Msrc Powershell 7.3 vulnerabilities

CVE-2024-21409 [HIGH] CWE-416 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. Additionally, an attacker could convince

CVE-2024-21392 [HIGH] CWE-400 .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Denial of Service Vulnerability .NET: .NET Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Remediation: Release Notes Reference: https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.9 Reference: https://learn.microsoft.com/en-us/v

CVE-2024-26190 [HIGH] CWE-400 Microsoft QUIC Denial of Service Vulnerability Microsoft QUIC Denial of Service Vulnerability Microsoft QUIC: Microsoft QUIC Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Remediation: Release Notes Reference: https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.9 Reference: https://learn.microsoft.com/en-

CVE-2023-36013 [MEDIUM] CWE-798 PowerShell Information Disclosure Vulnerability PowerShell Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is data inside the targeted website like IDs, tokens, cryptographic nonces, and other sensitive information. Microsoft PowerShell: Microsoft PowerShell Microsoft: Microsoft Customer Action Re

CVE-2023-36435 [HIGH] CWE-400 Microsoft QUIC Denial of Service Vulnerability Microsoft QUIC Denial of Service Vulnerability FAQ: Where can I find more information? Please see the GitHub Advisory relating to this vulnerability here: https://github.com/microsoft/msquic/security/advisories/GHSA-fr44-546p-7xcp#event-111622 Microsoft QUIC: Microsoft QUIC Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Softwar

CVE-2023-38171 [HIGH] CWE-476 Microsoft QUIC Denial of Service Vulnerability Microsoft QUIC Denial of Service Vulnerability FAQ: Where can I find more information? Please see the GitHub Advisory relating to this vulnerability here: https://github.com/microsoft/msquic/security/advisories/GHSA-xh5m-8qqp-c5x7#event-111621 Microsoft QUIC: Microsoft QUIC Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Softwar

CVE-2023-36799 [MEDIUM] CWE-400 .NET Core and Visual Studio Denial of Service Vulnerability .NET Core and Visual Studio Denial of Service Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious request and convince them to open it. .NET Core & Visual Studio: .NET Core & Visual Studio Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status:

CVE-2023-33127 [HIGH] CWE-1220 .NET and Visual Studio Elevation of Privilege Vulnerability .NET and Visual Studio Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? The attacker would gain the rights of the user that is running the affected application. FAQ: According to the CVSS metric, the attack vector is network (AV:N). How could an attacker exploit this vulnerability? An attacker could exploit this vulnera

CVE-2023-29331 [HIGH] CWE-400 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability .NET Core: .NET Core Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference: https://dotnet.microsoft.com/download/dotnet/6.0 Reference: https://support.microsoft.com/help/5027797 Refere

CVE-2023-33128 [HIGH] CWE-416 .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attac

CVE-2023-24936 [HIGH] .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful e

CVE-2023-24895 [HIGH] .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out lo

CVE-2023-32032 [MEDIUM] CWE-20 .NET and Visual Studio Elevation of Privilege Vulnerability .NET and Visual Studio Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data. FAQ: What privileges could be gained by an attacker who successfull

CVE-2023-28260 [HIGH] .NET DLL Hijacking Remote Code Execution Vulnerability .NET DLL Hijacking Remote Code Execution Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

CVE-2022-41089 [HIGH] .NET Framework Remote Code Execution Vulnerability .NET Framework Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that

CVE-2022-41076 [HIGH] PowerShell Remote Code Execution Vulnerability PowerShell Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?