CVE-2023-38160
published 2023-09-12CVE-2023-38160: Windows TCP/IP Information Disclosure Vulnerability
PriorityP422medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
1.09%
61.1th percentile
Windows TCP/IP Information Disclosure Vulnerability
Affected
41 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1507 | < 10.0.10240.20162 | 10.0.10240.20162 |
| microsoft | windows_10_1607 | < 10.0.14393.6252 | 10.0.14393.6252 |
| microsoft | windows_10_1809 | < 10.0.17763.4851 | 10.0.17763.4851 |
| microsoft | windows_10_21h2 | < 10.0.19044.3448 | 10.0.19044.3448 |
| microsoft | windows_10_22h2 | < 10.0.19045.3448 | 10.0.19045.3448 |
| microsoft | windows_10_version_1507 | >= 10.0.10240.0 < 10.0.10240.20162 | 10.0.10240.20162 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.6252 | 10.0.14393.6252 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.4851 | 10.0.17763.4851 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.4851 | 10.0.17763.4851 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.3448 | 10.0.19044.3448 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.3448 | 10.0.19045.3448 |
| microsoft | windows_11_21h2 | < 10.0.22000.2416 | 10.0.22000.2416 |
| microsoft | windows_11_22h2 | < 10.0.22621.2275 | 10.0.22621.2275 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.2416 | 10.0.22000.2416 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.2283 | 10.0.22621.2283 |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.7601.0 < 6.1.7601.26713 | 6.1.7601.26713 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.6003.0 < 6.0.6003.22264 | 6.0.6003.22264 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.24462 | 6.2.9200.24462 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.21563 | 6.3.9600.21563 |
| microsoft | windows_server_2016 | < 10.0.14393.6252 | 10.0.14393.6252 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.6252 | 10.0.14393.6252 |
| microsoft | windows_server_2019 | < 10.0.17763.4851 | 10.0.17763.4851 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.4851 | 10.0.17763.4851 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vendor_msrc5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows TCP/IP Information Disclosure Vulnerability
vendor_msrc·2023-09-12·CVSS 5.5
CVE-2023-38160 [MEDIUM] CWE-416 Windows TCP/IP Information Disclosure Vulnerability
Windows TCP/IP Information Disclosure Vulnerability
FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?
An attacker who successfully exploited the vulnerability could view sensitive information (Confidentiality). While the attacker can not make changes to disclosed information (Integrity) and limit access to the resource (Availability).
FAQ: What type of information could be disclosed by this vulnerability?
An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.
Windows TCP/IP: Windows TCP/IP
Microsoft: Microsoft
Customer Action Required: Yes
I
GHSA
GHSA-cpmq-c39j-pm97: Windows TCP/IP Information Disclosure Vulnerability
ghsa_unreviewed·2023-09-12
CVE-2023-38160 [MEDIUM] CWE-416 GHSA-cpmq-c39j-pm97: Windows TCP/IP Information Disclosure Vulnerability
Windows TCP/IP Information Disclosure Vulnerability
No detection rules found.
No public exploits indexed.
Qualys
Microsoft and Adobe Patch Tuesday, September 2023 Security Update Review
blogs_qualys·2023-09-12
Microsoft and Adobe Patch Tuesday, September 2023 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for September 2023
Adobe Patches for September 2023
Zero-day Vulnerability Patched in September Patch Tuesday Edition
Other Critical Severity Vulnerabilities Patched in September Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Rapid Response with Patch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
EXECUTE Mitigation Using Qualys Custom Assessment and Remediation (CAR)
Qualys Monthly Webinar Series
Microsoft has released the Patch Tuesday edition for September. This month’s updates have addressed 66 security vulnerabilities (including Edge Chromium-based) in multip
Bleepingcomputer
Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws
blogs_bleepingcomputer·2023-09-12·CVSS 6.5
[MEDIUM] Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws
## Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws
## Lawrence Abrams
3 Security Feature Bypass Vulnerabilities
24 Remote Code Execution Vulnerabilities
9 Information Disclosure Vulnerabilities
3 Denial of Service Vulnerabilities
5 Spoofing Vulnerabilities
5 Edge - Chromium Vulnerabilities
The total count of 59 flaws does not include five Microsoft Edge (Chromium) vulnerabilities two non-Microsoft flaws in Electron and Autodesk.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5030219 cumulative update and Windows 10 KB5030211 updates released.
## Two actively exploited zero-day vulnerabilities
This month's Patch Tuesday fixes two zero-day vulnerabilities, with both exploited in attacks
Qualys
Microsoft and Adobe Patch Tuesday, September 2023 Security Update Review | Qualys
blogs_qualys·2023-09-12
Microsoft and Adobe Patch Tuesday, September 2023 Security Update Review | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for September 2023
- Adobe Patches for September 2023
- Zero-day Vulnerability Patched in September Patch Tuesday Edition
- Other Critical Severity Vulnerabilities Patched in September Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
- Rapid Response with Patch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
- EXECUTE Mitigation Using Qualys Custom Assessment and Remediation (CAR)
- Qualys Monthly Webinar Series
Microsoft has released the Patch Tuesday edition for September. This month’s updates have addressed 66 security vulnerabilities (including Edge Chromium-ba
2023-09-12
Published