CVE-2023-32057 — Improper Input Validation in Microsoft Windows 10 Version 1507

CWE-20 — Improper Input Validation8 documents6 sources

Severity

9.8CRITICALNVD

EPSS

2.2%

top 15.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Version 1507 Microsoft Windows 10 Version 1607 Microsoft Windows 10 Version 1809 +33 more

Timeline

PublishedJul 11

Latest updateOct 10

Description

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages36 packages

▶NVDmicrosoft/windows_10_1507< 10.0.10240.20048

▶NVDmicrosoft/windows_10_1607< 10.0.14393.6085

▶NVDmicrosoft/windows_10_1809< 10.0.17763.4645

▶NVDmicrosoft/windows_10_21h2< 10.0.19041.3208

▶NVDmicrosoft/windows_10_22h2< 10.0.19045.3208

Patches

Patch: msrc.microsoft.com ↗Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-3p9w-cf27-62fv: Microsoft Message Queuing Remote Code Execution Vulnerability↗2023-07-11

▶

📋Vendor Advisories

Microsoft

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability↗2023-07-11

▶

🕵️Threat Intelligence

Tenable

Microsoft’s October 2023 Patch Tuesday Addresses 103 CVEs (CVE-2023-36563, CVE-2023-41763)↗2023-10-10

▶

Qualys

Microsoft and Adobe Patch Tuesday, July 2023 Security Update Review↗2023-07-11

▶

Tenable

Microsoft’s July 2023 Patch Tuesday Addresses 130 CVEs (CVE-2023-36884)↗2023-07-11

▶

Qualys

Microsoft and Adobe Patch Tuesday, July 2023 Security Update Review | Qualys↗2023-07-11

▶

Crowdstrike

July 2023 Patch Tuesday: Updates and Analysis↗

▶