.com/help/5030269 10483 10543 5030269 5030287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030287 10483 10543 Yes Security Only 6.3.9600.21563 https://support.microsoft.com/help/5030287 10483 10543 5030287 <p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx#Mitigation">mitigating factors</a> might be helpful in your situation:</p> <p>Customers who have not installed the DHCP Server Role to their server are not affected by this vulnerability.</p> YanZiShuang@BigCJTeam of cyberkl 1.0 2023-09-12T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2023-38150 Integer Overflow or Wraparound 11926 11927 12085 12086 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 12085 Elevation of Privilege 12086 Important 11926 Important 11927 Important 12085 Important 12086 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11926 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11927 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12085 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12086 5030217 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030217 5029253 11926 11927 Yes Security Update 10.0.22000.2416 https://support.microsoft.com/help/5030217 11926 11927 5030217 5030219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030219 5029263 12085 12086 Yes Security Update 10.0.22621.2283 https://support.microsoft.com/help/5030219 12085 12086 5030219 <a href="https://twitter.com/ezrak1e">ziming zhang</a> with Ant Security Light-Year Lab 1.0 2023-09-12T07:00:00 <p>Information published.</p> Windows TCP/IP Denial of Service Vulnerability Windows TCP/IP Microsoft Yes CVE-2023-38149 Uncontrolled Resource Consumption 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5030214 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030214 5029247 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4851 https://support.microsoft.com/help/5030214 11568 11569 11570 11571 11572 5030214 5030216 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030216 5029250 11923 11924 Yes Security Update 10.0.20348.1970 https://support.microsoft.com/help/5030216 11923 11924 5030216 5030216 https://support.microsoft.com/help/5030216 11923 11924 5030325 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030325 11923 11924 Yes AzureHotpatch 10.0.20348.1964 https://support.microsoft.com/help/5030325 11923 11924 5030325 5030217 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030217 5029253 11926 11927 Yes Security Update 10.0.22000.2416 https://support.microsoft.com/help/5030217 11926 11927 5030217 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 11929 11930 11931 Yes Security Update 10.0.19044.3448 https://support.microsoft.com/help/5030211 11929 11930 11931 5030211 5030219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030219 5029263 12085 12086 Yes Security Update 10.0.22621.2283 https://support.microsoft.com/help/5030219 12085 12086 5030219 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 12097 12098 12099 Yes Security Update 10.0.19045.3448 https://support.microsoft.com/help/5030211 12097 12098 12099 5030211 5030220 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030220 5029259 10729 10735 Yes Security Update 10.0.10240.20162 https://support.microsoft.com/help/5030220 10729 10735 5030220 5030213 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030213 5029242 10852 10853 10816 10855 Yes Security Update 10.0.14393.6252 https://support.microsoft.com/help/5030213 10852 10853 10816 10855 5030213 5030265 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030265 5029296 10051 10049 Yes Monthly Rollup 6.1.7601.26713 https://support.microsoft.com/help/5030265 10051 10049 5030265 5030265 https://support.microsoft.com/help/5030265 10051 10049 5030261 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030261 10051 10049 Yes Security Only 6.1.7601.26713 https://support.microsoft.com/help/5030261 10051 10049 5030261 5030261 https://support.microsoft.com/help/5030261 10051 10049 5030278 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030278 5029295 10378 10379 Yes Monthly Rollup 6.2.9200.24462 https://support.microsoft.com/help/5030278 10378 10379 5030278 5030279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030279 10378 10379 Yes Security Only 6.2.9200.24462 https://support.microsoft.com/help/5030279 10378 10379 5030279 5030269 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030269 5029312 10483 10543 Yes Monthly Rollup 6.3.9600.21563 https://support.microsoft.com/help/5030269 10483 10543 5030269 5030287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030287 10483 10543 Yes Security Only 6.3.9600.21563 https://support.microsoft.com/help/5030287 10483 10543 5030287 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <ul> <li>Systems are not affected if IPv6 is disabled on the target machine.</li> </ul> <p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">workaround</a> may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as they become available even if you plan to leave this workaround in place:</p> <p><strong>Disable router discovery on IPv6 interface.</strong></p> <p>You can disable router discovery on the IPv6 interface to prevent attackers from exploiting the vulnerability, with the following PowerShell command:</p> <ul> <li>Set-NetIPInterface -InterfaceIndex [interface_index] -RouterDiscovery Disabled</li> </ul> <p>You can disable router discovery on the IPv6 interface to prevent attackers from exploiting the vulnerability, with the following Network Shell (netsh) command:</p> <ul> <li>netsh interface ipv6 set interface [interface_name] routerdiscovery=disabled</li> </ul> <p>Please refer to the workaround section of this security bulletin for more information: <a href="https://learn.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-006">https://learn.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-006</a></p> <p><strong>Note:</strong></p> <p>No reboot is needed after making the change.</p> Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> Internet Connection Sharing (ICS) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthorized attacker could exploit this Internet Connection Sharing (ICS) vulnerability by sending a specially crafted network packet to the Internet Connection Sharing (ICS) Service.</p> <p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p> <p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p> Windows Internet Connection Sharing (ICS) Microsoft Yes CVE-2023-38148 Stack-based Buffer Overflow 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5030216 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030216 5029250 11923 11924 Yes Security Update 10.0.20348.1970 https://support.microsoft.com/help/5030216 11923 11924 5030216 5030216 https://support.microsoft.com/help/5030216 11923 11924 5030325 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030325 11923 11924 Yes AzureHotpatch 10.0.20348.1964 https://support.microsoft.com/help/5030325 11923 11924 5030325 5030217 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030217 5029253 11926 11927 Yes Security Update 10.0.22000.2416 https://support.microsoft.com/help/5030217 11926 11927 5030217 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 11929 11930 11931 Yes Security Update 10.0.19044.3448 https://support.microsoft.com/help/5030211 11929 11930 11931 5030211 5030219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030219 5029263 12085 12086 Yes Security Update 10.0.22621.2283 https://support.microsoft.com/help/5030219 12085 12086 5030219 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 12097 12098 12099 Yes Security Update 10.0.19045.3448 https://support.microsoft.com/help/5030211 12097 12098 12099 5030211 <p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigating factors</a> might be helpful in your situation:</p> <p>Exploitation of this vulnerability requires that the Internet Connection Sharing (ICS) is enabled.</p> Anonymous <a href="https://twitter.com/baixia4">Jarvis_1oop</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> 1.1 2023-09-28T07:00:00 <p>Added an acknowledgement. This is an informational change only.</p> Windows Miracast Wireless Display Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could project to a vulnerable system on the same wireless network that was configured to allow &quot;Projecting to this PC&quot; and marked as &quot;Available Everywhere&quot;. This is not a default configuration.</p> Microsoft Windows Codecs Library Microsoft Yes CVE-2023-38147 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5030214 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030214 5029247 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4851 https://support.microsoft.com/help/5030214 11568 11569 11570 11571 11572 5030214 5030216 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030216 5029250 11923 11924 Yes Security Update 10.0.20348.1970 https://support.microsoft.com/help/5030216 11923 11924 5030216 5030216 https://support.microsoft.com/help/5030216 11923 11924 5030325 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030325 11923 11924 Yes AzureHotpatch 10.0.20348.1964 https://support.microsoft.com/help/5030325 11923 11924 5030325 5030217 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030217 5029253 11926 11927 Yes Security Update 10.0.22000.2416 https://support.microsoft.com/help/5030217 11926 11927 5030217 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 11929 11930 11931 Yes Security Update 10.0.19044.3448 https://support.microsoft.com/help/5030211 11929 11930 11931 5030211 5030219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030219 5029263 12085 12086 Yes Security Update 10.0.22621.2283 https://support.microsoft.com/help/5030219 12085 12086 5030219 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 12097 12098 12099 Yes Security Update 10.0.19045.3448 https://support.microsoft.com/help/5030211 12097 12098 12099 5030211 5030220 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030220 5029259 10729 10735 Yes Security Update 10.0.10240.20162 https://support.microsoft.com/help/5030220 10729 10735 5030220 5030213 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030213 5029242 10852 10853 10816 10855 Yes Security Update 10.0.14393.6252 https://support.microsoft.com/help/5030213 10852 10853 10816 10855 5030213 wkai with Codesafe Team of Legendsec at QI-ANXIN Group 1.0 2023-09-12T07:00:00 <p>Information published.</p> Windows Themes Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker would need to convince a targeted user to load a Windows Themes file on a vulnerable system with access to an attacker-controlled SMB share.</p> Windows Themes Microsoft Yes CVE-2023-38146 Time-of-check Time-of-use (TOCTOU) Race Condition 11926 11927 12085 12086 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 12085 Remote Code Execution 12086 Important 11926 Important 11927 Important 12085 Important 12086 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 5030217 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030217 5029253 11926 11927 Yes Security Update 10.0.22000.2416 https://support.microsoft.com/help/5030217 11926 11927 5030217 5030219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030219 5029263 12085 12086 Yes Security Update 10.0.22621.2283 https://support.microsoft.com/help/5030219 12085 12086 5030219 Emma Kirkpatrick (<a href=https://twitter.com/carrot_c4k3>@carrot_c4k3</a>) Thijs Alkemade, Khaled Nassar, and Daan Keuper with <a href="https://sector7.computest.nl/">Computest Sector 7</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> 1.1 2024-06-26T07:00:00 <p>Updated acknowledgment. This is an informational change only.</p> Windows Common Log File System Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Common Log File System Driver Microsoft Yes CVE-2023-38144 Buffer Over-read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5030214 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030214 5029247 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4851 https://support.microsoft.com/help/5030214 11568 11569 11570 11571 11572 5030214 5030216 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030216 5029250 11923 11924 Yes Security Update 10.0.20348.1970 https://support.microsoft.com/help/5030216 11923 11924 5030216 5030216 https://support.microsoft.com/help/5030216 11923 11924 5030325 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030325 11923 11924 Yes AzureHotpatch 10.0.20348.1964 https://support.microsoft.com/help/5030325 11923 11924 5030325 5030217 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030217 5029253 11926 11927 Yes Security Update 10.0.22000.2416 https://support.microsoft.com/help/5030217 11926 11927 5030217 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 11929 11930 11931 Yes Security Update 10.0.19044.3448 https://support.microsoft.com/help/5030211 11929 11930 11931 5030211 5030219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030219 5029263 12085 12086 Yes Security Update 10.0.22621.2283 https://support.microsoft.com/help/5030219 12085 12086 5030219 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 12097 12098 12099 Yes Security Update 10.0.19045.3448 https://support.microsoft.com/help/5030211 12097 12098 12099 5030211 5030220 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030220 5029259 10729 10735 Yes Security Update 10.0.10240.20162 https://support.microsoft.com/help/5030220 10729 10735 5030220 5030213 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030213 5029242 10852 10853 10816 10855 Yes Security Update 10.0.14393.6252 https://support.microsoft.com/help/5030213 10852 10853 10816 10855 5030213 5030271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030271 5029318 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22264 https://support.microsoft.com/help/5030271 9312 10287 9318 9344 5030271 5030271 https://support.microsoft.com/help/5030271 9312 10287 9318 9344 5030286 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030286 9312 10287 Yes Security Only 6.0.6003.22264 https://support.microsoft.com/help/5030286 9312 10287 5030286 5030286 https://support.microsoft.com/help/5030286 9312 10287 9318 9344 5030286 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030286 9318 9344 Yes Security Only 6.0.6003.22262 https://support.microsoft.com/help/5030286 9318 9344 5030286 5030265 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030265 5029296 10051 10049 Yes Monthly Rollup 6.1.7601.26713 https://support.microsoft.com/help/5030265 10051 10049 5030265 5030265 https://support.microsoft.com/help/5030265 10051 10049 5030261 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030261 10051 10049 Yes Security Only 6.1.7601.26713 https://support.microsoft.com/help/5030261 10051 10049 5030261 5030261 https://support.microsoft.com/help/5030261 10051 10049 5030278 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030278 5029295 10378 10379 Yes Monthly Rollup 6.2.9200.24462 https://support.microsoft.com/help/5030278 10378 10379 5030278 5030279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030279 10378 10379 Yes Security Only 6.2.9200.24462 https://support.microsoft.com/help/5030279 10378 10379 5030279 5030269 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030269 5029312 10483 10543 Yes Monthly Rollup 6.3.9600.21563 https://support.microsoft.com/help/5030269 10483 10543 5030269 5030287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030287 10483 10543 Yes Security Only 6.3.9600.21563 https://support.microsoft.com/help/5030287 10483 10543 5030287 Anonymous working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> Windows Common Log File System Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Windows Common Log File System Driver Microsoft Yes CVE-2023-38143 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5030214 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030214 5029247 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4851 https://support.microsoft.com/help/5030214 11568 11569 11570 11571 11572 5030214 5030216 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030216 5029250 11923 11924 Yes Security Update 10.0.20348.1970 https://support.microsoft.com/help/5030216 11923 11924 5030216 5030216 https://support.microsoft.com/help/5030216 11923 11924 5030325 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030325 11923 11924 Yes AzureHotpatch 10.0.20348.1964 https://support.microsoft.com/help/5030325 11923 11924 5030325 5030217 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030217 5029253 11926 11927 Yes Security Update 10.0.22000.2416 https://support.microsoft.com/help/5030217 11926 11927 5030217 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 11929 11930 11931 Yes Security Update 10.0.19044.3448 https://support.microsoft.com/help/5030211 11929 11930 11931 5030211 5030219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030219 5029263 12085 12086 Yes Security Update 10.0.22621.2283 https://support.microsoft.com/help/5030219 12085 12086 5030219 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 12097 12098 12099 Yes Security Update 10.0.19045.3448 https://support.microsoft.com/help/5030211 12097 12098 12099 5030211 5030220 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030220 5029259 10729 10735 Yes Security Update 10.0.10240.20162 https://support.microsoft.com/help/5030220 10729 10735 5030220 5030213 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030213 5029242 10852 10853 10816 10855 Yes Security Update 10.0.14393.6252 https://support.microsoft.com/help/5030213 10852 10853 10816 10855 5030213 5030271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030271 5029318 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22264 https://support.microsoft.com/help/5030271 9312 10287 9318 9344 5030271 5030271 https://support.microsoft.com/help/5030271 9312 10287 9318 9344 5030286 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030286 9312 10287 Yes Security Only 6.0.6003.22264 https://support.microsoft.com/help/5030286 9312 10287 5030286 5030286 https://support.microsoft.com/help/5030286 9312 10287 9318 9344 5030286 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030286 9318 9344 Yes Security Only 6.0.6003.22262 https://support.microsoft.com/help/5030286 9318 9344 5030286 5030265 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030265 5029296 10051 10049 Yes Monthly Rollup 6.1.7601.26713 https://support.microsoft.com/help/5030265 10051 10049 5030265 5030265 https://support.microsoft.com/help/5030265 10051 10049 5030261 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030261 10051 10049 Yes Security Only 6.1.7601.26713 https://support.microsoft.com/help/5030261 10051 10049 5030261 5030261 https://support.microsoft.com/help/5030261 10051 10049 5030278 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030278 5029295 10378 10379 Yes Monthly Rollup 6.2.9200.24462 https://support.microsoft.com/help/5030278 10378 10379 5030278 5030279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030279 10378 10379 Yes Security Only 6.2.9200.24462 https://support.microsoft.com/help/5030279 10378 10379 5030279 5030269 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030269 5029312 10483 10543 Yes Monthly Rollup 6.3.9600.21563 https://support.microsoft.com/help/5030269 10483 10543 5030269 5030287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030287 10483 10543 Yes Security Only 6.3.9600.21563 https://support.microsoft.com/help/5030287 10483 10543 5030287 Anonymous <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2023-38142 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5030214 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030214 5029247 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4851 https://support.microsoft.com/help/5030214 11568 11569 11570 11571 11572 5030214 5030216 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030216 5029250 11923 11924 Yes Security Update 10.0.20348.1970 https://support.microsoft.com/help/5030216 11923 11924 5030216 5030216 https://support.microsoft.com/help/5030216 11923 11924 5030325 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030325 11923 11924 Yes AzureHotpatch 10.0.20348.1964 https://support.microsoft.com/help/5030325 11923 11924 5030325 5030217 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030217 5029253 11926 11927 Yes Security Update 10.0.22000.2416 https://support.microsoft.com/help/5030217 11926 11927 5030217 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 11929 11930 11931 Yes Security Update 10.0.19044.3448 https://support.microsoft.com/help/5030211 11929 11930 11931 5030211 5030219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030219 5029263 12085 12086 Yes Security Update 10.0.22621.2283 https://support.microsoft.com/help/5030219 12085 12086 5030219 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 12097 12098 12099 Yes Security Update 10.0.19045.3448 https://support.microsoft.com/help/5030211 12097 12098 12099 5030211 5030220 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030220 5029259 10729 10735 Yes Security Update 10.0.10240.20162 https://support.microsoft.com/help/5030220 10729 10735 5030220 5030213 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030213 5029242 10852 10853 10816 10855 Yes Security Update 10.0.14393.6252 https://support.microsoft.com/help/5030213 10852 10853 10816 10855 5030213 5030271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030271 5029318 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22264 https://support.microsoft.com/help/5030271 9312 10287 9318 9344 5030271 5030271 https://support.microsoft.com/help/5030271 9312 10287 9318 9344 5030286 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030286 9312 10287 Yes Security Only 6.0.6003.22264 https://support.microsoft.com/help/5030286 9312 10287 5030286 5030286 https://support.microsoft.com/help/5030286 9312 10287 9318 9344 5030286 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030286 9318 9344 Yes Security Only 6.0.6003.22262 https://support.microsoft.com/help/5030286 9318 9344 5030286 5030265 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030265 5029296 10051 10049 Yes Monthly Rollup 6.1.7601.26713 https://support.microsoft.com/help/5030265 10051 10049 5030265 5030265 https://support.microsoft.com/help/5030265 10051 10049 5030261 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030261 10051 10049 Yes Security Only 6.1.7601.26713 https://support.microsoft.com/help/5030261 10051 10049 5030261 5030261 https://support.microsoft.com/help/5030261 10051 10049 5030278 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030278 5029295 10378 10379 Yes Monthly Rollup 6.2.9200.24462 https://support.microsoft.com/help/5030278 10378 10379 5030278 5030279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030279 10378 10379 Yes Security Only 6.2.9200.24462 https://support.microsoft.com/help/5030279 10378 10379 5030279 5030269 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030269 5029312 10483 10543 Yes Monthly Rollup 6.3.9600.21563 https://support.microsoft.com/help/5030269 10483 10543 5030269 5030287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030287 10483 10543 Yes Security Only 6.3.9600.21563 https://support.microsoft.com/help/5030287 10483 10543 5030287 <a href="https://twitter.com/hillstone_lab">Zhang WangJunJie, He YiSheng, Li WenYue</a> with <a href="https://www.hillstonenet.com.cn/">Hillstone Network Security Research Institute</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2023-38141 Time-of-check Time-of-use (TOCTOU) Race Condition 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5030214 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030214 5029247 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4851 https://support.microsoft.com/help/5030214 11568 11569 11570 11571 11572 5030214 5030216 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030216 5029250 11923 11924 Yes Security Update 10.0.20348.1970 https://support.microsoft.com/help/5030216 11923 11924 5030216 5030216 https://support.microsoft.com/help/5030216 11923 11924 5030325 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030325 11923 11924 Yes AzureHotpatch 10.0.20348.1964 https://support.microsoft.com/help/5030325 11923 11924 5030325 5030217 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030217 5029253 11926 11927 Yes Security Update 10.0.22000.2416 https://support.microsoft.com/help/5030217 11926 11927 5030217 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 11929 11930 11931 Yes Security Update 10.0.19044.3448 https://support.microsoft.com/help/5030211 11929 11930 11931 5030211 5030219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030219 5029263 12085 12086 Yes Security Update 10.0.22621.2283 https://support.microsoft.com/help/5030219 12085 12086 5030219 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 12097 12098 12099 Yes Security Update 10.0.19045.3448 https://support.microsoft.com/help/5030211 12097 12098 12099 5030211 5030220 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030220 5029259 10729 10735 Yes Security Update 10.0.10240.20162 https://support.microsoft.com/help/5030220 10729 10735 5030220 5030213 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030213 5029242 10852 10853 10816 10855 Yes Security Update 10.0.14393.6252 https://support.microsoft.com/help/5030213 10852 10853 10816 10855 5030213 5030271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030271 5029318 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22264 https://support.microsoft.com/help/5030271 9312 10287 9318 9344 5030271 5030271 https://support.microsoft.com/help/5030271 9312 10287 9318 9344 5030286 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030286 9312 10287 Yes Security Only 6.0.6003.22264 https://support.microsoft.com/help/5030286 9312 10287 5030286 5030286 https://support.microsoft.com/help/5030286 9312 10287 9318 9344 5030286 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030286 9318 9344 Yes Security Only 6.0.6003.22262 https://support.microsoft.com/help/5030286 9318 9344 5030286 5030265 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030265 5029296 10051 10049 Yes Monthly Rollup 6.1.7601.26713 https://support.microsoft.com/help/5030265 10051 10049 5030265 5030265 https://support.microsoft.com/help/5030265 10051 10049 5030261 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030261 10051 10049 Yes Security Only 6.1.7601.26713 https://support.microsoft.com/help/5030261 10051 10049 5030261 5030261 https://support.microsoft.com/help/5030261 10051 10049 5030278 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030278 5029295 10378 10379 Yes Monthly Rollup 6.2.9200.24462 https://support.microsoft.com/help/5030278 10378 10379 5030278 5030279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030279 10378 10379 Yes Security Only 6.2.9200.24462 https://support.microsoft.com/help/5030279 10378 10379 5030279 5030269 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030269 5029312 10483 10543 Yes Monthly Rollup 6.3.9600.21563 https://support.microsoft.com/help/5030269 10483 10543 5030269 5030287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030287 10483 10543 Yes Security Only 6.3.9600.21563 https://support.microsoft.com/help/5030287 10483 10543 5030287 Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> Windows Kernel Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Windows Kernel Microsoft Yes CVE-2023-38140 Use of Uninitialized Resource 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12097 12098 12099 10852 10853 10816 10855 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5030214 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030214 5029247 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4851 https://support.microsoft.com/help/5030214 11568 11569 11570 11571 11572 5030214 5030216 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030216 5029250 11923 11924 Yes Security Update 10.0.20348.1970 https://support.microsoft.com/help/5030216 11923 11924 5030216 5030216 https://support.microsoft.com/help/5030216 11923 11924 5030325 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030325 11923 11924 Yes AzureHotpatch 10.0.20348.1964 https://support.microsoft.com/help/5030325 11923 11924 5030325 5030217 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030217 5029253 11926 11927 Yes Security Update 10.0.22000.2416 https://support.microsoft.com/help/5030217 11926 11927 5030217 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 11929 11930 11931 Yes Security Update 10.0.19044.3448 https://support.microsoft.com/help/5030211 11929 11930 11931 5030211 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 12097 12098 12099 Yes Security Update 10.0.19045.3448 https://support.microsoft.com/help/5030211 12097 12098 12099 5030211 5030213 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030213 5029242 10852 10853 10816 10855 Yes Security Update 10.0.14393.6252 https://support.microsoft.com/help/5030213 10852 10853 10816 10855 5030213 Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2023-38139 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5030214 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030214 5029247 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4851 https://support.microsoft.com/help/5030214 11568 11569 11570 11571 11572 5030214 5030216 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030216 5029250 11923 11924 Yes Security Update 10.0.20348.1970 https://support.microsoft.com/help/5030216 11923 11924 5030216 5030216 https://support.microsoft.com/help/5030216 11923 11924 5030325 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030325 11923 11924 Yes AzureHotpatch 10.0.20348.1964 https://support.microsoft.com/help/5030325 11923 11924 5030325 5030217 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030217 5029253 11926 11927 Yes Security Update 10.0.22000.2416 https://support.microsoft.com/help/5030217 11926 11927 5030217 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 11929 11930 11931 Yes Security Update 10.0.19044.3448 https://support.microsoft.com/help/5030211 11929 11930 11931 5030211 5030219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030219 5029263 12085 12086 Yes Security Update 10.0.22621.2283 https://support.microsoft.com/help/5030219 12085 12086 5030219 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 12097 12098 12099 Yes Security Update 10.0.19045.3448 https://support.microsoft.com/help/5030211 12097 12098 12099 5030211 5030220 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030220 5029259 10729 10735 Yes Security Update 10.0.10240.20162 https://support.microsoft.com/help/5030220 10729 10735 5030220 5030213 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030213 5029242 10852 10853 10816 10855 Yes Security Update 10.0.14393.6252 https://support.microsoft.com/help/5030213 10852 10853 10816 10855 5030213 5030271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030271 5029318 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22264 https://support.microsoft.com/help/5030271 9312 10287 9318 9344 5030271 5030271 https://support.microsoft.com/help/5030271 9312 10287 9318 9344 5030286 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030286 9312 10287 Yes Security Only 6.0.6003.22264 https://support.microsoft.com/help/5030286 9312 10287 5030286 5030286 https://support.microsoft.com/help/5030286 9312 10287 9318 9344 5030286 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030286 9318 9344 Yes Security Only 6.0.6003.22262 https://support.microsoft.com/help/5030286 9318 9344 5030286 5030265 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030265 5029296 10051 10049 Yes Monthly Rollup 6.1.7601.26713 https://support.microsoft.com/help/5030265 10051 10049 5030265 5030265 https://support.microsoft.com/help/5030265 10051 10049 5030261 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030261 10051 10049 Yes Security Only 6.1.7601.26713 https://support.microsoft.com/help/5030261 10051 10049 5030261 5030261 https://support.microsoft.com/help/5030261 10051 10049 5030278 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030278 5029295 10378 10379 Yes Monthly Rollup 6.2.9200.24462 https://support.microsoft.com/help/5030278 10378 10379 5030278 5030279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030279 10378 10379 Yes Security Only 6.2.9200.24462 https://support.microsoft.com/help/5030279 10378 10379 5030279 5030269 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030269 5029312 10483 10543 Yes Monthly Rollup 6.3.9600.21563 https://support.microsoft.com/help/5030269 10483 10543 5030269 5030287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030287 10483 10543 Yes Security Only 6.3.9600.21563 https://support.microsoft.com/help/5030287 10483 10543 5030287 Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> Windows MSHTML Platform Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.</p> <p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2?</strong></p> <p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p> <p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p> Windows Scripting Microsoft Yes CVE-2023-36805 Improper Neutralization of Special Elements used in a Command ('Command Injection') 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5030214 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030214 5029247 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4851 https://support.microsoft.com/help/5030214 11568 11569 11570 11571 11572 5030214 5030216 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030216 5029250 11923 11924 Yes Security Update 10.0.20348.1970 https://support.microsoft.com/help/5030216 11923 11924 5030216 5030216 https://support.microsoft.com/help/5030216 11923 11924 5030325 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030325 11923 11924 Yes AzureHotpatch 10.0.20348.1964 https://support.microsoft.com/help/5030325 11923 11924 5030325 5030217 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030217 5029253 11926 11927 Yes Security Update 10.0.22000.2416 https://support.microsoft.com/help/5030217 11926 11927 5030217 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 11929 11930 11931 Yes Security Update 10.0.19044.3448 https://support.microsoft.com/help/5030211 11929 11930 11931 5030211 5030219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030219 5029263 12085 12086 Yes Security Update 10.0.22621.2283 https://support.microsoft.com/help/5030219 12085 12086 5030219 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 12097 12098 12099 Yes Security Update 10.0.19045.3448 https://support.microsoft.com/help/5030211 12097 12098 12099 5030211 5030220 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030220 5029259 10729 10735 Yes Security Update 10.0.10240.20162 https://support.microsoft.com/help/5030220 10729 10735 5030220 5030213 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030213 5029242 10852 10853 10816 10855 Yes Security Update 10.0.14393.6252 https://support.microsoft.com/help/5030213 10852 10853 10816 10855 5030213 5030265 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030265 5029296 10051 10049 Yes Monthly Rollup 6.1.7601.26713 https://support.microsoft.com/help/5030265 10051 10049 5030265 5030265 https://support.microsoft.com/help/5030265 10051 10049 5030261 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030261 10051 10049 Yes Security Only 6.1.7601.26713 https://support.microsoft.com/help/5030261 10051 10049 5030261 5030261 https://support.microsoft.com/help/5030261 10051 10049 5030209 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030209 5029243 10051 10049 10378 10379 10483 10543 Yes IE Cumulative 1.001 https://support.microsoft.com/help/5030209 10051 10049 10378 10379 10483 10543 5030209 5030278 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030278 5029295 10378 10379 Yes Monthly Rollup 6.2.9200.24462 https://support.microsoft.com/help/5030278 10378 10379 5030278 5030279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030279 10378 10379 Yes Security Only 6.2.9200.24462 https://support.microsoft.com/help/5030279 10378 10379 5030279 5030269 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030269 5029312 10483 10543 Yes Monthly Rollup 6.3.9600.21563 https://support.microsoft.com/help/5030269 10483 10543 5030269 5030287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030287 10483 10543 Yes Security Only 6.3.9600.21563 https://support.microsoft.com/help/5030287 10483 10543 5030287 Eduardo Braun Prado working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> 2.0 2023-09-22T07:00:00 <p>In the Security Updates table, added Windows Server 2008 R2 and Windows Server 2012 as these versions of Windows are affected by this vulnerability. Microsoft recommends that customers install the September 2023 updates to be fully protected from this vulnerability. Customers who install the Security Only updates for these versions of Windows Server should also install the IE Cumulative update to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action. Also see FAQs for information about the IE Cumulative update.</p> Windows GDI Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows GDI Microsoft Yes CVE-2023-36804 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5030214 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030214 5029247 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4851 https://support.microsoft.com/help/5030214 11568 11569 11570 11571 11572 5030214 5030216 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030216 5029250 11923 11924 Yes Security Update 10.0.20348.1970 https://support.microsoft.com/help/5030216 11923 11924 5030216 5030216 https://support.microsoft.com/help/5030216 11923 11924 5030325 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030325 11923 11924 Yes AzureHotpatch 10.0.20348.1964 https://support.microsoft.com/help/5030325 11923 11924 5030325 5030217 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030217 5029253 11926 11927 Yes Security Update 10.0.22000.2416 https://support.microsoft.com/help/5030217 11926 11927 5030217 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 11929 11930 11931 Yes Security Update 10.0.19044.3448 https://support.microsoft.com/help/5030211 11929 11930 11931 5030211 5030219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030219 5029263 12085 12086 Yes Security Update 10.0.22621.2283 https://support.microsoft.com/help/5030219 12085 12086 5030219 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 12097 12098 12099 Yes Security Update 10.0.19045.3448 https://support.microsoft.com/help/5030211 12097 12098 12099 5030211 5030220 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030220 5029259 10729 10735 Yes Security Update 10.0.10240.20162 https://support.microsoft.com/help/5030220 10729 10735 5030220 5030213 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030213 5029242 10852 10853 10816 10855 Yes Security Update 10.0.14393.6252 https://support.microsoft.com/help/5030213 10852 10853 10816 10855 5030213 5030271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030271 5029318 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22264 https://support.microsoft.com/help/5030271 9312 10287 9318 9344 5030271 5030271 https://support.microsoft.com/help/5030271 9312 10287 9318 9344 5030286 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030286 9312 10287 Yes Security Only 6.0.6003.22264 https://support.microsoft.com/help/5030286 9312 10287 5030286 5030286 https://support.microsoft.com/help/5030286 9312 10287 9318 9344 5030286 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030286 9318 9344 Yes Security Only 6.0.6003.22262 https://support.microsoft.com/help/5030286 9318 9344 5030286 5030265 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030265 5029296 10051 10049 Yes Monthly Rollup 6.1.7601.26713 https://support.microsoft.com/help/5030265 10051 10049 5030265 5030265 https://support.microsoft.com/help/5030265 10051 10049 5030261 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030261 10051 10049 Yes Security Only 6.1.7601.26713 https://support.microsoft.com/help/5030261 10051 10049 5030261 5030261 https://support.microsoft.com/help/5030261 10051 10049 5030278 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030278 5029295 10378 10379 Yes Monthly Rollup 6.2.9200.24462 https://support.microsoft.com/help/5030278 10378 10379 5030278 5030279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030279 10378 10379 Yes Security Only 6.2.9200.24462 https://support.microsoft.com/help/5030279 10378 10379 5030279 5030269 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030269 5029312 10483 10543 Yes Monthly Rollup 6.3.9600.21563 https://support.microsoft.com/help/5030269 10483 10543 5030269 5030287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030287 10483 10543 Yes Security Only 6.3.9600.21563 https://support.microsoft.com/help/5030287 10483 10543 5030287 Marcin Wiazowski working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> Windows Kernel Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Windows Kernel Microsoft Yes CVE-2023-36803 Buffer Over-read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10852 10853 10816 10855 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5030214 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030214 5029247 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4851 https://support.microsoft.com/help/5030214 11568 11569 11570 11571 11572 5030214 5030216 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030216 5029250 11923 11924 Yes Security Update 10.0.20348.1970 https://support.microsoft.com/help/5030216 11923 11924 5030216 5030216 https://support.microsoft.com/help/5030216 11923 11924 5030325 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030325 11923 11924 Yes AzureHotpatch 10.0.20348.1964 https://support.microsoft.com/help/5030325 11923 11924 5030325 5030217 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030217 5029253 11926 11927 Yes Security Update 10.0.22000.2416 https://support.microsoft.com/help/5030217 11926 11927 5030217 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 11929 11930 11931 Yes Security Update 10.0.19044.3448 https://support.microsoft.com/help/5030211 11929 11930 11931 5030211 5030219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030219 5029263 12085 12086 Yes Security Update 10.0.22621.2283 https://support.microsoft.com/help/5030219 12085 12086 5030219 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 12097 12098 12099 Yes Security Update 10.0.19045.3448 https://support.microsoft.com/help/5030211 12097 12098 12099 5030211 5030213 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030213 5029242 10852 10853 10816 10855 Yes Security Update 10.0.14393.6252 https://support.microsoft.com/help/5030213 10852 10853 10816 10855 5030213 Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Streaming Service Microsoft Yes CVE-2023-36802 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5030214 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030214 5029247 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4851 https://support.microsoft.com/help/5030214 11568 11569 11570 11571 11572 5030214 5030216 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030216 5029250 11923 11924 Yes Security Update 10.0.20348.1970 https://support.microsoft.com/help/5030216 11923 11924 5030216 5030216 https://support.microsoft.com/help/5030216 11923 11924 5030325 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030325 11923 11924 Yes AzureHotpatch 10.0.20348.1964 https://support.microsoft.com/help/5030325 11923 11924 5030325 5030217 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030217 5029253 11926 11927 Yes Security Update 10.0.22000.2416 https://support.microsoft.com/help/5030217 11926 11927 5030217 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 11929 11930 11931 Yes Security Update 10.0.19044.3448 https://support.microsoft.com/help/5030211 11929 11930 11931 5030211 5030219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030219 5029263 12085 12086 Yes Security Update 10.0.22621.2283 https://support.microsoft.com/help/5030219 12085 12086 5030219 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 12097 12098 12099 Yes Security Update 10.0.19045.3448 https://support.microsoft.com/help/5030211 12097 12098 12099 5030211 Microsoft Security Response Center Microsoft Threat Intelligence <a href="https://twitter.com/ze0rx">Guanghui Xia(@ze0r)</a> with Hebei HuaCe <a href="https://twitter.com/chompie1337">Valentina Palmiotti</a> with IBM X-Force Quan Jin(@jq0904) & ze0r with <a href="https://www.dbappsecurity.com.cn/product/cloud250.html">DBAPPSecurity WeBin Lab</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> 1.1 2023-09-19T07:00:00 <p>Added acknowledgements. This is an informational change only.</p> DHCP Server Service Information Disclosure Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.</p> Windows DHCP Server Microsoft Yes CVE-2023-36801 Buffer Over-read 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11571 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11572 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11923 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11924 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10816 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10855 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9312 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10287 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9318 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9344 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10051 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10049 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10378 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10379 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10483 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10543 5030214 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030214 5029247 11571 11572 Yes Security Update 10.0.17763.4851 https://support.microsoft.com/help/5030214 11571 11572 5030214 5030216 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030216 5029250 11923 11924 Yes Security Update 10.0.20348.1970 https://support.microsoft.com/help/5030216 11923 11924 5030216 5030216 https://support.microsoft.com/help/5030216 11923 11924 5030325 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030325 11923 11924 Yes AzureHotpatch 10.0.20348.1964 https://support.microsoft.com/help/5030325 11923 11924 5030325 5030213 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030213 5029242 10816 10855 Yes Security Update 10.0.14393.6252 https://support.microsoft.com/help/5030213 10816 10855 5030213 5030271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030271 5029318 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22264 https://support.microsoft.com/help/5030271 9312 10287 9318 9344 5030271 5030271 https://support.microsoft.com/help/5030271 9312 10287 9318 9344 5030286 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030286 9312 10287 Yes Security Only 6.0.6003.22264 https://support.microsoft.com/help/5030286 9312 10287 5030286 5030286 https://support.microsoft.com/help/5030286 9312 10287 9318 9344 5030286 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030286 9318 9344 Yes Security Only 6.0.6003.22262 https://support.microsoft.com/help/5030286 9318 9344 5030286 5030265 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030265 5029296 10051 10049 Yes Monthly Rollup 6.1.7601.26713 https://support.microsoft.com/help/5030265 10051 10049 5030265 5030265 https://support.microsoft.com/help/5030265 10051 10049 5030261 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030261 10051 10049 Yes Security Only 6.1.7601.26713 https://support.microsoft.com/help/5030261 10051 10049 5030261 5030261 https://support.microsoft.com/help/5030261 10051 10049 5030278 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030278 5029295 10378 10379 Yes Monthly Rollup 6.2.9200.24462 https://support.microsoft.com/help/5030278 10378 10379 5030278 5030279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030279 10378 10379 Yes Security Only 6.2.9200.24462 https://support.microsoft.com/help/5030279 10378 10379 5030279 5030269 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030269 5029312 10483 10543 Yes Monthly Rollup 6.3.9600.21563 https://support.microsoft.com/help/5030269 10483 10543 5030269 5030287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030287 10483 10543 Yes Security Only 6.3.9600.21563 https://support.microsoft.com/help/5030287 10483 10543 5030287 <p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx#Mitigation">mitigating factors</a> might be helpful in your situation:</p> <p>Customers who have not installed the DHCP Server Role to their server are not affected by this vulnerability.</p> YanZiShuang@BigCJTeam of cyberkl 1.0 2023-09-12T07:00:00 <p>Information published.</p> Microsoft Office Security Feature Bypass Vulnerability <p><strong>Is the Attachment Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes. The attachment Preview Pane that is accessed when a user clicks to preview an attached file is an attack vector; however, the email Preview Pane itself is not.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>The attacker would be able to bypass the protection in Outlook that prevents a potentially dangerous extension from being uploaded and downloaded.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N), with minor loss of integrity (I:N) and availability (A:L). What does that mean for this vulnerability?</strong></p> <p>While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.</p> Microsoft Office Microsoft Yes CVE-2023-36767 Improper Input Validation 11573 11574 11575 11762 11763 11951 11952 11953 10753 10754 10603 10601 10602 Security Feature Bypass 11573 Security Feature Bypass 11574 Security Feature Bypass 11575 Security Feature Bypass 11762 Security Feature Bypass 11763 Security Feature Bypass 11951 Security Feature Bypass 11952 Security Feature Bypass 11953 Security Feature Bypass 10753 Security Feature Bypass 10754 Security Feature Bypass 10603 Security Feature Bypass 10601 Security Feature Bypass 10602 Important 11573 Important 11574 Important 11575 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 10753 Important 10754 Important 10603 Important 10601 Important 10602 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 11573 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 11574 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 11575 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 11762 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 11763 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 11951 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 11952 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 11953 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 10753 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 10754 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 10603 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 10601 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 10602 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Maybe Security Update 16.77.23091003 https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Release Notes 5002457 https://www.microsoft.com/download/details.aspx?familyid=d9e2a1b7-ec5b-4843-98e1-d67581c252e9 5002419 10753 Maybe Security Update 16.0.5413.1000 https://support.microsoft.com/help/5002457 10753 5002457 5002457 https://www.microsoft.com/download/details.aspx?familyid=3f90655f-5490-483e-a6cc-2ac8e8a47fa7 5002419 10754 Maybe Security Update 16.0.5413.1000 https://support.microsoft.com/help/5002457 10754 5002457 5002477 5002439 10603 Maybe Security Update 15.0.5589.1000 https://support.microsoft.com/help/5002477 10603 5002477 5002477 https://www.microsoft.com/download/details.aspx?familyid=d23ec7ea-1e1f-46e0-8f18-802df462ed14 5002439 10601 Maybe Security Update 15.0.5589.1000 https://support.microsoft.com/help/5002477 10601 5002477 5002477 https://www.microsoft.com/download/details.aspx?familyid=a6f71299-e20a-434e-84b2-28bfe10beaeb 5002439 10602 Maybe Security Update 15.0.5589.1000 https://support.microsoft.com/help/5002477 10602 5002477 Anonymous 1.0 2023-09-12T07:00:00 <p>Information published.</p> Microsoft Excel Information Disclosure Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is information disclosure?</strong></p> <p>The attack itself is carried out locally. For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer which could leak data.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.</p> Microsoft Office Excel Microsoft Yes CVE-2023-36766 Out-of-bounds Read 11573 11574 11575 11605 11762 11763 11951 11952 11953 10739 10740 10656 10654 10655 Information Disclosure 11573 Information Disclosure 11574 Information Disclosure 11575 Information Disclosure 11605 Information Disclosure 11762 Information Disclosure 11763 Information Disclosure 11951 Information Disclosure 11952 Information Disclosure 11953 Information Disclosure 10739 Information Disclosure 10740 Information Disclosure 10656 Information Disclosure 10654 Information Disclosure 10655 Important 11573 Important 11574 Important 11575 Important 11605 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 10739 Important 10740 Important 10656 Important 10654 Important 10655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11575 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11605 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10656 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10654 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10655 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Maybe Security Update 16.77.23091003 https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Release Notes 5002470 https://www.microsoft.com/download/details.aspx?familyid=4a7f48b2-1e91-4202-a941-a7b5ac30728a 5002435 11605 Maybe Security Update 16.0.10402.20000 https://support.microsoft.com/help/5002470 11605 5002470 5002496 https://www.microsoft.com/download/details.aspx?familyid=3a0fc2c5-86d0-4c88-a1a6-d4e137779cb2 5002463 10739 Maybe Security Update 16.0.5413.1000 https://support.microsoft.com/help/5002496 10739 5002496 5002496 https://www.microsoft.com/download/details.aspx?familyid=9185ae15-6f95-4b15-b172-92bb529c3b92 5002463 10740 Maybe Security Update 16.0.5413.1000 https://support.microsoft.com/help/5002496 10740 5002496 5002488 5002451 10656 Maybe Security Update 15.0.5589.1000 https://support.microsoft.com/help/5002488 10656 5002488 5002488 https://www.microsoft.com/download/details.aspx?familyid=53f7bf82-565c-4ca4-9dfb-a04d4dde2894 5002451 10654 Maybe Security Update 15.0.5589.1000 https://support.microsoft.com/help/5002488 10654 5002488 5002488 https://www.microsoft.com/download/details.aspx?familyid=6e136428-1828-4805-bb2a-4983b33eef6e 5002451 10655 Maybe Security Update 15.0.5589.1000 https://support.microsoft.com/help/5002488 10655 5002488 <a href="https://twitter.com/tecr0c">Rocco Calvi (@TecR0c)</a> with <a href="https://tecsecurity.io/">TecSecurity</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> Microsoft Office Elevation of Privilege Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Office Microsoft Yes CVE-2023-36765 11573 11574 Elevation of Privilege 11573 Elevation of Privilege 11574 Important 11573 Important 11574 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 Click to Run 11573 11574 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 Click to Run Luke Papandrea, Microsoft Corporation 1.0 2023-09-12T07:00:00 <p>Information published.</p> Visual Studio Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker must send the victim a malicious file and convince them to open it.</p> Visual Studio Microsoft Yes CVE-2023-36759 Untrusted Pointer Dereference 12051 11935 12129 12222 12187 Elevation of Privilege 12051 Elevation of Privilege 11935 Elevation of Privilege 12129 Elevation of Privilege 12222 Elevation of Privilege 12187 Important 12051 Important 11935 Important 12129 Important 12222 Important 12187 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12051 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11935 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12129 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12222 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12187 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.19 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.30 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.11 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.7 12222 Maybe Security Update 17.7.4 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12222 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.7 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes <a href="https://github.com/zeze-zeze">Zeze</a> with <a href="https://teamt5.org/tw/">TeamT5</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> Visual Studio Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.</p> Visual Studio Microsoft Yes CVE-2023-36758 Improper Link Resolution Before File Access ('Link Following') 12222 Elevation of Privilege 12222 Important 12222 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12222 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.7 12222 Maybe Security Update 17.7.4 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12222 Release Notes Siemens AG Anonymous Angel Palomo of ING 1.0 2023-09-12T07:00:00 <p>Information published.</p> Microsoft Exchange Server Spoofing Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?</strong></p> <p>Yes, the attacker must be authenticated with LAN-access and have credentials for a valid Exchange user.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H) and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could access a user's Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user.</p> <p><strong>What updates do I need to install to be protected from this vulnerability?</strong></p> <p>Customers need to install the August 2023 Exchange security updates which are listed in the Security Updates table. Customers who have already August 2023 security updates are already protected from this vulnerability.</p> <p><strong>Is there more information available?</strong></p> <p>Yes, please see <a href="https://techcommunity.microsoft.com/t5/exchange-team-blog/september-2023-release-of-new-exchange-server-cves-resolved-by/ba-p/3924063">September 2023 release of new Exchange Server CVEs</a> for more information.</p> Microsoft Exchange Server Microsoft Yes CVE-2023-36757 Deserialization of Untrusted Data 12039 12038 12191 Spoofing 12039 Spoofing 12038 Spoofing 12191 Important 12039 Important 12038 Important 12191 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12038 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12191 5030524 https://www.microsoft.com/download/details.aspx?familyid=026d6264-dc26-4482-aad7-c7f8e250e872 5025903 12039 Yes Security Update 15.01.2507.032 https://support.microsoft.com/help/5030524 12039 5030524 5030524 https://www.microsoft.com/download/details.aspx?familyid=5ffd5bed-1305-4505-b21a-caf4913d03da 5026261 12038 Yes Security Update 15.02.1118.037 https://support.microsoft.com/help/5030524 12038 5030524 5030524 https://www.microsoft.com/download/details.aspx?familyid=593a50a5-595a-43b4-a258-2c97a910b87f 5026261 12191 Yes Security Update 15.02.1258.025 https://support.microsoft.com/help/5030524 12191 5030524 Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative 1.0 2023-09-12T07:00:00 <p>Information published. This CVE was addressed by updates that were released in August 2023, but the CVE was inadvertently omitted from the August 2023 Security Updates. Microsoft strongly recommends that customers running affected versions of Microsoft Exchange Server install the August 2023 updates to be protected from this vulnerability.</p> Microsoft Exchange Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?</strong></p> <p>Yes, the attacker must be authenticated with LAN-access and have credentials for a valid Exchange user.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>In a network-based attack, an attacker could trigger malicious code in the context of the server's account through a network call.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the targeted environment.</p> <p><strong>What updates do I need to install to be protected from this vulnerability?</strong></p> <p>Customers need to install the August 2023 Exchange security updates which are listed in the Security Updates table. Customers who have already August 2023 security updates are already protected from this vulnerability.</p> <p><strong>Is there more information available?</strong></p> <p>Yes, please see <a href="https://techcommunity.microsoft.com/t5/exchange-team-blog/september-2023-release-of-new-exchange-server-cves-resolved-by/ba-p/3924063">September 2023 release of new Exchange Server CVEs</a> for more information.</p> Microsoft Exchange Server Microsoft Yes CVE-2023-36756 Deserialization of Untrusted Data 12039 12191 12038 Remote Code Execution 12039 Remote Code Execution 12191 Remote Code Execution 12038 Important 12039 Important 12191 Important 12038 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12191 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12038 5030524 https://www.microsoft.com/download/details.aspx?familyid=026d6264-dc26-4482-aad7-c7f8e250e872 5025903 12039 Yes Security Update 15.01.2507.032 https://support.microsoft.com/help/5030524 12039 5030524 5030524 https://www.microsoft.com/download/details.aspx?familyid=593a50a5-595a-43b4-a258-2c97a910b87f 5026261 12191 Yes Security Update 15.02.1258.025 https://support.microsoft.com/help/5030524 12191 5030524 5030524 https://www.microsoft.com/download/details.aspx?familyid=5ffd5bed-1305-4505-b21a-caf4913d03da 5026261 12038 Yes Security Update 15.02.1118.037 https://support.microsoft.com/help/5030524 12038 5030524 Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative 1.0 2023-09-12T07:00:00 <p>Information published. This CVE was addressed by updates that were released in August 2023, but the CVE was inadvertently omitted from the August 2023 Security Updates. Microsoft strongly recommends that customers running affected versions of Microsoft Exchange Server install the August 2023 updates to be protected from this vulnerability.</p> Microsoft Exchange Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?</strong></p> <p>Yes, the attacker must be authenticated with LAN-access and have credentials for a valid Exchange user.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the targeted environment.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by leveraging the known (Type 4) UnitySerializationHolder gadget through a deserialization of untrusted data. Exploitation of this vulnerability requires that a user gain LAN-access as well as obtain credentials for a valid Exchange user.</p> <p><strong>What updates do I need to install to be protected from this vulnerability?</strong></p> <p>Customers need to install the August 2023 Exchange security updates which are listed in the Security Updates table. Customers who have already August 2023 security updates are already protected from this vulnerability.</p> <p><strong>Is there more information available?</strong></p> <p>Yes, please see <a href="https://techcommunity.microsoft.com/t5/exchange-team-blog/september-2023-release-of-new-exchange-server-cves-resolved-by/ba-p/3924063">September 2023 release of new Exchange Server CVEs</a> for more information.</p> Microsoft Exchange Server Microsoft Yes CVE-2023-36745 Deserialization of Untrusted Data 12191 12038 12039 Remote Code Execution 12191 Remote Code Execution 12038 Remote Code Execution 12039 Important 12191 Important 12038 Important 12039 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12191 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12038 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 5030524 https://www.microsoft.com/download/details.aspx?familyid=593a50a5-595a-43b4-a258-2c97a910b87f 5026261 12191 Yes Security Update 15.02.1258.025 https://support.microsoft.com/help/5030524 12191 5030524 5030524 https://www.microsoft.com/download/details.aspx?familyid=5ffd5bed-1305-4505-b21a-caf4913d03da 5026261 12038 Yes Security Update 15.02.1118.037 https://support.microsoft.com/help/5030524 12038 5030524 5030524 https://www.microsoft.com/download/details.aspx?familyid=026d6264-dc26-4482-aad7-c7f8e250e872 5025903 12039 Yes Security Update 15.01.2507.032 https://support.microsoft.com/help/5030524 12039 5030524 Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative 1.0 2023-09-12T07:00:00 <p>Information published. This CVE was addressed by updates that were released in August 2023, but the CVE was inadvertently omitted from the August 2023 Security Updates. Microsoft strongly recommends that customers running affected versions of Microsoft Exchange Server install the August 2023 updates to be protected from this vulnerability.</p> Microsoft Exchange Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?</strong></p> <p>Yes, the attacker must be authenticated with LAN-access and have credentials for a valid Exchange user.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>In a network-based attack, an attacker could trigger malicious code in the context of the server's account through a network call.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the targeted environment.</p> <p><strong>What updates do I need to install to be protected from this vulnerability?</strong></p> <p>Customers need to install the August 2023 Exchange security updates which are listed in the Security Updates table. Customers who have already August 2023 security updates are already protected from this vulnerability.</p> <p><strong>Is there more information available?</strong></p> <p>Yes, please see <a href="https://techcommunity.microsoft.com/t5/exchange-team-blog/september-2023-release-of-new-exchange-server-cves-resolved-by/ba-p/3924063">September 2023 release of new Exchange Server CVEs</a> for more information.</p> Microsoft Exchange Server Microsoft Yes CVE-2023-36744 Deserialization of Untrusted Data 12038 12039 12191 Remote Code Execution 12038 Remote Code Execution 12039 Remote Code Execution 12191 Important 12038 Important 12039 Important 12191 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12038 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12191 5030524 https://www.microsoft.com/download/details.aspx?familyid=5ffd5bed-1305-4505-b21a-caf4913d03da 5026261 12038 Yes Security Update 15.02.1118.037 https://support.microsoft.com/help/5030524 12038 5030524 5030524 https://www.microsoft.com/download/details.aspx?familyid=026d6264-dc26-4482-aad7-c7f8e250e872 5025903 12039 Yes Security Update 15.01.2507.032 https://support.microsoft.com/help/5030524 12039 5030524 5030524 https://www.microsoft.com/download/details.aspx?familyid=593a50a5-595a-43b4-a258-2c97a910b87f 5026261 12191 Yes Security Update 15.02.1258.025 https://support.microsoft.com/help/5030524 12191 5030524 Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative 1.0 2023-09-12T07:00:00 <p>Information published. This CVE was addressed by updates that were released in August 2023, but the CVE was inadvertently omitted from the August 2023 Security Updates. Microsoft strongly recommends that customers running affected versions of Microsoft Exchange Server install the August 2023 updates to be protected from this vulnerability.</p> Visual Studio Code Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to open in VS Code a malicious folder that was shared with them.</p> Visual Studio Code Microsoft Yes CVE-2023-36742 11622 Remote Code Execution 11622 Important 11622 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11622 Release Notes https://code.visualstudio.com/Download 11622 Maybe Security Update 1.82.1 https://code.visualstudio.com/updates/v1_82 11622 Release Notes <a href="https://infosec.exchange/@swapgs">Thomas Chauchefoin</a> with <a href="https://www.sonarsource.com/">Sonar</a> <a href="https://twitter.com/pspaul95">Paul Gerste</a> with <a href="https://sonarsource.com/">Sonar</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> Electron: CVE-2023-39956 -Visual Studio Code Remote Code Execution Vulnerability <p><strong>Why is this Electron CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Electron software which is consumed by Visual Studio Code. It is being documented in the Security Update Guide to announce that the latest build of Visual Studio Code is no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> Visual Studio Code Electron Yes CVE-2023-39956 11622 Remote Code Execution 11622 Important 11622 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Release Notes https://code.visualstudio.com/Download 11622 Maybe Security Update 1.81.2 https://code.visualstudio.com/updates/v1_81 11622 Release Notes Simon Siefke 1.0 2023-09-12T07:00:00 <p>Information published.</p> Microsoft Identity Linux Broker Remote Code Execution Vulnerability <p><strong>How is the protection from this vulnerability applied?</strong></p> <p>Microsoft Identity Linux Broker allows users with a Linux device support for bring your own device (BYOD) in an Azure AD environment. To be protected from this vulnerability you need to run the following command on the ubuntu machines:</p> <p><code>$ sudo apt update &amp;&amp; sudo apt upgrade -y</code></p> <p>This will pull and update the released packages.</p> <p>You can find the packages here:</p> <ul> <li>Ubuntu 20.04 : <a href="https://packages.microsoft.com/ubuntu/20.04/prod/pool/main/m/microsoft-identity-broker/">Index of /ubuntu/20.04/prod/pool/main/m/microsoft-identity-broker</a></li> <li>Ubuntu 22.04: <a href="https://packages.microsoft.com/ubuntu/22.04/prod/pool/main/m/microsoft-identity-broker/">Index of /ubuntu/22.04/prod/pool/main/m/microsoft-identity-broker</a></li> </ul> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, Confidentiality, and Integrity are Low (CI:L). What does that mean for this vulnerability?</strong></p> <p>An attacker is only able to compromise files that they were allowed access to as part of their initial privilege. Any encrypted data will still be protected since the attacker doesn't have access to the Device Broker encryption key as part of this vulnerability.</p> Microsoft Identity Linux Broker Microsoft Yes CVE-2023-36736 Deserialization of Untrusted Data 12225 Remote Code Execution 12225 Important 12225 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 12225 Information https://packages.microsoft.com/ubuntu/20.04/prod/pool/main/m/microsoft-identity-broker/ 12225 Maybe Security Update 1.6.1 https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-device-registration 12225 Information Information https://packages.microsoft.com/ubuntu/22.04/prod/pool/main/m/microsoft-identity-broker/ 12225 Maybe Security Update 1.6.1 https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-device-registration 12225 Information <a href="https://social.memes.nz/@jamie">Jamie McClymont</a> with <a href="https://cybercx.co.nz/">CyberCX</a> Rhys Davies with <a href="https://cybercx.co.nz/">CyberCX</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> 1.1 2023-09-14T07:00:00 <p>Updated links to security updates. This is an informational change only.</p> Microsoft Office Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L) but no privileges are required (PR:N) and user interaction is required (UI:R). How could an attacker exploit this spoofing vulnerability?</strong></p> <p>The attack itself is carried out locally by a user with authentication to the targeted system. An attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of integrity (I:H)? What does that mean for this vulnerability?</strong></p> <p>The vulnerability could allow an unauthenticated attacker to insert malicious content into a document which then passes the authentication check when a partial signature is present.</p> Microsoft Office Microsoft Yes CVE-2023-41764 Improper Verification of Cryptographic Signature 11573 11574 11762 11763 11952 11953 10753 10754 10603 10601 10602 Spoofing 11573 Spoofing 11574 Spoofing 11762 Spoofing 11763 Spoofing 11952 Spoofing 11953 Spoofing 10753 Spoofing 10754 Spoofing 10603 Spoofing 10601 Spoofing 10602 Moderate 11573 Moderate 11574 Moderate 11762 Moderate 11763 Moderate 11952 Moderate 11953 Moderate 10753 Moderate 10754 Moderate 10603 Moderate 10601 Moderate 10602 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11573 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11574 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11762 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11763 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11952 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11953 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10753 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10754 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10603 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10601 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10602 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run 5002457 https://www.microsoft.com/download/details.aspx?familyid=d9e2a1b7-ec5b-4843-98e1-d67581c252e9 5002419 10753 Maybe Security Update 16.0.5413.1000 https://support.microsoft.com/help/5002457 10753 5002457 5002498 https://www.microsoft.com/download/details.aspx?familyid=20d66360-1c44-4ff5-a935-5e0f0266e5ed 5002465 10753 Maybe Security Update 16.0.5413.1000 https://support.microsoft.com/help/5002498 10753 5002498 5002100 https://www.microsoft.com/download/details.aspx?familyid=d46154d2-605c-40c0-ba57-b502f8d9bc29 4486670 10753 Maybe Security Update 16.0.5413.1000 https://support.microsoft.com/help/5002100 10753 5002100 5002457 https://www.microsoft.com/download/details.aspx?familyid=3f90655f-5490-483e-a6cc-2ac8e8a47fa7 5002419 10754 Maybe Security Update 16.0.5413.1000 https://support.microsoft.com/help/5002457 10754 5002457 5002498 https://www.microsoft.com/download/details.aspx?familyid=b125ec57-5517-4077-9a26-fa49e0f38596 5002465 10754 Maybe Security Update 16.0.5413.1000 https://support.microsoft.com/help/5002498 10754 5002498 5002100 https://www.microsoft.com/download/details.aspx?familyid=3502018b-5ab4-4b56-b551-d6329e636759 4486670 10754 Maybe Security Update 16.0.5413.1000 https://support.microsoft.com/help/5002100 10754 5002100 5002477 5002439 10603 Maybe Security Update 15.0.5589.1000 https://support.microsoft.com/help/5002477 10603 5002477 5002477 https://www.microsoft.com/download/details.aspx?familyid=d23ec7ea-1e1f-46e0-8f18-802df462ed14 5002439 10601 Maybe Security Update 15.0.5589.1000 https://support.microsoft.com/help/5002477 10601 5002477 5002477 https://www.microsoft.com/download/details.aspx?familyid=a6f71299-e20a-434e-84b2-28bfe10beaeb 5002439 10602 Maybe Security Update 15.0.5589.1000 https://support.microsoft.com/help/5002477 10602 5002477 Simon Rohlmann, Vladislav Mladenov, Christian Mainka and Jörg Schwenk with <a href="https://informatik.rub.de/nds/">Ruhr University Bochum</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> Chromium: CVE-2023-4764 Incorrect security UI in BFCache <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>116.0.1938.xxx</td> <td>9/7/2023</td> <td>116.0.5845.179/.180</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-4764 11655 11655 11655 Release Notes 11655 No Security Update 116.0.1938.76 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-09-07T16:03:45 <p>Information published.</p> Chromium: CVE-2023-4763 Use after free in Networks <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>116.0.1938.xxx</td> <td>9/7/2023</td> <td>116.0.5845.179/.180</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-4763 11655 11655 11655 Release Notes 11655 No Security Update 116.0.1938.76 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-09-07T16:03:41 <p>Information published.</p> Chromium: CVE-2023-4762 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>116.0.1938.xxx</td> <td>9/7/2023</td> <td>116.0.5845.179/.180</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-4762 11655 11655 11655 Release Notes 11655 No Security Update 116.0.1938.76 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-09-07T16:03:38 <p>Information published.</p> Chromium: CVE-2023-4761 Out of bounds memory access in FedCM <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>116.0.1938.xxx</td> <td>9/7/2023</td> <td>116.0.5845.179/.180</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-4761 11655 11655 11655 Release Notes 11655 No Security Update 116.0.1938.76 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-09-07T16:03:32 <p>Information published.</p> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>117.0.2045.31</td> <td>117.0.5938.62/.63</td> <td>9/15/2023</td> </tr> </tbody> </table> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?</strong></p> <p>While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.</p> <p><strong>Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal?</strong></p> <p><a href="https://www.microsoft.com/en-us/msrc/bounty-new-edge">Per our severity guidelines</a>, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, &quot;If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded&quot;. The CVSS scoring system doesn't allow for this type of nuance.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a browser sandbox escape.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-36562 Use After Free 11655 Elevation of Privilege 11655 Moderate 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 117.0.2045.31 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Anonymous 1.0 2023-09-15T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p> <p><strong>Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal?</strong></p> <p><a href="https://www.microsoft.com/en-us/msrc/bounty-new-edge">Per our severity guidelines</a>, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, &quot;If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded&quot;. The CVSS scoring system doesn't allow for this type of nuance.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could allow the attacker to gain the privileges needed to perform code execution.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>117.0.2045.31</td> <td>117.0.5938.62/.63</td> <td>9/15/2023</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a browser sandbox escape.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-36735 Use After Free 11655 Elevation of Privilege 11655 Moderate 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 9.6 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 117.0.2045.31 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Anonymous 1.0 2023-09-15T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Spoofing Vulnerability <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>117.0.2045.31</td> <td>117.0.5938.62/.63</td> <td>9/15/2023</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Limited information from the victim's browser associated with the vulnerable URL can be sent to the attacker by the malicious code.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The user would need to access the URL of the malicious website, which could spoof the content of a legitimate website, and then click a popup displayed on that site.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-36727 11655 Spoofing 11655 Important 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 117.0.2045.31 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes <a href="https://twitter.com/shhnjk">Jun Kokatsu</a> 1.0 2023-09-15T07:00:00 <p>Information published.</p> Chromium: CVE-2023-4909 Inappropriate implementation in Interstitials <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>117.0.2045.31</td> <td>117.0.5938.62/.63</td> <td>9/15/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-4909 11655 11655 11655 Release Notes 11655 No Security Update 117.0.2045.31 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-09-15T07:00:00 <p>Information published.</p> Chromium: CVE-2023-4908 Inappropriate implementation in Picture in Picture <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>117.0.2045.31</td> <td>117.0.5938.62/.63</td> <td>9/15/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-4908 11655 11655 11655 Release Notes 11655 No Security Update 117.0.2045.31 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-09-15T07:00:00 <p>Information published.</p> Chromium: CVE-2023-4907 Inappropriate implementation in Intents <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>117.0.2045.31</td> <td>117.0.5938.62/.63</td> <td>9/15/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-4907 11655 11655 11655 Release Notes 11655 No Security Update 117.0.2045.31 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-09-15T07:00:00 <p>Information published.</p> Chromium: CVE-2023-4906 Insufficient policy enforcement in Autofill <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>117.0.2045.31</td> <td>117.0.5938.62/.63</td> <td>9/15/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-4906 11655 11655 11655 Release Notes 11655 No Security Update 117.0.2045.31 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-09-15T07:00:00 <p>Information published.</p> Chromium: CVE-2023-4905 Inappropriate implementation in Prompts <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>117.0.2045.31</td> <td>117.0.5938.62/.63</td> <td>9/15/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-4905 11655 11655 11655 Release Notes 11655 No Security Update 117.0.2045.31 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-09-15T07:00:00 <p>Information published.</p> Chromium: CVE-2023-4904 Insufficient policy enforcement in Downloads <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>117.0.2045.31</td> <td>117.0.5938.62/.63</td> <td>9/15/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-4904 11655 11655 11655 Release Notes 11655 No Security Update 117.0.2045.31 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-09-15T07:00:00 <p>Information published.</p> Chromium: CVE-2023-4903 Inappropriate implementation in Custom Mobile Tabs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>117.0.2045.31</td> <td>117.0.5938.62/.63</td> <td>9/15/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-4903 11655 11655 11655 Release Notes 11655 No Security Update 117.0.2045.31 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-09-15T07:00:00 <p>Information published.</p> Chromium: CVE-2023-4902 Inappropriate implementation in Input <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>117.0.2045.31</td> <td>117.0.5938.62/.63</td> <td>9/15/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-4902 11655 11655 11655 Release Notes 11655 No Security Update 117.0.2045.31 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-09-15T07:00:00 <p>Information published.</p> Chromium: CVE-2023-4901 Inappropriate implementation in Prompts <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>117.0.2045.31</td> <td>117.0.5938.62/.63</td> <td>9/15/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-4901 11655 11655 11655 Release Notes 11655 No Security Update 117.0.2045.31 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-09-15T07:00:00 <p>Information published.</p> Chromium: CVE-2023-4900 Inappropriate implementation in Custom Tabs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>117.0.2045.31</td> <td>117.0.5938.62/.63</td> <td>9/15/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-4900 11655 11655 11655 Release Notes 11655 No Security Update 117.0.2045.31 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-09-15T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1999 Use after free in libwebp <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>114.0.1823.67</td> <td>6/29/2023</td> <td>114.0.5735.198/199</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1999 11655 11655 11655 Release Notes 11655 No Security Update 113.0.1774.35 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-09-29T16:24:23 <p>Information published.</p> Chromium: CVE-2023-5186 Use after free in Passwords <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>117.0.2045.47</td> <td>117.0.5938.132</td> <td>9/29/2023</td> </tr> <tr> <td>Extended Stable</td> <td>116.0.1938.98</td> <td>116.0.5845.229</td> <td>9/27/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5186 11655 11655 11655 Release Notes 11655 No Security Update 116.0.1938.98 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-09-29T16:25:22 <p>Information published.</p> Chromium: CVE-2023-5187 Use after free in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>117.0.2045.47</td> <td>117.0.5938.132</td> <td>9/29/2023</td> </tr> <tr> <td>Extended Stable</td> <td>116.0.1938.98</td> <td>116.0.5845.229</td> <td>9/27/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5187 11655 11655 11655 Release Notes 11655 No Security Update 116.0.1938.98 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2023-09-29T16:25:43 <p>Information published.</p> Chromium: CVE-2023-5217 Heap buffer overflow in vp8 encoding in libvpx <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p>Google is aware that an exploit for CVE-2023-5217 exists in the wild.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>Is Microsoft Teams developing an update to address CVE-2023-5217?</strong></p> <p>We are aware that certain versions of Teams applications are affected by this vulnerability. Microsoft is working to identify and address this vulnerability as soon as possible. We will keep this page updated with the latest information and advice.</p> <p><strong>Is Microsoft Skype developing an update to address CVE-2023-5217?</strong></p> <p>We are aware that certain versions of Skype applications are affected by this vulnerability. Microsoft is working to identify and address this vulnerability as soon as possible. We will keep this page updated with the latest information and advice.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>117.0.2045.47</td> <td>117.0.5938.132</td> <td>9/29/2023</td> </tr> <tr> <td>Extended Stable</td> <td>116.0.1938.98</td> <td>116.0.5845.229</td> <td>9/27/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-5217 11655 12182 12216 11655 12182 12216 11655 12182 12216 Publicly Disclosed:Yes;Exploited:Yes Release Notes 11655 No Security Update 116.0.1938.98 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Release Notes 12182 No Security Update 1.6.00.27573 https://learn.microsoft.com/en-us/officeupdates/teams-app-versioning 12182 Release Notes Release Notes 12216 No Security Update 1.6.00.27656 https://learn.microsoft.com/en-us/officeupdates/teams-app-versioning 12216 Release Notes 1.0 2023-09-29T16:24:54 <p>Information published.</p> 1.1 2023-09-30T07:00:00 <p>Updated CVE detail with information regarding other Microsoft products affected by this vulnerability. This is an informational change only.</p> 1.2 2023-10-20T07:00:00 <p>Added Teams for Windows and Teams for Mac products to the Security Updates table. This is an informational change only.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability?</strong></p> <p>There could be a loss of confidentiality if an unaware user clicked on a popup therefore creating an opportunity for an attacker to retrieve cookies or present the user with a dialog box to enter user credentials.</p> Microsoft Dynamics Microsoft Yes CVE-2023-36886 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11921 11664 Spoofing 11921 Spoofing 11664 Important 11921 Important 11664 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11921 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11664 5030608 https://www.microsoft.com/download/details.aspx?familyid=d12ebd05-1177-464e-ad78-9370e7abda09 11921 Maybe Security Update 9.1.21.05 https://support.microsoft.com/help/5030608 11921 5030608 5029396 https://www.microsoft.com/download/details.aspx?familyid=fd1aae50-1888-4e5f-b85e-bd48d3e0d267 11664 Maybe Security Update 9.0.49.04 https://support.microsoft.com/help/5029396 11664 5029396 <a href="https://batr.am/">batram</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> 1.1 2023-10-17T07:00:00 <p>Added an FAQ. This is an information change only.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability?</strong></p> <p>There could be a loss of confidentiality if an unaware user clicked on a popup therefore creating an opportunity for an attacker to retrieve cookies or present the user with a dialog box to enter user credentials.</p> Microsoft Dynamics Microsoft Yes CVE-2023-38164 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11921 11664 Spoofing 11921 Spoofing 11664 Important 11921 Important 11664 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11921 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11664 5030608 https://www.microsoft.com/download/details.aspx?familyid=d12ebd05-1177-464e-ad78-9370e7abda09 11921 Maybe Security Update 9.1.21.05 https://support.microsoft.com/help/5030608 11921 5030608 5029396 https://www.microsoft.com/download/details.aspx?familyid=fd1aae50-1888-4e5f-b85e-bd48d3e0d267 11664 Maybe Security Update 9.0.49.04 https://support.microsoft.com/help/5029396 11664 5029396 <a href="https://twitter.com/norwin_boniao">Norwin Boniao</a> with <a href="https://twitter.com/norwin_boniao">https://twitter.com/norwin_boniao</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> 1.1 2023-10-17T07:00:00 <p>Added an FAQ. This is an information change only.</p> Windows TCP/IP Information Disclosure Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view sensitive information (Confidentiality). While the attacker can not make changes to disclosed information (Integrity) and limit access to the resource (Availability).</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows TCP/IP Microsoft Yes CVE-2023-38160 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5030214 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030214 5029247 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4851 https://support.microsoft.com/help/5030214 11568 11569 11570 11571 11572 5030214 5030216 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030216 5029250 11923 11924 Yes Security Update 10.0.20348.1970 https://support.microsoft.com/help/5030216 11923 11924 5030216 5030216 https://support.microsoft.com/help/5030216 11923 11924 5030325 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030325 11923 11924 Yes AzureHotpatch 10.0.20348.1964 https://support.microsoft.com/help/5030325 11923 11924 5030325 5030217 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030217 5029253 11926 11927 Yes Security Update 10.0.22000.2416 https://support.microsoft.com/help/5030217 11926 11927 5030217 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 11929 11930 11931 Yes Security Update 10.0.19044.3448 https://support.microsoft.com/help/5030211 11929 11930 11931 5030211 5030219 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030219 5029263 12085 12086 Yes Security Update 10.0.22621.2283 https://support.microsoft.com/help/5030219 12085 12086 5030219 5030211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030211 5029244 12097 12098 12099 Yes Security Update 10.0.19045.3448 https://support.microsoft.com/help/5030211 12097 12098 12099 5030211 5030220 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030220 5029259 10729 10735 Yes Security Update 10.0.10240.20162 https://support.microsoft.com/help/5030220 10729 10735 5030220 5030213 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030213 5029242 10852 10853 10816 10855 Yes Security Update 10.0.14393.6252 https://support.microsoft.com/help/5030213 10852 10853 10816 10855 5030213 5030271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030271 5029318 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22264 https://support.microsoft.com/help/5030271 9312 10287 9318 9344 5030271 5030271 https://support.microsoft.com/help/5030271 9312 10287 9318 9344 5030286 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030286 9312 10287 Yes Security Only 6.0.6003.22264 https://support.microsoft.com/help/5030286 9312 10287 5030286 5030286 https://support.microsoft.com/help/5030286 9312 10287 9318 9344 5030286 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030286 9318 9344 Yes Security Only 6.0.6003.22262 https://support.microsoft.com/help/5030286 9318 9344 5030286 5030265 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030265 5029296 10051 10049 Yes Monthly Rollup 6.1.7601.26713 https://support.microsoft.com/help/5030265 10051 10049 5030265 5030265 https://support.microsoft.com/help/5030265 10051 10049 5030261 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030261 10051 10049 Yes Security Only 6.1.7601.26713 https://support.microsoft.com/help/5030261 10051 10049 5030261 5030261 https://support.microsoft.com/help/5030261 10051 10049 5030278 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030278 5029295 10378 10379 Yes Monthly Rollup 6.2.9200.24462 https://support.microsoft.com/help/5030278 10378 10379 5030278 5030279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030279 10378 10379 Yes Security Only 6.2.9200.24462 https://support.microsoft.com/help/5030279 10378 10379 5030279 5030269 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030269 5029312 10483 10543 Yes Monthly Rollup 6.3.9600.21563 https://support.microsoft.com/help/5030269 10483 10543 5030269 5030287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030287 10483 10543 Yes Security Only 6.3.9600.21563 https://support.microsoft.com/help/5030287 10483 10543 5030287 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> Azure DevOps Server Remote Code Execution Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.</p> Azure DevOps Microsoft Yes CVE-2023-38155 Deserialization of Untrusted Data 11675 12189 12143 12211 12212 Elevation of Privilege 11675 Elevation of Privilege 12189 Elevation of Privilege 12143 Elevation of Privilege 12211 Elevation of Privilege 12212 Important 11675 Important 12189 Important 12143 Important 12211 Important 12212 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11675 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12189 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12143 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12211 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12212 Release Notes 11675 Maybe Security Update 20230601.3 https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2019?view=azure-devops 11675 Release Notes Release Notes 12189 Maybe Security Update 20230825.4 https://learn.microsoft.com/azure/devops/server/release-notes/azuredevops2022?view=azure-devops 12189 Release Notes Release Notes 12143 Maybe Security Update 20230823.1 https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2020u1?view=azure-devops 12143 Release Notes Release Notes 12211 Maybe Security Update 20230825.1 https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2019u1?view=azure-devops 12211 Release Notes Release Notes 12212 Maybe Security Update 20230820.2 https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2020?view=azure-devops 12212 Release Notes Mikhail Shcherbakov (@yu5k3) working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> Dynamics Finance and Operations Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability?</strong></p> <p>There could be a loss of confidentiality if an unaware user clicked on a popup therefore creating an opportunity for an attacker to retrieve cookies or present the user with a dialog box to enter user credentials.</p> Microsoft Dynamics Finance & Operations Microsoft Yes CVE-2023-36800 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11786 Spoofing 11786 Important 11786 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11786 Release Notes https://docs.microsoft.com/en-us/dynamics365/fin-ops-core/dev-itpro/migration-upgrade/download-hotfix-lcs 11786 Maybe Security Update 10.0.1695 https://learn.microsoft.com/en-us/dynamics365/finance/get-started/whats-new-changed-10-0-36 11786 Release Notes Jordi Sastre with <a href="https://www.prodware.org/">Prodware</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> 1.1 2023-09-13T07:00:00 <p>Updated links to security updates. This is an informational change only.</p> 1.2 2023-10-17T07:00:00 <p>Added an FAQ. This is an information change only.</p> .NET Core and Visual Studio Denial of Service Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious request and convince them to open it.</p> .NET Core & Visual Studio Microsoft Yes CVE-2023-36799 Uncontrolled Resource Consumption 12009 12130 12051 12129 12222 12187 11970 12131 Denial of Service 12009 Denial of Service 12130 Denial of Service 12051 Denial of Service 12129 Denial of Service 12222 Denial of Service 12187 Denial of Service 11970 Denial of Service 12131 Important 12009 Important 12130 Important 12051 Important 12129 Important 12222 Important 12187 Important 11970 Important 12131 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12009 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12130 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12129 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12222 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12187 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11970 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12131 5032874 https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.24 https://support.microsoft.com/help/5032874 12009 5032874 5032875 https://dotnet.microsoft.com/en-us/download/dotnet/7.0 12130 Maybe Security Update 7.0.13 https://support.microsoft.com/help/5032875 12130 5032875 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.21 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.13 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12222 12187 Maybe Security Update 17.6.9 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12222 12187 Release Notes Release Notes https://github.com/PowerShell/Announcements/issues/49 11970 12131 Maybe Security Update 7.2.14 https://github.com/PowerShell/Announcements/issues/49 11970 12131 Release Notes Kevin Jones, GitHub 1.0 2023-09-12T07:00:00 <p>Information published.</p> 2.0 2023-09-19T07:00:00 <p>Revised the Security Updates table to include PowerShell 7.2 and PowerShell 7.3 because these versions of PowerShell 7 are affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/49">https://github.com/PowerShell/Announcements/issues/49</a> for more information.</p> 3.0 2023-10-24T07:00:00 <p>To comprehensively address this vulnerability, Microsoft has released security updates on October 24, 2023 for all affected versions of .NET and Microsoft Visual Studio. Microsoft recommends that customers install the updates to be fully protected from the vulnerability.</p> Visual Studio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio.</p> .NET and Visual Studio Microsoft Yes CVE-2023-36796 Integer Underflow (Wrap or Wraparound) 12187 12222 11600 12051 11935 12129 10566 10577 12130 12009 11970 11676-11923 11650-10853 11650-10855 11650-10378 11676-11568 11676-11924 11650-10543 11650-10816 11650-10852 11676-11927 11650-10051 11676-11926 11676-11571 11676-11572 11650-10049 11676-11569 11676-12097 11650-10483 11676-11930 11676-11929 11676-12098 11676-11931 11676-12099 11650-10379 11677-11568 11677-11570 11677-11569 11723-10852 11677-11571 11677-11572 11723-10855 11723-10853 11723-10816 11863-10051 11863-10049 11863-10379 11863-10378 11863-10483 11863-10543 12079-11924 12079-11923 12079-11927 12079-11926 12079-11929 12079-12097 12079-11930 12079-12098 12079-12086 12079-11931 12079-12085 12079-12099 12115-9312 12115-10287 12128-10735 12115-9318 12115-9344 12128-10729 9292-9312 9292-9318 9195-9312 9195-9318 2472-10378 2472-10379 2472-10483 2472-10543 9495-10049 9495-10051 Remote Code Execution 12187 Remote Code Execution 12222 Remote Code Execution 11600 Remote Code Execution 12051 Remote Code Execution 11935 Remote Code Execution 12129 Remote Code Execution 10566 Remote Code Execution 10577 Remote Code Execution 12130 Remote Code Execution 12009 Remote Code Execution 11970 Remote Code Execution 11676-11923 Remote Code Execution 11650-10853 Remote Code Execution 11650-10855 Remote Code Execution 11650-10378 Remote Code Execution 11676-11568 Remote Code Execution 11676-11924 Remote Code Execution 11650-10543 Remote Code Execution 11650-10816 Remote Code Execution 11650-10852 Remote Code Execution 11676-11927 Remote Code Execution 11650-10051 Remote Code Execution 11676-11926 Remote Code Execution 11676-11571 Remote Code Execution 11676-11572 Remote Code Execution 11650-10049 Remote Code Execution 11676-11569 Remote Code Execution 11676-12097 Remote Code Execution 11650-10483 Remote Code Execution 11676-11930 Remote Code Execution 11676-11929 Remote Code Execution 11676-12098 Remote Code Execution 11676-11931 Remote Code Execution 11676-12099 Remote Code Execution 11650-10379 Remote Code Execution 11677-11568 Remote Code Execution 11677-11570 Remote Code Execution 11677-11569 Remote Code Execution 11723-10852 Remote Code Execution 11677-11571 Remote Code Execution 11677-11572 Remote Code Execution 11723-10855 Remote Code Execution 11723-10853 Remote Code Execution 11723-10816 Remote Code Execution 11863-10051 Remote Code Execution 11863-10049 Remote Code Execution 11863-10379 Remote Code Execution 11863-10378 Remote Code Execution 11863-10483 Remote Code Execution 11863-10543 Remote Code Execution 12079-11924 Remote Code Execution 12079-11923 Remote Code Execution 12079-11927 Remote Code Execution 12079-11926 Remote Code Execution 12079-11929 Remote Code Execution 12079-12097 Remote Code Execution 12079-11930 Remote Code Execution 12079-12098 Remote Code Execution 12079-12086 Remote Code Execution 12079-11931 Remote Code Execution 12079-12085 Remote Code Execution 12079-12099 Remote Code Execution 12115-9312 Remote Code Execution 12115-10287 Remote Code Execution 12128-10735 Remote Code Execution 12115-9318 Remote Code Execution 12115-9344 Remote Code Execution 12128-10729 Remote Code Execution 9292-9312 Remote Code Execution 9292-9318 Remote Code Execution 9195-9312 Remote Code Execution 9195-9318 Remote Code Execution 2472-10378 Remote Code Execution 2472-10379 Remote Code Execution 2472-10483 Remote Code Execution 2472-10543 Remote Code Execution 9495-10049 Remote Code Execution 9495-10051 Critical 12187 Critical 12222 Critical 11600 Critical 12051 Critical 11935 Critical 12129 Critical 10566 Critical 10577 Critical 12130 Critical 12009 Important 11970 Important 11676-11923 Important 11650-10853 Important 11650-10855 Important 11650-10378 Important 11676-11568 Important 11676-11924 Important 11650-10543 Important 11650-10816 Important 11650-10852 Important 11676-11927 Important 11650-10051 Important 11676-11926 Important 11676-11571 Important 11676-11572 Important 11650-10049 Important 11676-11569 Important 11676-12097 Important 11650-10483 Important 11676-11930 Important 11676-11929 Important 11676-12098 Important 11676-11931 Important 11676-12099 Important 11650-10379 Important 11677-11568 Important 11677-11570 Important 11677-11569 Critical 11723-10852 Important 11677-11571 Important 11677-11572 Critical 11723-10855 Critical 11723-10853 Critical 11723-10816 Important 11863-10051 Important 11863-10049 Important 11863-10379 Important 11863-10378 Important 11863-10483 Important 11863-10543 Important 12079-11924 Important 12079-11923 Important 12079-11927 Important 12079-11926 Important 12079-11929 Important 12079-12097 Important 12079-11930 Important 12079-12098 Important 12079-12086 Important 12079-11931 Important 12079-12085 Important 12079-12099 Important 12115-9312 Important 12115-10287 Critical 12128-10735 Important 12115-9318 Important 12115-9344 Critical 12128-10729 Important 9292-9312 Important 9292-9318 Important 9195-9312 Important 9195-9318 Important 2472-10378 Important 2472-10379 Important 2472-10483 Important 2472-10543 Important 9495-10049 Important 9495-10051 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12187 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12222 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11600 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11935 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12129 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10566 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10577 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12130 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12009 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11970 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12128-10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12128-10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9292-9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9292-9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9195-9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9195-9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9495-10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9495-10051 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.9 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.7 12222 Maybe Security Update 17.7.6 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12222 Release Notes Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.57 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.21 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.30 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.13 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes 5029365 https://aka.ms/vs/12/release/5029365 10566 Maybe Security Update 12.0.40707.0 https://support.microsoft.com/help/5029365 10566 5029365 5029365 https://support.microsoft.com/help/5029365 10566 5029366 https://aka.ms/vs/14/release/5029366 10577 Maybe Security Update 14.0.27559.0 https://support.microsoft.com/help/5029366 10577 5029366 5029366 https://support.microsoft.com/help/5029366 10577 5032875 https://dotnet.microsoft.com/en-us/download/dotnet/7.0 12130 Maybe Security Update 7.0.13 https://support.microsoft.com/help/5032875 12130 5032875 5032874 https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.24 https://support.microsoft.com/help/5032874 12009 5032874 Release Notes https://github.com/PowerShell/Announcements/issues/50 11970 Maybe Security Update 7.2.12 https://github.com/PowerShell/Announcements/issues/50 11970 Release Notes 5030186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029928 5029655 11676-11923 11676-11924 Maybe Security Update 4.8.04667.03 https://support.microsoft.com/help/5030186 11676-11923 11676-11924 5030186 5029924 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029924 5028952 11650-10853 11650-10855 11650-10816 11650-10852 Maybe Security Update 4.8.04667.02 https://support.microsoft.com/help/5029924 11650-10853 11650-10855 11650-10816 11650-10852 5029924 5030183 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029927 5029652 11650-10378 11650-10379 Maybe Monthly Rollup 4.8.04667.02 https://support.microsoft.com/help/5030183 11650-10378 11650-10379 5030183 5030178 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029925 5029647 11676-11568 11676-11571 11676-11572 11676-11569 Maybe Security Update 4.8.04667.03 https://support.microsoft.com/help/5030178 11676-11568 11676-11571 11676-11572 11676-11569 5030178 5030184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029917 5029653 11650-10543 11650-10483 Maybe Monthly Rollup 4.8.04667.02 https://support.microsoft.com/help/5030184 11650-10543 11650-10483 5030184 5030181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029926 5029650 11676-11927 11676-11926 Maybe Security Update 4.8.04667.02 https://support.microsoft.com/help/5030181 11676-11927 11676-11926 5030181 5030182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029929 5029651 11650-10051 11650-10049 Maybe Monthly Rollup 4.8.04667.02 https://support.microsoft.com/help/5030182 11650-10051 11650-10049 5030182 5030180 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029923 5029649 11676-12097 11676-12098 11676-12099 Maybe Security Update 4.8.04667.02 https://support.microsoft.com/help/5030180 11676-12097 11676-12098 11676-12099 5030180 5030179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029923 5029648 11676-11930 11676-11929 11676-11931 Maybe Security Update 4.8.04667.02 https://support.microsoft.com/help/5030179 11676-11930 11676-11929 11676-11931 5030179 5030178 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029931 5029647 11677-11568 11677-11570 11677-11569 11677-11571 11677-11572 Maybe Security Update 4.7.04063.05 https://support.microsoft.com/help/5030178 11677-11568 11677-11570 11677-11569 11677-11571 11677-11572 5030178 5030213 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030213 5029242 11723-10852 11723-10855 11723-10853 11723-10816 Yes Security Update 10.0.14393.6252 https://support.microsoft.com/help/5030213 11723-10852 11723-10855 11723-10853 11723-10816 5030213 5030182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029933 5029651 11863-10051 11863-10049 Maybe Monthly Rollup 4.7.04063.01 https://support.microsoft.com/help/5030182 11863-10051 11863-10049 5030182 5030183 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029932 5029652 11863-10379 11863-10378 Maybe Monthly Rollup 4.7.04063.02 https://support.microsoft.com/help/5030183 11863-10379 11863-10378 5030183 5030184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029916 5029653 11863-10483 11863-10543 Maybe Monthly Rollup 4.7.04063.02 https://support.microsoft.com/help/5030184 11863-10483 11863-10543 5030184 5030186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029922 5029655 12079-11924 12079-11923 Maybe Security Update 4.8.09186.01 https://support.microsoft.com/help/5030186 12079-11924 12079-11923 5030186 5030181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029920 5029650 12079-11927 12079-11926 Maybe Security Update 4.8.09186.01 https://support.microsoft.com/help/5030181 12079-11927 12079-11926 5030181 5030179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029919 5029648 12079-11929 12079-11930 12079-11931 Maybe Security Update 4.8.09186.01 https://support.microsoft.com/help/5030179 12079-11929 12079-11930 12079-11931 5030179 5030180 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029919 5029649 12079-12097 12079-12098 12079-12099 Maybe Security Update 4.8.09186.01 https://support.microsoft.com/help/5030180 12079-12097 12079-12098 12079-12099 5030180 5031217 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029921 5028948 12079-12086 12079-12085 Maybe Security Update 4.8.09186.0 https://support.microsoft.com/help/5031217 12079-12086 12079-12085 5031217 5030185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029933 5029654 12115-9312 12115-10287 12115-9318 12115-9344 Maybe Monthly Rollup 4.7.04063.01 https://support.microsoft.com/help/5030185 12115-9312 12115-10287 12115-9318 12115-9344 5030185 5030220 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030220 5029259 12128-10735 12128-10729 Yes Security Update 10.0.10240.20162 https://support.microsoft.com/help/5030220 12128-10735 12128-10729 5030220 5030185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029937 5029654 9292-9312 9292-9318 9195-9312 9195-9318 Maybe Monthly Rollup 3.0.30729.8957 https://support.microsoft.com/help/5030185 9292-9312 9292-9318 9195-9312 9195-9318 5030185 5030183 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030160 5029652 2472-10378 2472-10379 Maybe Monthly Rollup 3.0.30729.8957 https://support.microsoft.com/help/5030183 2472-10378 2472-10379 5030183 5030184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029915 5029653 2472-10483 2472-10543 Maybe Monthly Rollup 3.0.30729.8957 https://support.microsoft.com/help/5030184 2472-10483 2472-10543 5030184 5030182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029938 5029651 9495-10049 9495-10051 Maybe Monthly Rollup 3.0.30729.8957 https://support.microsoft.com/help/5030182 9495-10049 9495-10051 5030182 goodbyeselene goodbyeselene 5.4 2023-12-12T08:00:00 <p>Microsoft is rereleasing KB5029365 to address the following known issue: Customers who are using Microsoft Visual Studio 2013 Update 5 might receive a &quot;C2471&quot; error after attempting to compile a build that has precompiled headers (PCH) that use the /Gm and /ZI (Edit and Continue) switches. Microsoft recommends that customers install the update and remove any workarounds that were applied. For more information see <a href="https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-the-remote-code-execution-vulnerability-in-microsoft-visual-studio-2013-update-5-october-10-2023-kb5029365-eb9e61cd-c7d3-4235-b268-b099d5f748dc">KB5029365</a>.</p> 1.0 2023-09-12T07:00:00 <p>Information published.</p> 2.0 2023-09-20T07:00:00 <p>Revised the Security Updates table to include PowerShell 7.2 because this version of PowerShell 7 is affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/50">https://github.com/PowerShell/Announcements/issues/50</a> for more information.</p> 2.1 2023-09-26T07:00:00 <p>In the Security Update table, corrected Article links for Microsoft .NET Framework 3.5 AND 4.8.1 installed on Windows 11 Version 22H2 for x64-based Systems and Windows 11 Version 22H2 for ARM64-based Systems. This is an informational change only.</p> 3.0 2023-10-10T07:00:00 <p>In the Security Updates table, added Microsoft Visual Studio 2013 Update 5 and Visual Studio 2015 Update 3 as these versions of Visual Studio are also affected by the vulnerability. Microsoft recommends that customers running any of these products install the updates to be fully protected from the vulnerability.</p> 4.0 2023-10-24T07:00:00 <p>To comprehensively address this vulnerability, Microsoft has released security updates on October 24, 2023 for all affected versions of .NET and Microsoft Visual Studio. Microsoft recommends that customers install the updates to be fully protected from the vulnerability.</p> 5.0 2023-10-24T07:00:00 <p>In the Security Updates table, added .NET Framework 3.5 and 4.6.2 installed on Windows 10 for 32-bit systems and Windows 10 for x64-based systems; added .NET Framework 3.5 and 4.6.2/4.7./4.7.1/4.7.2 installed on all supported editions of Windows 10 version 1607 and Windows Server 2016 as these versions of .NET Framework are affected by this vulnerability. Microsoft recommends that customers install the September 2023 updates to be fully protected from this vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> 5.1 2023-11-02T07:00:00 <p>Corrected Download and Article links in the Security Updates table. This is an informational change only.</p> 5.2 2023-11-14T08:00:00 <p>Microsoft is rereleasing KB5029366 to address the following known issue: Customers who are using Microsoft Visual Studio 2015 Update 3 might receive a &quot;C2471&quot; error after attempting to compile a build that has precompiled headers (PCH) that use the /Gm and /ZI (Edit and Continue) switches. Microsoft recommends that customers install the update and remove any workarounds that were applied. For more information see <a href="https://support.microsoft.com/en-gb/topic/description-of-the-security-update-for-the-remote-code-execution-vulnerability-in-microsoft-visual-studio-2015-update-3-october-10-2023-kb5029366-7b4ac004-f805-4799-a06b-cebc20348a79">KB5029366</a>.</p> 5.3 2023-11-21T08:00:00 <p>In the Security Updates table: 1) Corrected the Build Number for Microsoft Visual Studio 2022 version 17.7 to 17.7.6. 2) Corrected the Download and Article links for Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016. These are informational changes only. Customers who have installed the latest versions do not need to take any further action.</p> Visual Studio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio.</p> .NET and Visual Studio Microsoft Yes CVE-2023-36794 Integer Underflow (Wrap or Wraparound) 11600 12051 11935 12129 11970 12009 12130 12187 12222 11650-10855 11650-10816 11650-10543 11650-10379 11650-10853 11650-10852 11650-10051 11676-11927 11676-11929 11676-11926 11676-11930 11676-12098 11676-12099 11676-11931 11677-11569 11677-11568 11677-11570 11677-11571 11677-11572 11676-12097 11676-11569 11650-10049 11723-10853 11723-10852 11650-10378 11723-10816 11723-10855 11650-10483 11863-10051 11863-10049 11863-10378 11863-10483 11863-10379 11863-10543 12079-11923 12079-11924 12079-11926 12079-11927 12079-11930 11676-11572 12079-11929 12079-12085 12079-11931 12079-12097 12079-12086 12079-12098 12079-12099 12115-9312 12115-10287 12115-9344 12115-9318 12128-10735 12128-10729 9195-9312 9292-9312 9292-9318 9195-9318 2472-10378 2472-10483 2472-10379 2472-10543 9495-10051 9495-10049 11676-11568 11676-11571 11676-11923 11676-11924 Remote Code Execution 11600 Remote Code Execution 12051 Remote Code Execution 11935 Remote Code Execution 12129 Remote Code Execution 11970 Remote Code Execution 12009 Remote Code Execution 12130 Remote Code Execution 12187 Remote Code Execution 12222 Remote Code Execution 11650-10855 Remote Code Execution 11650-10816 Remote Code Execution 11650-10543 Remote Code Execution 11650-10379 Remote Code Execution 11650-10853 Remote Code Execution 11650-10852 Remote Code Execution 11650-10051 Remote Code Execution 11676-11927 Remote Code Execution 11676-11929 Remote Code Execution 11676-11926 Remote Code Execution 11676-11930 Remote Code Execution 11676-12098 Remote Code Execution 11676-12099 Remote Code Execution 11676-11931 Remote Code Execution 11677-11569 Remote Code Execution 11677-11568 Remote Code Execution 11677-11570 Remote Code Execution 11677-11571 Remote Code Execution 11677-11572 Remote Code Execution 11676-12097 Remote Code Execution 11676-11569 Remote Code Execution 11650-10049 Remote Code Execution 11723-10853 Remote Code Execution 11723-10852 Remote Code Execution 11650-10378 Remote Code Execution 11723-10816 Remote Code Execution 11723-10855 Remote Code Execution 11650-10483 Remote Code Execution 11863-10051 Remote Code Execution 11863-10049 Remote Code Execution 11863-10378 Remote Code Execution 11863-10483 Remote Code Execution 11863-10379 Remote Code Execution 11863-10543 Remote Code Execution 12079-11923 Remote Code Execution 12079-11924 Remote Code Execution 12079-11926 Remote Code Execution 12079-11927 Remote Code Execution 12079-11930 Remote Code Execution 11676-11572 Remote Code Execution 12079-11929 Remote Code Execution 12079-12085 Remote Code Execution 12079-11931 Remote Code Execution 12079-12097 Remote Code Execution 12079-12086 Remote Code Execution 12079-12098 Remote Code Execution 12079-12099 Remote Code Execution 12115-9312 Remote Code Execution 12115-10287 Remote Code Execution 12115-9344 Remote Code Execution 12115-9318 Remote Code Execution 12128-10735 Remote Code Execution 12128-10729 Remote Code Execution 9195-9312 Remote Code Execution 9292-9312 Remote Code Execution 9292-9318 Remote Code Execution 9195-9318 Remote Code Execution 2472-10378 Remote Code Execution 2472-10483 Remote Code Execution 2472-10379 Remote Code Execution 2472-10543 Remote Code Execution 9495-10051 Remote Code Execution 9495-10049 Remote Code Execution 11676-11568 Remote Code Execution 11676-11571 Remote Code Execution 11676-11923 Remote Code Execution 11676-11924 Important 11600 Important 12051 Important 11935 Important 12129 Important 11970 Important 12009 Important 12130 Important 12187 Important 12222 Important 11650-10855 Important 11650-10816 Important 11650-10543 Important 11650-10379 Important 11650-10853 Important 11650-10852 Important 11650-10051 Important 11676-11927 Important 11676-11929 Important 11676-11926 Important 11676-11930 Important 11676-12098 Important 11676-12099 Important 11676-11931 Important 11677-11569 Important 11677-11568 Important 11677-11570 Important 11677-11571 Important 11677-11572 Important 11676-12097 Important 11676-11569 Important 11650-10049 Important 11723-10853 Important 11723-10852 Important 11650-10378 Important 11723-10816 Important 11723-10855 Important 11650-10483 Important 11863-10051 Important 11863-10049 Important 11863-10378 Important 11863-10483 Important 11863-10379 Important 11863-10543 Important 12079-11923 Important 12079-11924 Important 12079-11926 Important 12079-11927 Important 12079-11930 Important 11676-11572 Important 12079-11929 Important 12079-12085 Important 12079-11931 Important 12079-12097 Important 12079-12086 Important 12079-12098 Important 12079-12099 Important 12115-9312 Important 12115-10287 Important 12115-9344 Important 12115-9318 Important 12128-10735 Important 12128-10729 Important 9195-9312 Important 9292-9312 Important 9292-9318 Important 9195-9318 Important 2472-10378 Important 2472-10483 Important 2472-10379 Important 2472-10543 Important 9495-10051 Important 9495-10049 Important 11676-11568 Important 11676-11571 Important 11676-11923 Important 11676-11924 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11600 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11935 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12129 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11970 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12009 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12130 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12187 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12222 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12128-10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12128-10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9195-9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9292-9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9292-9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9195-9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9495-10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9495-10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11924 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.57 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.21 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.30 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.13 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://github.com/PowerShell/Announcements/issues/50 11970 Maybe Security Update 7.2.12 https://github.com/PowerShell/Announcements/issues/50 11970 Release Notes 5032874 https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.24 https://support.microsoft.com/help/5032874 12009 5032874 5032875 https://dotnet.microsoft.com/en-us/download/dotnet/7.0 12130 Maybe Security Update 7.0.13 https://support.microsoft.com/help/5032875 12130 5032875 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 12222 Maybe Security Update 17.6.9 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 12222 Release Notes 5029924 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029924 5028952 11650-10855 11650-10816 11650-10853 11650-10852 Maybe Security Update 4.8.04667.02 https://support.microsoft.com/help/5029924 11650-10855 11650-10816 11650-10853 11650-10852 5029924 5030184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029917 5029653 11650-10543 11650-10483 Maybe Monthly Rollup 4.8.04667.02 https://support.microsoft.com/help/5030184 11650-10543 11650-10483 5030184 5030183 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029927 5029652 11650-10379 11650-10378 Maybe Monthly Rollup 4.8.04667.02 https://support.microsoft.com/help/5030183 11650-10379 11650-10378 5030183 5030182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029929 5029651 11650-10051 11650-10049 Maybe Monthly Rollup 4.8.04667.02 https://support.microsoft.com/help/5030182 11650-10051 11650-10049 5030182 5030181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029926 5029650 11676-11927 11676-11926 Maybe Security Update 4.8.04667.02 https://support.microsoft.com/help/5030181 11676-11927 11676-11926 5030181 5030179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029923 5029648 11676-11929 11676-11930 11676-11931 Maybe Security Update 4.8.04667.02 https://support.microsoft.com/help/5030179 11676-11929 11676-11930 11676-11931 5030179 5030180 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029923 5029649 11676-12098 11676-12099 11676-12097 Maybe Security Update 4.8.04667.02 https://support.microsoft.com/help/5030180 11676-12098 11676-12099 11676-12097 5030180 5030178 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029931 5029647 11677-11569 11677-11568 11677-11570 11677-11571 11677-11572 Maybe Security Update 4.7.04063.05 https://support.microsoft.com/help/5030178 11677-11569 11677-11568 11677-11570 11677-11571 11677-11572 5030178 5030178 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029925 5029647 11676-11569 11676-11572 11676-11568 11676-11571 Maybe Security Update 4.8.04667.03 https://support.microsoft.com/help/5030178 11676-11569 11676-11572 11676-11568 11676-11571 5030178 5030213 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030213 5029242 11723-10853 11723-10852 11723-10816 11723-10855 Yes Security Update 10.0.14393.6252 https://support.microsoft.com/help/5030213 11723-10853 11723-10852 11723-10816 11723-10855 5030213 5030182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029933 5029651 11863-10051 11863-10049 Maybe Monthly Rollup 4.7.04063.01 https://support.microsoft.com/help/5030182 11863-10051 11863-10049 5030182 5030183 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029932 5029652 11863-10378 11863-10379 Maybe Monthly Rollup 4.7.04063.02 https://support.microsoft.com/help/5030183 11863-10378 11863-10379 5030183 5030184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029916 5029653 11863-10483 11863-10543 Maybe Monthly Rollup 4.7.04063.02 https://support.microsoft.com/help/5030184 11863-10483 11863-10543 5030184 5030186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029922 5029655 12079-11923 12079-11924 Maybe Security Update 4.8.09186.01 https://support.microsoft.com/help/5030186 12079-11923 12079-11924 5030186 5030181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029920 5029650 12079-11926 12079-11927 Maybe Security Update 4.8.09186.01 https://support.microsoft.com/help/5030181 12079-11926 12079-11927 5030181 5030179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029919 5029648 12079-11930 12079-11929 12079-11931 Maybe Security Update 4.8.09186.01 https://support.microsoft.com/help/5030179 12079-11930 12079-11929 12079-11931 5030179 5031217 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029921 5028948 12079-12085 12079-12086 Maybe Security Update 4.8.09186.0 https://support.microsoft.com/help/5031217 12079-12085 12079-12086 5031217 5030180 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029919 5029649 12079-12097 12079-12098 12079-12099 Maybe Security Update 4.8.09186.01 https://support.microsoft.com/help/5030180 12079-12097 12079-12098 12079-12099 5030180 5030185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029933 5029654 12115-9312 12115-10287 12115-9344 12115-9318 Maybe Monthly Rollup 4.7.04063.01 https://support.microsoft.com/help/5030185 12115-9312 12115-10287 12115-9344 12115-9318 5030185 5030220 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030220 5029259 12128-10735 12128-10729 Yes Security Update 10.0.10240.20162 https://support.microsoft.com/help/5030220 12128-10735 12128-10729 5030220 5030185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029937 5029654 9195-9312 9292-9312 9292-9318 9195-9318 Maybe Monthly Rollup 3.0.30729.8957 https://support.microsoft.com/help/5030185 9195-9312 9292-9312 9292-9318 9195-9318 5030185 5030183 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030160 5029652 2472-10378 2472-10379 Maybe Monthly Rollup 3.0.30729.8957 https://support.microsoft.com/help/5030183 2472-10378 2472-10379 5030183 5030184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029915 5029653 2472-10483 2472-10543 Maybe Monthly Rollup 3.0.30729.8957 https://support.microsoft.com/help/5030184 2472-10483 2472-10543 5030184 5030182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029938 5029651 9495-10051 9495-10049 Maybe Monthly Rollup 3.0.30729.8957 https://support.microsoft.com/help/5030182 9495-10051 9495-10049 5030182 5030186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029928 5029655 11676-11923 11676-11924 Maybe Security Update 4.8.04667.03 https://support.microsoft.com/help/5030186 11676-11923 11676-11924 5030186 goodbyeselene goodbyeselene 5.3 2023-12-12T08:00:00 <p>Microsoft is rereleasing KB5029365 to address the following known issue: Customers who are using Microsoft Visual Studio 2013 Update 5 might receive a &quot;C2471&quot; error after attempting to compile a build that has precompiled headers (PCH) that use the /Gm and /ZI (Edit and Continue) switches. Microsoft recommends that customers install the update and remove any workarounds that were applied. For more information see <a href="https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-the-remote-code-execution-vulnerability-in-microsoft-visual-studio-2013-update-5-october-10-2023-kb5029365-eb9e61cd-c7d3-4235-b268-b099d5f748dc">KB5029365</a>.</p> 1.0 2023-09-12T07:00:00 <p>Information published.</p> 2.0 2023-09-20T07:00:00 <p>Revised the Security Updates table to include PowerShell 7.2 because this version of PowerShell 7 is affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/50">https://github.com/PowerShell/Announcements/issues/50</a> for more information.</p> 2.1 2023-09-26T07:00:00 <p>In the Security Update table, corrected Article links for Microsoft .NET Framework 3.5 AND 4.8.1 installed on Windows 11 Version 22H2 for x64-based Systems and Windows 11 Version 22H2 for ARM64-based Systems. This is an informational change only.</p> 3.0 2023-10-10T07:00:00 <p>In the Security Updates table, added Microsoft Visual Studio 2013 Update 5 and Visual Studio 2015 Update 3 as these versions of Visual Studio are also affected by the vulnerability. Microsoft recommends that customers running any of these products install the updates to be fully protected from the vulnerability.</p> 4.0 2023-10-24T07:00:00 <p>To comprehensively address this vulnerability, Microsoft has released security updates on October 24, 2023 for all affected versions of .NET and Microsoft Visual Studio. Microsoft recommends that customers install the updates to be fully protected from the vulnerability.</p> 5.0 2023-10-24T07:00:00 <p>In the Security Updates table, added .NET Framework 3.5 and 4.6.2 installed on Windows 10 for 32-bit systems and Windows 10 for x64-based systems; added .NET Framework 3.5 and 4.6.2/4.7./4.7.1/4.7.2 installed on all supported editions of Windows 10 version 1607 and Windows Server 2016 as these versions of .NET Framework are affected by this vulnerability. Microsoft recommends that customers install the September 2023 updates to be fully protected from this vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> 5.1 2023-11-02T07:00:00 <p>Corrected Download and Article links in the Security Updates table. This is an informational change only.</p> 5.2 2023-11-14T08:00:00 <p>Microsoft is rereleasing KB5029366 to address the following known issue: Customers who are using Microsoft Visual Studio 2015 Update 3 might receive a &quot;C2471&quot; error after attempting to compile a build that has precompiled headers (PCH) that use the /Gm and /ZI (Edit and Continue) switches. Microsoft recommends that customers install the update and remove any workarounds that were applied. For more information see <a href="https://support.microsoft.com/en-gb/topic/description-of-the-security-update-for-the-remote-code-execution-vulnerability-in-microsoft-visual-studio-2015-update-3-october-10-2023-kb5029366-7b4ac004-f805-4799-a06b-cebc20348a79">KB5029366</a>.</p> Visual Studio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio.</p> .NET and Visual Studio Microsoft Yes CVE-2023-36793 Heap-based Buffer Overflow 11600 12051 11935 12129 12130 12009 11970 12187 12222 11650-10852 11676-11923 11650-10855 11650-10816 11650-10049 11650-10543 11650-10483 11676-11926 11676-11927 11676-11929 11676-11930 11676-12097 11676-11931 11676-12098 11676-12099 11676-11569 11676-11571 11723-10816 11650-10853 11677-11568 11677-11569 11723-10855 11677-11570 11723-10852 11723-10853 11677-11572 11677-11571 11676-11924 11863-10379 11863-10378 11863-10483 11863-10543 12079-11923 11650-10051 12079-11924 11863-10049 11863-10051 12079-11930 12079-11929 12079-11927 12079-11926 12079-11931 12079-12098 12079-12097 12079-12086 12079-12099 12115-10287 12115-9312 12115-9318 12128-10729 12115-9344 12079-12085 12128-10735 9292-9312 9292-9318 9195-9312 9195-9318 2472-10378 2472-10379 2472-10483 2472-10543 9495-10051 9495-10049 11676-11568 11676-11572 Remote Code Execution 11600 Remote Code Execution 12051 Remote Code Execution 11935 Remote Code Execution 12129 Remote Code Execution 12130 Remote Code Execution 12009 Remote Code Execution 11970 Remote Code Execution 12187 Remote Code Execution 12222 Remote Code Execution 11650-10852 Remote Code Execution 11676-11923 Remote Code Execution 11650-10855 Remote Code Execution 11650-10816 Remote Code Execution 11650-10049 Remote Code Execution 11650-10543 Remote Code Execution 11650-10483 Remote Code Execution 11676-11926 Remote Code Execution 11676-11927 Remote Code Execution 11676-11929 Remote Code Execution 11676-11930 Remote Code Execution 11676-12097 Remote Code Execution 11676-11931 Remote Code Execution 11676-12098 Remote Code Execution 11676-12099 Remote Code Execution 11676-11569 Remote Code Execution 11676-11571 Remote Code Execution 11723-10816 Remote Code Execution 11650-10853 Remote Code Execution 11677-11568 Remote Code Execution 11677-11569 Remote Code Execution 11723-10855 Remote Code Execution 11677-11570 Remote Code Execution 11723-10852 Remote Code Execution 11723-10853 Remote Code Execution 11677-11572 Remote Code Execution 11677-11571 Remote Code Execution 11676-11924 Remote Code Execution 11863-10379 Remote Code Execution 11863-10378 Remote Code Execution 11863-10483 Remote Code Execution 11863-10543 Remote Code Execution 12079-11923 Remote Code Execution 11650-10051 Remote Code Execution 12079-11924 Remote Code Execution 11863-10049 Remote Code Execution 11863-10051 Remote Code Execution 12079-11930 Remote Code Execution 12079-11929 Remote Code Execution 12079-11927 Remote Code Execution 12079-11926 Remote Code Execution 12079-11931 Remote Code Execution 12079-12098 Remote Code Execution 12079-12097 Remote Code Execution 12079-12086 Remote Code Execution 12079-12099 Remote Code Execution 12115-10287 Remote Code Execution 12115-9312 Remote Code Execution 12115-9318 Remote Code Execution 12128-10729 Remote Code Execution 12115-9344 Remote Code Execution 12079-12085 Remote Code Execution 12128-10735 Remote Code Execution 9292-9312 Remote Code Execution 9292-9318 Remote Code Execution 9195-9312 Remote Code Execution 9195-9318 Remote Code Execution 2472-10378 Remote Code Execution 2472-10379 Remote Code Execution 2472-10483 Remote Code Execution 2472-10543 Remote Code Execution 9495-10051 Remote Code Execution 9495-10049 Remote Code Execution 11676-11568 Remote Code Execution 11676-11572 Critical 11600 Critical 12051 Critical 11935 Critical 12129 Critical 12130 Critical 12009 Important 11970 Critical 12187 Critical 12222 Important 11650-10852 Important 11676-11923 Important 11650-10855 Important 11650-10816 Important 11650-10049 Important 11650-10543 Important 11650-10483 Important 11676-11926 Important 11676-11927 Important 11676-11929 Important 11676-11930 Important 11676-12097 Important 11676-11931 Important 11676-12098 Important 11676-12099 Important 11676-11569 Important 11676-11571 Critical 11723-10816 Important 11650-10853 Important 11677-11568 Important 11677-11569 Critical 11723-10855 Important 11677-11570 Critical 11723-10852 Critical 11723-10853 Important 11677-11572 Important 11677-11571 Important 11676-11924 Important 11863-10379 Important 11863-10378 Important 11863-10483 Important 11863-10543 Important 12079-11923 Important 11650-10051 Important 12079-11924 Important 11863-10049 Important 11863-10051 Important 12079-11930 Important 12079-11929 Important 12079-11927 Important 12079-11926 Important 12079-11931 Important 12079-12098 Important 12079-12097 Important 12079-12086 Important 12079-12099 Important 12115-10287 Important 12115-9312 Important 12115-9318 Critical 12128-10729 Important 12115-9344 Important 12079-12085 Critical 12128-10735 Important 9292-9312 Important 9292-9318 Important 9195-9312 Important 9195-9318 Important 2472-10378 Important 2472-10379 Important 2472-10483 Important 2472-10543 Important 9495-10051 Important 9495-10049 Important 11676-11568 Important 11676-11572 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11600 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11935 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12129 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12130 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12009 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11970 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12187 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12222 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12128-10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12128-10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9292-9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9292-9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9195-9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9195-9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9495-10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9495-10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11572 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.57 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.21 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.30 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.13 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes 5032875 https://dotnet.microsoft.com/en-us/download/dotnet/7.0 12130 Maybe Security Update 7.0.13 https://support.microsoft.com/help/5032875 12130 5032875 5032874 https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.24 https://support.microsoft.com/help/5032874 12009 5032874 Release Notes https://github.com/PowerShell/Announcements/issues/50 11970 Maybe Security Update 7.2.12 https://github.com/PowerShell/Announcements/issues/50 11970 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 12222 Maybe Security Update 17.6.9 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 12222 Release Notes 5029924 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029924 5028952 11650-10852 11650-10855 11650-10816 11650-10853 Maybe Security Update 4.8.04667.02 https://support.microsoft.com/help/5029924 11650-10852 11650-10855 11650-10816 11650-10853 5029924 5030186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029928 5029655 11676-11923 11676-11924 Maybe Security Update 4.8.04667.03 https://support.microsoft.com/help/5030186 11676-11923 11676-11924 5030186 5030182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029929 5029651 11650-10049 11650-10051 Maybe Monthly Rollup 4.8.04667.02 https://support.microsoft.com/help/5030182 11650-10049 11650-10051 5030182 5030184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029917 5029653 11650-10543 11650-10483 Maybe Monthly Rollup 4.8.04667.02 https://support.microsoft.com/help/5030184 11650-10543 11650-10483 5030184 5030181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029926 5029650 11676-11926 11676-11927 Maybe Security Update 4.8.04667.02 https://support.microsoft.com/help/5030181 11676-11926 11676-11927 5030181 5030179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029923 5029648 11676-11929 11676-11930 11676-11931 Maybe Security Update 4.8.04667.02 https://support.microsoft.com/help/5030179 11676-11929 11676-11930 11676-11931 5030179 5030180 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029923 5029649 11676-12097 11676-12098 11676-12099 Maybe Security Update 4.8.04667.02 https://support.microsoft.com/help/5030180 11676-12097 11676-12098 11676-12099 5030180 5030178 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029925 5029647 11676-11569 11676-11571 11676-11568 11676-11572 Maybe Security Update 4.8.04667.03 https://support.microsoft.com/help/5030178 11676-11569 11676-11571 11676-11568 11676-11572 5030178 5030213 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030213 5029242 11723-10816 11723-10855 11723-10852 11723-10853 Yes Security Update 10.0.14393.6252 https://support.microsoft.com/help/5030213 11723-10816 11723-10855 11723-10852 11723-10853 5030213 5030178 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029931 5029647 11677-11568 11677-11569 11677-11570 11677-11572 11677-11571 Maybe Security Update 4.7.04063.05 https://support.microsoft.com/help/5030178 11677-11568 11677-11569 11677-11570 11677-11572 11677-11571 5030178 5030183 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029932 5029652 11863-10379 11863-10378 Maybe Monthly Rollup 4.7.04063.02 https://support.microsoft.com/help/5030183 11863-10379 11863-10378 5030183 5030184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029916 5029653 11863-10483 11863-10543 Maybe Monthly Rollup 4.7.04063.02 https://support.microsoft.com/help/5030184 11863-10483 11863-10543 5030184 5030186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029922 5029655 12079-11923 12079-11924 Maybe Security Update 4.8.09186.01 https://support.microsoft.com/help/5030186 12079-11923 12079-11924 5030186 5030182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029933 5029651 11863-10049 11863-10051 Maybe Monthly Rollup 4.7.04063.01 https://support.microsoft.com/help/5030182 11863-10049 11863-10051 5030182 5030179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029919 5029648 12079-11930 12079-11929 12079-11931 Maybe Security Update 4.8.09186.01 https://support.microsoft.com/help/5030179 12079-11930 12079-11929 12079-11931 5030179 5030181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029920 5029650 12079-11927 12079-11926 Maybe Security Update 4.8.09186.01 https://support.microsoft.com/help/5030181 12079-11927 12079-11926 5030181 5030180 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029919 5029649 12079-12098 12079-12097 12079-12099 Maybe Security Update 4.8.09186.01 https://support.microsoft.com/help/5030180 12079-12098 12079-12097 12079-12099 5030180 5031217 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029921 5028948 12079-12086 12079-12085 Maybe Security Update 4.8.09186.0 https://support.microsoft.com/help/5031217 12079-12086 12079-12085 5031217 5030185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029933 5029654 12115-10287 12115-9312 12115-9318 12115-9344 Maybe Monthly Rollup 4.7.04063.01 https://support.microsoft.com/help/5030185 12115-10287 12115-9312 12115-9318 12115-9344 5030185 5030220 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030220 5029259 12128-10729 12128-10735 Yes Security Update 10.0.10240.20162 https://support.microsoft.com/help/5030220 12128-10729 12128-10735 5030220 5030185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029937 5029654 9292-9312 9292-9318 9195-9312 9195-9318 Maybe Monthly Rollup 3.0.30729.8957 https://support.microsoft.com/help/5030185 9292-9312 9292-9318 9195-9312 9195-9318 5030185 5030183 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030160 5029652 2472-10378 2472-10379 Maybe Monthly Rollup 3.0.30729.8957 https://support.microsoft.com/help/5030183 2472-10378 2472-10379 5030183 5030184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029915 5029653 2472-10483 2472-10543 Maybe Monthly Rollup 3.0.30729.8957 https://support.microsoft.com/help/5030184 2472-10483 2472-10543 5030184 5030182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029938 5029651 9495-10051 9495-10049 Maybe Monthly Rollup 3.0.30729.8957 https://support.microsoft.com/help/5030182 9495-10051 9495-10049 5030182 goodbyeselene goodbyeselene 5.3 2023-12-12T08:00:00 <p>Microsoft is rereleasing KB5029365 to address the following known issue: Customers who are using Microsoft Visual Studio 2013 Update 5 might receive a &quot;C2471&quot; error after attempting to compile a build that has precompiled headers (PCH) that use the /Gm and /ZI (Edit and Continue) switches. Microsoft recommends that customers install the update and remove any workarounds that were applied. For more information see <a href="https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-the-remote-code-execution-vulnerability-in-microsoft-visual-studio-2013-update-5-october-10-2023-kb5029365-eb9e61cd-c7d3-4235-b268-b099d5f748dc">KB5029365</a>.</p> 1.0 2023-09-12T07:00:00 <p>Information published.</p> 2.0 2023-09-20T07:00:00 <p>Revised the Security Updates table to include PowerShell 7.2 because this version of PowerShell 7 is affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/50">https://github.com/PowerShell/Announcements/issues/50</a> for more information.</p> 2.1 2023-09-26T07:00:00 <p>In the Security Update table, corrected Article links for Microsoft .NET Framework 3.5 AND 4.8.1 installed on Windows 11 Version 22H2 for x64-based Systems and Windows 11 Version 22H2 for ARM64-based Systems. This is an informational change only.</p> 3.0 2023-10-10T07:00:00 <p>In the Security Updates table, added Microsoft Visual Studio 2013 Update 5 and Visual Studio 2015 Update 3 as these versions of Visual Studio are also affected by the vulnerability. Microsoft recommends that customers running any of these products install the updates to be fully protected from the vulnerability.</p> 4.0 2023-10-24T07:00:00 <p>To comprehensively address this vulnerability, Microsoft has released security updates on October 24, 2023 for all affected versions of .NET and Microsoft Visual Studio. Microsoft recommends that customers install the updates to be fully protected from the vulnerability.</p> 5.0 2023-10-24T07:00:00 <p>In the Security Updates table, added .NET Framework 3.5 and 4.6.2 installed on Windows 10 for 32-bit systems and Windows 10 for x64-based systems; added .NET Framework 3.5 and 4.6.2/4.7./4.7.1/4.7.2 installed on all supported editions of Windows 10 version 1607 and Windows Server 2016 as these versions of .NET Framework are affected by this vulnerability. Microsoft recommends that customers install the September 2023 updates to be fully protected from this vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> 5.1 2023-11-02T07:00:00 <p>Corrected Download and Article links in the Security Updates table. This is an informational change only.</p> 5.2 2023-11-14T08:00:00 <p>Microsoft is rereleasing KB5029366 to address the following known issue: Customers who are using Microsoft Visual Studio 2015 Update 3 might receive a &quot;C2471&quot; error after attempting to compile a build that has precompiled headers (PCH) that use the /Gm and /ZI (Edit and Continue) switches. Microsoft recommends that customers install the update and remove any workarounds that were applied. For more information see <a href="https://support.microsoft.com/en-gb/topic/description-of-the-security-update-for-the-remote-code-execution-vulnerability-in-microsoft-visual-studio-2015-update-3-october-10-2023-kb5029366-7b4ac004-f805-4799-a06b-cebc20348a79">KB5029366</a>.</p> Visual Studio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio.</p> .NET and Visual Studio Microsoft Yes CVE-2023-36792 Integer Overflow or Wraparound 11600 12051 11935 12129 12009 12130 12187 11970 12222 11650-10379 11650-10543 11676-11568 11650-10483 11676-11571 11650-10051 11650-10816 11650-10853 11650-10049 11650-10855 11676-11924 11676-11930 11676-11926 11676-11927 11676-11929 11676-12099 11676-11931 11677-11570 11677-11568 11677-11569 11676-12097 11676-12098 11677-11572 11677-11571 11723-10853 11723-10855 11723-10816 11723-10852 11650-10852 11676-11923 11863-10049 11863-10379 11863-10051 11863-10483 11863-10378 11863-10543 12079-11923 12079-11924 11650-10378 12079-11926 12079-11929 12079-11927 12079-11931 12079-12085 11676-11569 12079-12086 12079-11930 12079-12097 12079-12098 12079-12099 12115-10287 12115-9312 12128-10729 12115-9344 12115-9318 12128-10735 11676-11572 9292-9312 9195-9318 9195-9312 9292-9318 2472-10378 2472-10379 2472-10483 2472-10543 9495-10049 9495-10051 Remote Code Execution 11600 Remote Code Execution 12051 Remote Code Execution 11935 Remote Code Execution 12129 Remote Code Execution 12009 Remote Code Execution 12130 Remote Code Execution 12187 Remote Code Execution 11970 Remote Code Execution 12222 Remote Code Execution 11650-10379 Remote Code Execution 11650-10543 Remote Code Execution 11676-11568 Remote Code Execution 11650-10483 Remote Code Execution 11676-11571 Remote Code Execution 11650-10051 Remote Code Execution 11650-10816 Remote Code Execution 11650-10853 Remote Code Execution 11650-10049 Remote Code Execution 11650-10855 Remote Code Execution 11676-11924 Remote Code Execution 11676-11930 Remote Code Execution 11676-11926 Remote Code Execution 11676-11927 Remote Code Execution 11676-11929 Remote Code Execution 11676-12099 Remote Code Execution 11676-11931 Remote Code Execution 11677-11570 Remote Code Execution 11677-11568 Remote Code Execution 11677-11569 Remote Code Execution 11676-12097 Remote Code Execution 11676-12098 Remote Code Execution 11677-11572 Remote Code Execution 11677-11571 Remote Code Execution 11723-10853 Remote Code Execution 11723-10855 Remote Code Execution 11723-10816 Remote Code Execution 11723-10852 Remote Code Execution 11650-10852 Remote Code Execution 11676-11923 Remote Code Execution 11863-10049 Remote Code Execution 11863-10379 Remote Code Execution 11863-10051 Remote Code Execution 11863-10483 Remote Code Execution 11863-10378 Remote Code Execution 11863-10543 Remote Code Execution 12079-11923 Remote Code Execution 12079-11924 Remote Code Execution 11650-10378 Remote Code Execution 12079-11926 Remote Code Execution 12079-11929 Remote Code Execution 12079-11927 Remote Code Execution 12079-11931 Remote Code Execution 12079-12085 Remote Code Execution 11676-11569 Remote Code Execution 12079-12086 Remote Code Execution 12079-11930 Remote Code Execution 12079-12097 Remote Code Execution 12079-12098 Remote Code Execution 12079-12099 Remote Code Execution 12115-10287 Remote Code Execution 12115-9312 Remote Code Execution 12128-10729 Remote Code Execution 12115-9344 Remote Code Execution 12115-9318 Remote Code Execution 12128-10735 Remote Code Execution 11676-11572 Remote Code Execution 9292-9312 Remote Code Execution 9195-9318 Remote Code Execution 9195-9312 Remote Code Execution 9292-9318 Remote Code Execution 2472-10378 Remote Code Execution 2472-10379 Remote Code Execution 2472-10483 Remote Code Execution 2472-10543 Remote Code Execution 9495-10049 Remote Code Execution 9495-10051 Critical 11600 Critical 12051 Critical 11935 Critical 12129 Important 12009 Important 12130 Critical 12187 Important 11970 Critical 12222 Important 11650-10379 Important 11650-10543 Important 11676-11568 Important 11650-10483 Important 11676-11571 Important 11650-10051 Important 11650-10816 Important 11650-10853 Important 11650-10049 Important 11650-10855 Important 11676-11924 Important 11676-11930 Important 11676-11926 Important 11676-11927 Important 11676-11929 Important 11676-12099 Important 11676-11931 Important 11677-11570 Important 11677-11568 Important 11677-11569 Important 11676-12097 Important 11676-12098 Important 11677-11572 Important 11677-11571 Critical 11723-10853 Critical 11723-10855 Critical 11723-10816 Critical 11723-10852 Important 11650-10852 Important 11676-11923 Important 11863-10049 Important 11863-10379 Important 11863-10051 Important 11863-10483 Important 11863-10378 Important 11863-10543 Important 12079-11923 Important 12079-11924 Important 11650-10378 Important 12079-11926 Important 12079-11929 Important 12079-11927 Important 12079-11931 Important 12079-12085 Important 11676-11569 Important 12079-12086 Important 12079-11930 Important 12079-12097 Important 12079-12098 Important 12079-12099 Important 12115-10287 Important 12115-9312 Critical 12128-10729 Important 12115-9344 Important 12115-9318 Critical 12128-10735 Important 11676-11572 Important 9292-9312 Important 9195-9318 Important 9195-9312 Important 9292-9318 Important 2472-10378 Important 2472-10379 Important 2472-10483 Important 2472-10543 Important 9495-10049 Important 9495-10051 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11600 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11935 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12129 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12009 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12130 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12187 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11970 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12222 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12128-10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12128-10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9292-9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9195-9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9195-9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9292-9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9495-10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9495-10051 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.57 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.21 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.30 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.13 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes 5032874 https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.24 https://support.microsoft.com/help/5032874 12009 5032874 5032875 https://dotnet.microsoft.com/en-us/download/dotnet/7.0 12130 Maybe Security Update 7.0.13 https://support.microsoft.com/help/5032875 12130 5032875 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 12222 Maybe Security Update 17.6.9 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 12222 Release Notes Release Notes https://github.com/PowerShell/Announcements/issues/50 11970 Maybe Security Update 7.2.12 https://github.com/PowerShell/Announcements/issues/50 11970 Release Notes 5030183 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029927 5029652 11650-10379 11650-10378 Maybe Monthly Rollup 4.8.04667.02 https://support.microsoft.com/help/5030183 11650-10379 11650-10378 5030183 5030184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029917 5029653 11650-10543 11650-10483 Maybe Monthly Rollup 4.8.04667.02 https://support.microsoft.com/help/5030184 11650-10543 11650-10483 5030184 5030178 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029925 5029647 11676-11568 11676-11571 11676-11569 11676-11572 Maybe Security Update 4.8.04667.03 https://support.microsoft.com/help/5030178 11676-11568 11676-11571 11676-11569 11676-11572 5030178 5030182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029929 5029651 11650-10051 11650-10049 Maybe Monthly Rollup 4.8.04667.02 https://support.microsoft.com/help/5030182 11650-10051 11650-10049 5030182 5029924 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029924 5028952 11650-10816 11650-10853 11650-10855 11650-10852 Maybe Security Update 4.8.04667.02 https://support.microsoft.com/help/5029924 11650-10816 11650-10853 11650-10855 11650-10852 5029924 5030186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029928 5029655 11676-11924 11676-11923 Maybe Security Update 4.8.04667.03 https://support.microsoft.com/help/5030186 11676-11924 11676-11923 5030186 5030179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029923 5029648 11676-11930 11676-11929 11676-11931 Maybe Security Update 4.8.04667.02 https://support.microsoft.com/help/5030179 11676-11930 11676-11929 11676-11931 5030179 5030181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029926 5029650 11676-11926 11676-11927 Maybe Security Update 4.8.04667.02 https://support.microsoft.com/help/5030181 11676-11926 11676-11927 5030181 5030180 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029923 5029649 11676-12099 11676-12097 11676-12098 Maybe Security Update 4.8.04667.02 https://support.microsoft.com/help/5030180 11676-12099 11676-12097 11676-12098 5030180 5030178 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029931 5029647 11677-11570 11677-11568 11677-11569 11677-11572 11677-11571 Maybe Security Update 4.7.04063.05 https://support.microsoft.com/help/5030178 11677-11570 11677-11568 11677-11569 11677-11572 11677-11571 5030178 5030213 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030213 5029242 11723-10853 11723-10855 11723-10816 11723-10852 Yes Security Update 10.0.14393.6252 https://support.microsoft.com/help/5030213 11723-10853 11723-10855 11723-10816 11723-10852 5030213 5030182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029933 5029651 11863-10049 11863-10051 Maybe Monthly Rollup 4.7.04063.01 https://support.microsoft.com/help/5030182 11863-10049 11863-10051 5030182 5030183 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029932 5029652 11863-10379 11863-10378 Maybe Monthly Rollup 4.7.04063.02 https://support.microsoft.com/help/5030183 11863-10379 11863-10378 5030183 5030184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029916 5029653 11863-10483 11863-10543 Maybe Monthly Rollup 4.7.04063.02 https://support.microsoft.com/help/5030184 11863-10483 11863-10543 5030184 5030186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029922 5029655 12079-11923 12079-11924 Maybe Security Update 4.8.09186.01 https://support.microsoft.com/help/5030186 12079-11923 12079-11924 5030186 5030181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029920 5029650 12079-11926 12079-11927 Maybe Security Update 4.8.09186.01 https://support.microsoft.com/help/5030181 12079-11926 12079-11927 5030181 5030179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029919 5029648 12079-11929 12079-11931 12079-11930 Maybe Security Update 4.8.09186.01 https://support.microsoft.com/help/5030179 12079-11929 12079-11931 12079-11930 5030179 5031217 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029921 5028948 12079-12085 12079-12086 Maybe Security Update 4.8.09186.0 https://support.microsoft.com/help/5031217 12079-12085 12079-12086 5031217 5030180 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029919 5029649 12079-12097 12079-12098 12079-12099 Maybe Security Update 4.8.09186.01 https://support.microsoft.com/help/5030180 12079-12097 12079-12098 12079-12099 5030180 5030185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029933 5029654 12115-10287 12115-9312 12115-9344 12115-9318 Maybe Monthly Rollup 4.7.04063.01 https://support.microsoft.com/help/5030185 12115-10287 12115-9312 12115-9344 12115-9318 5030185 5030220 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030220 5029259 12128-10729 12128-10735 Yes Security Update 10.0.10240.20162 https://support.microsoft.com/help/5030220 12128-10729 12128-10735 5030220 5030185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029937 5029654 9292-9312 9195-9318 9195-9312 9292-9318 Maybe Monthly Rollup 3.0.30729.8957 https://support.microsoft.com/help/5030185 9292-9312 9195-9318 9195-9312 9292-9318 5030185 5030183 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030160 5029652 2472-10378 2472-10379 Maybe Monthly Rollup 3.0.30729.8957 https://support.microsoft.com/help/5030183 2472-10378 2472-10379 5030183 5030184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029915 5029653 2472-10483 2472-10543 Maybe Monthly Rollup 3.0.30729.8957 https://support.microsoft.com/help/5030184 2472-10483 2472-10543 5030184 5030182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029938 5029651 9495-10049 9495-10051 Maybe Monthly Rollup 3.0.30729.8957 https://support.microsoft.com/help/5030182 9495-10049 9495-10051 5030182 goodbyeselene kap0k goodbyeselene 5.3 2023-12-12T08:00:00 <p>Microsoft is rereleasing KB5029365 to address the following known issue: Customers who are using Microsoft Visual Studio 2013 Update 5 might receive a &quot;C2471&quot; error after attempting to compile a build that has precompiled headers (PCH) that use the /Gm and /ZI (Edit and Continue) switches. Microsoft recommends that customers install the update and remove any workarounds that were applied. For more information see <a href="https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-the-remote-code-execution-vulnerability-in-microsoft-visual-studio-2013-update-5-october-10-2023-kb5029365-eb9e61cd-c7d3-4235-b268-b099d5f748dc">KB5029365</a>.</p> 1.0 2023-09-12T07:00:00 <p>Information published.</p> 2.0 2023-09-20T07:00:00 <p>Revised the Security Updates table to include PowerShell 7.2 because this version of PowerShell 7 is affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/50">https://github.com/PowerShell/Announcements/issues/50</a> for more information.</p> 2.1 2023-09-26T07:00:00 <p>In the Security Update table, corrected Article links for Microsoft .NET Framework 3.5 AND 4.8.1 installed on Windows 11 Version 22H2 for x64-based Systems and Windows 11 Version 22H2 for ARM64-based Systems. This is an informational change only.</p> 3.0 2023-10-10T07:00:00 <p>In the Security Updates table, added Microsoft Visual Studio 2013 Update 5 and Visual Studio 2015 Update 3 as these versions of Visual Studio are also affected by the vulnerability. Microsoft recommends that customers running any of these products install the updates to be fully protected from the vulnerability.</p> 4.0 2023-10-24T07:00:00 <p>To comprehensively address CVE-2023-36792, Microsoft has released security updates on October 24, 2023 for all affected versions of .NET and Microsoft Visual Studio. In addition, the following corrections have been made in the Security Updates table: 1) Added Visual Studio 2022 version 17.6 as it is also affected by this vulnerability. 2) Corrected the Impact to Critical for Visual Studio 2022 version 17.7.</p> 5.0 2023-10-24T07:00:00 <p>In the Security Updates table, added .NET Framework 3.5 and 4.6.2 installed on Windows 10 for 32-bit systems and Windows 10 for x64-based systems; added .NET Framework 3.5 and 4.6.2/4.7./4.7.1/4.7.2 installed on all supported editions of Windows 10 version 1607 and Windows Server 2016 as these versions of .NET Framework are affected by this vulnerability. Microsoft recommends that customers install the September 2023 updates to be fully protected from this vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> 5.1 2023-11-02T07:00:00 <p>Corrected Download and Article links in the Security Updates table. This is an informational change only.</p> 5.2 2023-11-14T08:00:00 <p>Microsoft is rereleasing KB5029366 to address the following known issue: Customers who are using Microsoft Visual Studio 2015 Update 3 might receive a &quot;C2471&quot; error after attempting to compile a build that has precompiled headers (PCH) that use the /Gm and /ZI (Edit and Continue) switches. Microsoft recommends that customers install the update and remove any workarounds that were applied. For more information see <a href="https://support.microsoft.com/en-gb/topic/description-of-the-security-update-for-the-remote-code-execution-vulnerability-in-microsoft-visual-studio-2015-update-3-october-10-2023-kb5029366-7b4ac004-f805-4799-a06b-cebc20348a79">KB5029366</a>.</p> .NET Framework Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of this vulnerability requires that a user trigger the payload in the application.</p> .NET Framework Microsoft Yes CVE-2023-36788 11676-11569 11676-11926 11676-11927 11676-11929 11676-11930 11676-11931 11676-12098 11676-12097 11676-12099 11676-11568 11677-11568 11676-11924 11677-11569 11677-11570 11676-11923 11677-11571 11676-11572 11677-11572 11676-11571 11723-10853 11723-10852 11723-10816 11723-10855 12079-11924 12079-11923 12079-11927 12079-11929 12079-11926 12079-12085 12079-12086 12079-12097 12079-12098 12079-11930 12079-11931 12079-12099 12128-10729 12128-10735 9292-9312 9292-9318 9195-9312 9195-9318 2472-10378 2472-10379 2472-10483 2472-10543 9495-10049 9495-10051 Remote Code Execution 11676-11569 Remote Code Execution 11676-11926 Remote Code Execution 11676-11927 Remote Code Execution 11676-11929 Remote Code Execution 11676-11930 Remote Code Execution 11676-11931 Remote Code Execution 11676-12098 Remote Code Execution 11676-12097 Remote Code Execution 11676-12099 Remote Code Execution 11676-11568 Remote Code Execution 11677-11568 Remote Code Execution 11676-11924 Remote Code Execution 11677-11569 Remote Code Execution 11677-11570 Remote Code Execution 11676-11923 Remote Code Execution 11677-11571 Remote Code Execution 11676-11572 Remote Code Execution 11677-11572 Remote Code Execution 11676-11571 Remote Code Execution 11723-10853 Remote Code Execution 11723-10852 Remote Code Execution 11723-10816 Remote Code Execution 11723-10855 Remote Code Execution 12079-11924 Remote Code Execution 12079-11923 Remote Code Execution 12079-11927 Remote Code Execution 12079-11929 Remote Code Execution 12079-11926 Remote Code Execution 12079-12085 Remote Code Execution 12079-12086 Remote Code Execution 12079-12097 Remote Code Execution 12079-12098 Remote Code Execution 12079-11930 Remote Code Execution 12079-11931 Remote Code Execution 12079-12099 Remote Code Execution 12128-10729 Remote Code Execution 12128-10735 Remote Code Execution 9292-9312 Remote Code Execution 9292-9318 Remote Code Execution 9195-9312 Remote Code Execution 9195-9318 Remote Code Execution 2472-10378 Remote Code Execution 2472-10379 Remote Code Execution 2472-10483 Remote Code Execution 2472-10543 Remote Code Execution 9495-10049 Remote Code Execution 9495-10051 Important 11676-11569 Important 11676-11926 Important 11676-11927 Important 11676-11929 Important 11676-11930 Important 11676-11931 Important 11676-12098 Important 11676-12097 Important 11676-12099 Important 11676-11568 Important 11677-11568 Important 11676-11924 Important 11677-11569 Important 11677-11570 Important 11676-11923 Important 11677-11571 Important 11676-11572 Important 11677-11572 Important 11676-11571 Important 11723-10853 Important 11723-10852 Important 11723-10816 Important 11723-10855 Important 12079-11924 Important 12079-11923 Important 12079-11927 Important 12079-11929 Important 12079-11926 Important 12079-12085 Important 12079-12086 Important 12079-12097 Important 12079-12098 Important 12079-11930 Important 12079-11931 Important 12079-12099 Important 12128-10729 Important 12128-10735 Important 9292-9312 Important 9292-9318 Important 9195-9312 Important 9195-9318 Important 2472-10378 Important 2472-10379 Important 2472-10483 Important 2472-10543 Important 9495-10049 Important 9495-10051 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12128-10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12128-10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9292-9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9292-9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9195-9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9195-9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9495-10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9495-10051 5030178 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029925 5029647 11676-11569 11676-11568 11676-11572 11676-11571 Maybe Security Update 4.8.04667.03 https://support.microsoft.com/help/5030178 11676-11569 11676-11568 11676-11572 11676-11571 5030178 5030181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029926 5029650 11676-11926 11676-11927 Maybe Security Update 4.8.04667.02 https://support.microsoft.com/help/5030181 11676-11926 11676-11927 5030181 5030179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029923 5029648 11676-11929 11676-11930 11676-11931 Maybe Security Update 4.8.04667.02 https://support.microsoft.com/help/5030179 11676-11929 11676-11930 11676-11931 5030179 5030180 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029923 5029649 11676-12098 11676-12097 11676-12099 Maybe Security Update 4.8.04667.02 https://support.microsoft.com/help/5030180 11676-12098 11676-12097 11676-12099 5030180 5030178 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029931 5029647 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 Maybe Security Update 4.7.04063.05 https://support.microsoft.com/help/5030178 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 5030178 5030186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029928 5029655 11676-11924 11676-11923 Maybe Security Update 4.8.04667.03 https://support.microsoft.com/help/5030186 11676-11924 11676-11923 5030186 5030213 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030213 5029242 11723-10853 11723-10852 11723-10816 11723-10855 Yes Security Update 10.0.14393.6252 https://support.microsoft.com/help/5030213 11723-10853 11723-10852 11723-10816 11723-10855 5030213 5030186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029922 5029655 12079-11924 12079-11923 Maybe Security Update 4.8.09186.01 https://support.microsoft.com/help/5030186 12079-11924 12079-11923 5030186 5030181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029920 5029650 12079-11927 12079-11926 Maybe Security Update 4.8.09186.01 https://support.microsoft.com/help/5030181 12079-11927 12079-11926 5030181 5030179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029919 5029648 12079-11929 12079-11930 12079-11931 Maybe Security Update 4.8.09186.01 https://support.microsoft.com/help/5030179 12079-11929 12079-11930 12079-11931 5030179 5031217 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029921 5028948 12079-12085 12079-12086 Maybe Security Update 4.8.09186.0 https://support.microsoft.com/help/5031217 12079-12085 12079-12086 5031217 5030180 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029919 5029649 12079-12097 12079-12098 12079-12099 Maybe Security Update 4.8.09186.01 https://support.microsoft.com/help/5030180 12079-12097 12079-12098 12079-12099 5030180 5030220 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030220 5029259 12128-10729 12128-10735 Yes Security Update 10.0.10240.20162 https://support.microsoft.com/help/5030220 12128-10729 12128-10735 5030220 5030185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029937 5029654 9292-9312 9292-9318 9195-9312 9195-9318 Maybe Monthly Rollup 3.0.30729.8957 https://support.microsoft.com/help/5030185 9292-9312 9292-9318 9195-9312 9195-9318 5030185 5030183 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030160 5029652 2472-10378 2472-10379 Maybe Monthly Rollup 3.0.30729.8957 https://support.microsoft.com/help/5030183 2472-10378 2472-10379 5030183 5030184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029915 5029653 2472-10483 2472-10543 Maybe Monthly Rollup 3.0.30729.8957 https://support.microsoft.com/help/5030184 2472-10483 2472-10543 5030184 5030182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029938 5029651 9495-10049 9495-10051 Maybe Monthly Rollup 3.0.30729.8957 https://support.microsoft.com/help/5030182 9495-10049 9495-10051 5030182 1.0 2023-09-12T07:00:00 <p>Information published.</p> 1.1 2023-09-26T07:00:00 <p>In the Security Update table, corrected Article links for Microsoft .NET Framework 3.5 AND 4.8.1 installed on Windows 11 Version 22H2 for x64-based Systems and Windows 11 Version 22H2 for ARM64-based Systems. This is an informational change only.</p> 2.0 2023-10-24T07:00:00 <p>In the Security Updates table, added .NET Framework 3.5 and 4.6.2 installed on Windows 10 for 32-bit systems and Windows 10 for x64-based systems; added .NET Framework 3.5 and 4.6.2/4.7./4.7.1/4.7.2 installed on all supported editions of Windows 10 version 1607 and Windows Server 2016 as these versions of .NET Framework are affected by this vulnerability. Microsoft recommends that customers install the September 2023 updates to be fully protected from this vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> 2.1 2023-11-02T07:00:00 <p>Corrected Download and Article links in the Security Updates table. This is an informational change only.</p> 3D Builder Remote Code Execution Vulnerability <p><strong>How do I get the update for a Windows App?</strong></p> <p>The Microsoft Store will automatically update affected customers.</p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a>. Be sure to select the tab for the operating system installed on your device to search for updates.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> 3D Builder Microsoft Yes CVE-2023-36773 Buffer Over-read 12141 Remote Code Execution 12141 Important 12141 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12141 Release Notes https://apps.microsoft.com/store/detail/3d-builder/9WZDNCRFJ3T6?hl=en-us&gl=us 12141 Maybe Security Update 20.0.4.0 https://apps.microsoft.com/store/detail/3d-builder/9WZDNCRFJ3T6?hl=en-us&gl=us 12141 Release Notes Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> 3D Builder Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>How do I get the update for a Windows App?</strong></p> <p>The Microsoft Store will automatically update affected customers.</p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a>. Be sure to select the tab for the operating system installed on your device to search for updates.</p> 3D Builder Microsoft Yes CVE-2023-36772 Heap-based Buffer Overflow 12141 Remote Code Execution 12141 Important 12141 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12141 Release Notes https://apps.microsoft.com/store/detail/3d-builder/9WZDNCRFJ3T6?hl=en-us&gl=us 12141 Maybe Security Update 20.0.4.0 https://apps.microsoft.com/store/detail/3d-builder/9WZDNCRFJ3T6?hl=en-us&gl=us 12141 Release Notes Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> 3D Builder Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>How do I get the update for a Windows App?</strong></p> <p>The Microsoft Store will automatically update affected customers.</p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a>. Be sure to select the tab for the operating system installed on your device to search for updates.</p> 3D Builder Microsoft Yes CVE-2023-36771 Heap-based Buffer Overflow 12141 Remote Code Execution 12141 Important 12141 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12141 Release Notes https://apps.microsoft.com/store/detail/3d-builder/9WZDNCRFJ3T6?hl=en-us&gl=us 12141 Maybe Security Update 20.0.4.0 https://apps.microsoft.com/store/detail/3d-builder/9WZDNCRFJ3T6?hl=en-us&gl=us 12141 Release Notes Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> 3D Builder Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>How do I get the update for a Windows App?</strong></p> <p>The Microsoft Store will automatically update affected customers.</p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a>. Be sure to select the tab for the operating system installed on your device to search for updates.</p> 3D Builder Microsoft Yes CVE-2023-36770 Heap-based Buffer Overflow 12141 Remote Code Execution 12141 Important 12141 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12141 Release Notes https://apps.microsoft.com/store/detail/3d-builder/9WZDNCRFJ3T6?hl=en-us&gl=us 12141 Maybe Security Update 20.0.4.0 https://apps.microsoft.com/store/detail/3d-builder/9WZDNCRFJ3T6?hl=en-us&gl=us 12141 Release Notes Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The attacker must be authenticated to the target site as at least a Site Member.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the targeted environment.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by creating an ASP.NET page with specially-crafted declarative markup.</p> Microsoft Office SharePoint Microsoft Yes CVE-2023-36764 External Control of File Name or Path 10950 11585 11961 Elevation of Privilege 10950 Elevation of Privilege 11585 Elevation of Privilege 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 5002494 https://www.microsoft.com/download/details.aspx?familyid=1953b588-edb2-48ad-95b4-8f3b5cb652f8 5002453 10950 Maybe Security Update 16.0.5413.1001 https://support.microsoft.com/help/5002494 10950 5002494 5002494 https://support.microsoft.com/help/5002494 10950 5002472 https://www.microsoft.com/download/details.aspx?familyid=95e10add-2f1e-45f2-94b8-162355b31448 5002436 11585 Maybe Security Update 16.0.10402.20016 https://support.microsoft.com/help/5002472 11585 5002472 5002472 https://support.microsoft.com/help/5002472 11585 5002474 https://www.microsoft.com/download/details.aspx?familyid=05d81a9d-b375-429a-baa1-55ef07a31ab8 5002437 11961 Maybe Security Update 16.0.16731.20180 https://support.microsoft.com/help/5002474 11961 5002474 5002474 https://support.microsoft.com/help/5002474 11961 <a href="https://twitter.com/mwulftange">Markus Wulftange</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> Microsoft Outlook Information Disclosure Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of credentials.</p> Microsoft Office Outlook Microsoft Yes CVE-2023-36763 Exposure of Sensitive Information to an Unauthorized Actor 11573 11574 11762 11763 11952 11953 10765 10766 Information Disclosure 11573 Information Disclosure 11574 Information Disclosure 11762 Information Disclosure 11763 Information Disclosure 11952 Information Disclosure 11953 Information Disclosure 10765 Information Disclosure 10766 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 10765 Important 10766 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11573 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11574 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11762 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11763 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11952 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11953 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10765 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10766 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run 5002499 https://www.microsoft.com/download/details.aspx?familyid=1dc2adcb-3b7c-4481-b931-23c475ff65b5 5002459 10765 Maybe Security Update 16.0.5413.1000 https://support.microsoft.com/help/5002499 10765 5002499 5002499 https://www.microsoft.com/download/details.aspx?familyid=5bdafb99-21be-4104-ad7f-a88a5e839a55 5002459 10766 Maybe Security Update 16.0.5413.1000 https://support.microsoft.com/help/5002499 10766 5002499 Carl Pearson 1.0 2023-09-12T07:00:00 <p>Information published.</p> Microsoft Word Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability?</strong></p> <p>The performance can be interrupted and/or reduced, but the attacker cannot fully deny service.</p> <p><strong>Is the Attachment Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes. The attachment Preview Pane that is accessed when a user clicks to preview an attached file is an attack vector; however, the email Preview Pane itself is not.</p> Microsoft Office Word Microsoft Yes CVE-2023-36762 Improper Input Validation 10950 11573 11574 11575 11762 11763 11951 11952 11953 10746 10747 Remote Code Execution 10950 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11575 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 10746 Remote Code Execution 10747 Important 10950 Important 11573 Important 11574 Important 11575 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 10746 Important 10747 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10950 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11573 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11574 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11575 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11762 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11763 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11951 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11952 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11953 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10746 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 10747 5002494 https://www.microsoft.com/download/details.aspx?familyid=1953b588-edb2-48ad-95b4-8f3b5cb652f8 5002453 10950 Maybe Security Update 16.0.5413.1001 https://support.microsoft.com/help/5002494 10950 5002494 5002494 https://support.microsoft.com/help/5002494 10950 5002501 https://www.microsoft.com/download/details.aspx?familyid=f029c5cd-c84e-4ac5-985f-b70af7a0692d 5002398 10950 Maybe Security Update 16.0.5413.1000 https://support.microsoft.com/help/5002501 10950 5002501 5002501 https://support.microsoft.com/help/5002501 10950 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Maybe Security Update 16.77.23091003 https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Release Notes 5002497 https://www.microsoft.com/download/details.aspx?familyid=1959e218-784c-4240-90d2-3e24d77af4ca 5002464 10746 Maybe Security Update 16.0.5413.1000 https://support.microsoft.com/help/5002497 10746 5002497 5002497 https://www.microsoft.com/download/details.aspx?familyid=c7f26747-5c6d-4aca-9033-7222c2271af9 5002464 10747 Maybe Security Update 16.0.5413.1000 https://support.microsoft.com/help/5002497 10747 5002497 Dhanesh Kizhakkinan with Mandiant 1.0 2023-09-12T07:00:00 <p>Information published.</p> Microsoft Word Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of NTLM hashes.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user needs to be tricked into running malicious files.</p> Microsoft Office Word Microsoft Yes CVE-2023-36761 Improper Input Validation 11573 11574 11762 11763 11952 11953 10746 10747 10606 10604 10605 Information Disclosure 11573 Information Disclosure 11574 Information Disclosure 11762 Information Disclosure 11763 Information Disclosure 11952 Information Disclosure 11953 Information Disclosure 10746 Information Disclosure 10747 Information Disclosure 10606 Information Disclosure 10604 Information Disclosure 10605 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 10746 Important 10747 Important 10606 Important 10604 Important 10605 Publicly Disclosed:Yes;Exploited:Yes;Latest Software Release:Exploitation Detected 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11573 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11574 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11762 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11763 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11952 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11953 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10746 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10747 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10606 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10604 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10605 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run 5002497 https://www.microsoft.com/download/details.aspx?familyid=1959e218-784c-4240-90d2-3e24d77af4ca 5002464 10746 Maybe Security Update 16.0.5413.1000 https://support.microsoft.com/help/5002497 10746 5002497 5002497 https://www.microsoft.com/download/details.aspx?familyid=c7f26747-5c6d-4aca-9033-7222c2271af9 5002464 10747 Maybe Security Update 16.0.5413.1000 https://support.microsoft.com/help/5002497 10747 5002497 5002483 5002445 10606 Maybe Security Update 15.0.5589.1001 https://support.microsoft.com/help/5002483 10606 5002483 5002483 https://www.microsoft.com/download/details.aspx?familyid=2ce878a9-ce0b-4429-a46e-b02af454a943 5002445 10604 Maybe Security Update 15.0.5589.1001 https://support.microsoft.com/help/5002483 10604 5002483 5002483 https://www.microsoft.com/download/details.aspx?familyid=d9154155-f29f-41d8-b0fd-93c7c7ee2e89 5002445 10605 Maybe Security Update 15.0.5589.1001 https://support.microsoft.com/help/5002483 10605 5002483 Microsoft Threat Intelligence 1.0 2023-09-12T07:00:00 <p>Information published.</p> 1.1 2023-10-17T07:00:00 <p>Updated one or more CVSS scores for the affected products and added an FAQ explaining the vector string settings. This is an informational change only.</p> 3D Viewer Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the targeted environment.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.</p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>App package versions <strong>7.2307.27042.0</strong> and later contain this update.</p> <p>You can check the package version in PowerShell:</p> <p><code>Get-AppxPackage -Name Microsoft.Microsoft3DViewer</code></p> <p><strong>What component is affected by this vulnerability?</strong></p> <p>This vulnerability affects 3MF component used within the 3D Viewer product.</p> 3D Viewer Microsoft Yes CVE-2023-36760 Use After Free 11760 Remote Code Execution 11760 Important 11760 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11760 Release Notes https://www.microsoft.com/en-us/p/3d-viewer/9nblggh42ths?activetab=pivot:overviewtab 11760 Maybe Security Update 7.2306.12012.0 https://www.microsoft.com/en-us/p/3d-viewer/9nblggh42ths?activetab=pivot:overviewtab 11760 Release Notes HAO LI of VenusTech ADLab 1.0 2023-09-12T07:00:00 <p>Information published.</p> Microsoft Exchange Server Information Disclosure Vulnerability <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker could exploit this vulnerability with LAN access.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?</strong></p> <p>Yes, the attacker must be authenticated with LAN-access and have credentials for a valid Exchange user.</p> <p><strong>What updates do I need to install to be protected from this vulnerability?</strong></p> <p>Customers need to install the August 2023 Exchange security updates which are listed in the Security Updates table. Customers who have already August 2023 security updates are already protected from this vulnerability.</p> <p><strong>Is there more information available?</strong></p> <p>Yes, please see <a href="https://techcommunity.microsoft.com/t5/exchange-team-blog/september-2023-release-of-new-exchange-server-cves-resolved-by/ba-p/3924063">September 2023 release of new Exchange Server CVEs</a> for more information.</p> Microsoft Exchange Server Microsoft Yes CVE-2023-36777 Deserialization of Untrusted Data 12038 12039 12191 Information Disclosure 12038 Information Disclosure 12039 Information Disclosure 12191 Important 12038 Important 12039 Important 12191 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12038 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12039 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12191 5030524 https://www.microsoft.com/download/details.aspx?familyid=5ffd5bed-1305-4505-b21a-caf4913d03da 5026261 12038 Yes Security Update 15.02.1118.037 https://support.microsoft.com/help/5030524 12038 5030524 5030524 https://www.microsoft.com/download/details.aspx?familyid=026d6264-dc26-4482-aad7-c7f8e250e872 5025903 12039 Yes Security Update 15.01.2507.032 https://support.microsoft.com/help/5030524 12039 5030524 5030524 https://www.microsoft.com/download/details.aspx?familyid=593a50a5-595a-43b4-a258-2c97a910b87f 5026261 12191 Yes Security Update 15.02.1258.025 https://support.microsoft.com/help/5030524 12191 5030524 Piotr Bazydlo (@chudypb) of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-09-12T07:00:00 <p>Information published. This CVE was addressed by updates that were released in August 2023, but the CVE was inadvertently omitted from the August 2023 Security Updates. Microsoft strongly recommends that customers running affected versions of Microsoft Exchange Server install the August 2023 updates to be protected from this vulnerability.</p> 3D Viewer Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the targeted environment.</p> <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.</p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>App package versions <strong>7.2307.27042.0</strong> and later contain this update.</p> <p>You can check the package version in PowerShell:</p> <p><code>Get-AppxPackage -Name Microsoft.Microsoft3DViewer</code></p> <p><strong>What component is affected by this vulnerability?</strong></p> <p>This vulnerability affects FBX component used within the 3D Viewer product.</p> 3D Viewer Microsoft Yes CVE-2023-36740 Heap-based Buffer Overflow 11760 Remote Code Execution 11760 Important 11760 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11760 Release Notes https://www.microsoft.com/en-us/p/3d-viewer/9nblggh42ths?activetab=pivot:overviewtab 11760 Maybe Security Update 7.2306.12012.0 https://www.microsoft.com/en-us/p/3d-viewer/9nblggh42ths?activetab=pivot:overviewtab 11760 Release Notes HAO LI of VenusTech ADLab 1.0 2023-09-12T07:00:00 <p>Information published.</p> 3D Viewer Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the targeted environment.</p> <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.</p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>App package versions <strong>7.2307.27042.0</strong> and later contain this update.</p> <p>You can check the package version in PowerShell:</p> <p><code>Get-AppxPackage -Name Microsoft.Microsoft3DViewer</code></p> <p><strong>What component is affected by this vulnerability?</strong></p> <p>This vulnerability affects FBX component used within the 3D Viewer product.</p> 3D Viewer Microsoft Yes CVE-2023-36739 Heap-based Buffer Overflow 11760 Remote Code Execution 11760 Important 11760 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11760 Release Notes https://www.microsoft.com/en-us/p/3d-viewer/9nblggh42ths?activetab=pivot:overviewtab 11760 Maybe Security Update 7.2306.12012.0 https://www.microsoft.com/en-us/p/3d-viewer/9nblggh42ths?activetab=pivot:overviewtab 11760 Release Notes HAO LI of VenusTech ADLab 1.0 2023-09-12T07:00:00 <p>Information published.</p> AutoDesk: CVE-2022-41303 use-after-free vulnerability in Autodesk® FBX® SDK 2020 or prior <p><strong>Why is this AutoDesk CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in AutoDesk software which is consumed by the Microsoft products listed in the Security Updates table. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.</p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>App package versions <strong>7.2307.27042.0</strong> and later contain this update.</p> <p>You can check the package version in PowerShell:</p> <p><code>Get-AppxPackage -Name Microsoft.Microsoft3DViewer</code></p> 3D Viewer Autodesk Yes CVE-2022-41303 11760 Remote Code Execution 11760 Important 11760 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Release Notes https://www.microsoft.com/en-us/p/3d-viewer/9nblggh42ths?activetab=pivot:overviewtab 11760 Maybe Security Update 7.2306.12012.0 https://www.microsoft.com/en-us/p/3d-viewer/9nblggh42ths?activetab=pivot:overviewtab 11760 Release Notes keqi hu 1.0 2023-09-12T07:00:00 <p>Information published.</p> Windows Defender Attack Surface Reduction Security Feature Bypass <p><strong>How can I check if I'm protected from this vulnerability?</strong></p> <p>This vulnerability existed in the Defender Security Intelligence Updates and not the Malware protection engine. The version of the signatures that addressed the vulnerability is 1.391.1332.0 and was updated automatically. Check the current version in <strong>Windows Update history Definition Updates</strong> to see the most recently installed definitions.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass the Windows Defender Attack Surface Reduction blocking feature.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L) and user interaction is required (UI:R), what does that mean for this vulnerability?</strong></p> <p>The attack itself is carried out locally. For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to click on a local file path link or download and run a malicious application or file.</p> Windows Defender Microsoft Yes CVE-2023-38163 12162 Security Feature Bypass 12162 Important 12162 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12162 Release Notes 12162 No Security Update 1.391.1332.0 https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-worldwide#security-intelligence-updates 12162 Release Notes Johannes Diebold <https://www.linkedin.com/in/johannes-d-972898164/> Benjamin Schiele with <a href="https://hartmann.info/">Paul Hartmann AG</a> 1.0 2023-09-12T07:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-2906 https://nvd.nist.gov/vuln/detail/CVE-2023-2906 Mariner cve@takeonme.org Yes CVE-2023-2906 12139 12140 12139 12140 12139 12140 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12139 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12140 wireshark 12139 wireshark-4.0.8-1.cm2.x86_64.rpm 0001-01-01T00:00:00 wireshark-cli-4.0.8-1.cm2.x86_64.rpm 0001-01-01T00:00:00 wireshark-devel-4.0.8-1.cm2.x86_64.rpm 0001-01-01T00:00:00 wireshark-debuginfo-4.0.8-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.0.8-1 https://nvd.nist.gov/vuln/detail/CVE-2023-2906 12139 wireshark wireshark 12140 wireshark-4.0.8-1.cm2.aarch64.rpm 0001-01-01T00:00:00 wireshark-cli-4.0.8-1.cm2.aarch64.rpm 0001-01-01T00:00:00 wireshark-devel-4.0.8-1.cm2.aarch64.rpm 0001-01-01T00:00:00 wireshark-debuginfo-4.0.8-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.0.8-1 https://nvd.nist.gov/vuln/detail/CVE-2023-2906 12140 wireshark 1.0 2023-09-01T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-26916 https://nvd.nist.gov/vuln/detail/CVE-2023-26916 Mariner cve@mitre.org Yes CVE-2023-26916 12139 12140 12139 12140 12139 12140 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 12139 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 12140 libyang 12139 libyang-2.1.55-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libyang-devel-2.1.55-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libyang-devel-doc-2.1.55-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libyang-tools-2.1.55-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libyang-debuginfo-2.1.55-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.1.55-1 https://nvd.nist.gov/vuln/detail/CVE-2023-26916 12139 libyang libyang 12140 libyang-2.1.55-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libyang-devel-2.1.55-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libyang-devel-doc-2.1.55-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libyang-tools-2.1.55-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libyang-debuginfo-2.1.55-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.1.55-1 https://nvd.nist.gov/vuln/detail/CVE-2023-26916 12140 libyang 1.0 2023-04-09T00:00:00 <p>Information published.</p> 1.1 2023-09-27T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-30630 https://nvd.nist.gov/vuln/detail/CVE-2023-30630 Mariner cve@mitre.org Yes CVE-2023-30630 12139 12140 12139 12140 12139 12140 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12139 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12140 dmidecode 12139 dmidecode-3.5-1.cm2.x86_64.rpm 0001-01-01T00:00:00 dmidecode-debuginfo-3.5-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.5-1 https://nvd.nist.gov/vuln/detail/CVE-2023-30630 12139 dmidecode dmidecode 12140 dmidecode-3.5-1.cm2.aarch64.rpm 0001-01-01T00:00:00 dmidecode-debuginfo-3.5-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.5-1 https://nvd.nist.gov/vuln/detail/CVE-2023-30630 12140 dmidecode 1.0 2023-04-18T00:00:00 <p>Information published.</p> 1.1 2023-09-29T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2020-22218 https://nvd.nist.gov/vuln/detail/CVE-2020-22218 Mariner cve@mitre.org Yes CVE-2020-22218 12139 12140 12139 12140 12139 12140 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 libssh2 12139 libssh2-1.9.0-3.cm2.x86_64.rpm 0001-01-01T00:00:00 libssh2-devel-1.9.0-3.cm2.x86_64.rpm 0001-01-01T00:00:00 libssh2-debuginfo-1.9.0-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.9.0-3 https://nvd.nist.gov/vuln/detail/CVE-2020-22218 12139 libssh2 libssh2 12140 libssh2-1.9.0-3.cm2.aarch64.rpm 0001-01-01T00:00:00 libssh2-devel-1.9.0-3.cm2.aarch64.rpm 0001-01-01T00:00:00 libssh2-debuginfo-1.9.0-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.9.0-3 https://nvd.nist.gov/vuln/detail/CVE-2020-22218 12140 libssh2 1.0 2023-09-04T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-4569 https://nvd.nist.gov/vuln/detail/CVE-2023-4569 Mariner secalert@redhat.com Yes CVE-2023-4569 12139 12140 12139 12140 12139 12140 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12139 kernel-5.15.131.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.131.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.131.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.131.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.131.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.131.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.131.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.131.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.131.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.131.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.131.1-2 https://nvd.nist.gov/vuln/detail/CVE-2023-4569 12139 kernel kernel 12140 kernel-5.15.131.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.131.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.131.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.131.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.131.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.131.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.131.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.131.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.131.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.131.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.131.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.131.1-2 https://nvd.nist.gov/vuln/detail/CVE-2023-4569 12140 kernel 1.0 2023-09-02T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-4273 https://nvd.nist.gov/vuln/detail/CVE-2023-4273 https://nvd.nist.gov/vuln/detail/CVE-2023-4273 https://nvd.nist.gov/vuln/detail/CVE-2023-4273 Mariner secalert@redhat.com Yes CVE-2023-4273 12139 12140 12139 12140 12139 12140 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 12139 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 12140 hyperv-daemons 12139 hyperv-daemons-5.15.131.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.131.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.131.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.131.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.131.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.131.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.131.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.131.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-4273 12139 hyperv-daemons kernel 12139 kernel-5.15.131.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.131.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.131.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.131.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.131.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.131.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.131.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.131.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.131.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.131.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.131.1-2 https://nvd.nist.gov/vuln/detail/CVE-2023-4273 12139 kernel hyperv-daemons 12140 hyperv-daemons-5.15.131.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.131.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.131.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.131.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.131.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.131.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.131.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.131.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-4273 12140 hyperv-daemons kernel 12140 kernel-5.15.131.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.131.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.131.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.131.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.131.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.131.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.131.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.131.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.131.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.131.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.131.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.131.1-2 https://nvd.nist.gov/vuln/detail/CVE-2023-4273 12140 kernel 1.0 2023-08-19T00:00:00 <p>Information published.</p> 1.1 2023-09-05T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0</p> https://nvd.nist.gov/vuln/detail/CVE-2023-41359 https://nvd.nist.gov/vuln/detail/CVE-2023-41359 Mariner cve@mitre.org Yes CVE-2023-41359 12139 12140 12139 12140 12139 12140 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 12139 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 12140 frr 12139 frr-8.5.3-2.cm2.x86_64.rpm 0001-01-01T00:00:00 frr-debuginfo-8.5.3-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.5.3-2 https://nvd.nist.gov/vuln/detail/CVE-2023-41359 12139 frr frr 12140 frr-8.5.3-2.cm2.aarch64.rpm 0001-01-01T00:00:00 frr-debuginfo-8.5.3-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.5.3-2 https://nvd.nist.gov/vuln/detail/CVE-2023-41359 12140 frr 1.0 2023-09-05T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-38802 https://nvd.nist.gov/vuln/detail/CVE-2023-38802 Mariner cve@mitre.org Yes CVE-2023-38802 12139 12140 12139 12140 12139 12140 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 frr 12139 frr-8.5.3-2.cm2.x86_64.rpm 0001-01-01T00:00:00 frr-debuginfo-8.5.3-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.5.3-2 https://nvd.nist.gov/vuln/detail/CVE-2023-38802 12139 frr frr 12140 frr-8.5.3-2.cm2.aarch64.rpm 0001-01-01T00:00:00 frr-debuginfo-8.5.3-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.5.3-2 https://nvd.nist.gov/vuln/detail/CVE-2023-38802 12140 frr 1.0 2023-09-05T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-41358 https://nvd.nist.gov/vuln/detail/CVE-2023-41358 Mariner cve@mitre.org Yes CVE-2023-41358 12139 12140 12139 12140 12139 12140 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 frr 12139 frr-8.5.3-2.cm2.x86_64.rpm 0001-01-01T00:00:00 frr-debuginfo-8.5.3-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.5.3-2 https://nvd.nist.gov/vuln/detail/CVE-2023-41358 12139 frr frr 12140 frr-8.5.3-2.cm2.aarch64.rpm 0001-01-01T00:00:00 frr-debuginfo-8.5.3-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.5.3-2 https://nvd.nist.gov/vuln/detail/CVE-2023-41358 12140 frr 1.0 2023-09-05T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-41360 https://nvd.nist.gov/vuln/detail/CVE-2023-41360 Mariner cve@mitre.org Yes CVE-2023-41360 12139 12140 12139 12140 12139 12140 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 12139 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 12140 frr 12139 frr-8.5.3-2.cm2.x86_64.rpm 0001-01-01T00:00:00 frr-debuginfo-8.5.3-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.5.3-2 https://nvd.nist.gov/vuln/detail/CVE-2023-41360 12139 frr frr 12140 frr-8.5.3-2.cm2.aarch64.rpm 0001-01-01T00:00:00 frr-debuginfo-8.5.3-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.5.3-2 https://nvd.nist.gov/vuln/detail/CVE-2023-41360 12140 frr 1.0 2023-09-05T00:00:00 <p>Information published.</p> Chromium: CVE-2023-4863 Heap buffer overflow in WebP <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p>Google is aware that an exploit for CVE-2023-4863 exists in the wild.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>How can I find out what version of Teams I am running?</strong></p> <ol> <li>Click on the User Avatar at the top right of the Teams Windows.</li> <li>Click on <strong>About</strong>, then <strong>Version</strong>.</li> <li>The version will be displayed in the banner below the Search bar.</li> </ol> <p><strong>Where do I get the latest version of Teams?</strong></p> <p>The latest version of Microsoft Teams can be downloaded at <a href="https://teams.microsoft.com/download">https://teams.microsoft.com/download</a>.</p> <p><strong>How can I find out what version of Skype I am running?</strong></p> <ol> <li>Select the three dots (...) to the right of your avatar.</li> <li>Select <strong>Settings</strong>.</li> <li>Select <strong>Help &amp; Feedback</strong>.</li> <li>The version will be displayed below the Skype logo.</li> </ol> <p><strong>How do I get the updated Webp app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://apps.microsoft.com/store/detail/webp-image-extensions/9PG2DK419DRG?hl=en-us&amp;gl=us">here</a> for details. See <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">Get updates for apps and games in Microsoft Store</a> for more information about how to get app updates.</p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.</p> <p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>App package versions 1.0.62681.0 and later contain this update.</p> <p>You can check the package version in PowerShell: <code>Get-AppxPackage -Name Microsoft.WebpImageExtension</code></p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>117.0.2045.31</td> <td>117.0.5938.62/.63</td> <td>9/15/2023</td> </tr> <tr> <td>Extended Stable</td> <td>116.0.1938.98</td> <td>116.0.5845.229</td> <td>9/27/2023</td> </tr> <tr> <td>Version 109</td> <td>109.0.1518.140</td> <td>109.0.5414.165</td> <td>9/15/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-4863 11655 11806 12182 12216 11655 11806 12182 12216 11655 11806 12182 12216 Publicly Disclosed:Yes;Exploited:Yes Release Notes 11655 No Security Update 116.0.1938.81 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Release Notes https://apps.microsoft.com/store/detail/webp-image-extensions/9PG2DK419DRG?hl=en-us&gl=us 11806 No Security Update 1.0.62681.0 https://apps.microsoft.com/store/detail/webp-image-extensions/9PG2DK419DRG?hl=en-us&gl=us 11806 Release Notes Release Notes 12182 No Security Update 1.6.00.26474 https://learn.microsoft.com/en-us/officeupdates/teams-app-versioning 12182 Release Notes Release Notes 12216 No Security Update 1.6.00.26463 https://learn.microsoft.com/en-us/officeupdates/teams-app-versioning 12216 Release Notes 1.0 2023-09-12T07:00:47 <p>Information published.</p> 2.0 2023-09-30T07:00:00 <p>Updated CVE detail with information regarding other Microsoft products affected by this vulnerability. This is an informational change only.</p> 3.0 2023-10-02T07:00:00 <p>Updated CVE detail with information regarding other Microsoft products affected by this vulnerability. Microsoft recommends updating to the latest version of the products listed in the CVE.</p> 3.1 2023-10-04T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> 3.2 2023-10-11T07:00:00 <p>Removed VP9 Video Extensions from the Security Update table as this product is not affected by this vulnerability.</p> 4.0 2023-11-14T08:00:00 <p>Updated CVE detail with information regarding other Microsoft products affected by this vulnerability. Microsoft recommends updating to the latest version of the products listed in the CVE.</p> 4.1 2025-10-30T07:00:00 <p>Updated product information in the Software Update table. This is an informational change only.</p>