Msrc Windows 10 vulnerabilities

CVE-2023-32039 [MEDIUM] CWE-125 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. Microsoft Printer Drivers: Microsoft Printer Drivers Microsoft: Microsoft Customer Act

CVE-2023-35324 [MEDIUM] CWE-126 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Microsoft Printer Drivers: Microsoft Printer Drivers Microsoft: Microsoft Customer Action Required: Yes

CVE-2023-33167 [MEDIUM] CWE-126 Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call: Windows Remote Procedure Call Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 Reference:

CVE-2023-33166 [MEDIUM] CWE-126 Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call: Windows Remote Procedure Call Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 Reference:

CVE-2023-35332 [MEDIUM] CWE-326 Windows Remote Desktop Protocol Security Feature Bypass Windows Remote Desktop Protocol Security Feature Bypass FAQ: What security feature is bypassed with this vulnerability? The RDP Gateway protocol is enforcing the usage of Datagram Transport Layer Security (DTLS) version 1.0, which is a deprecated (RFC 8996) protocol with known vulnerabilities. An attacker with a machine-in-the-middle (MitM) position who successfully exploited this vulnerability could comprom

CVE-2023-32085 [MEDIUM] CWE-126 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated attacker with normal user permissions could use the Microsoft PS Class Driver to print a malicious XPS file, which could enable an information disclosure attack on the machine. Please see Standard XPS Filters for more i

CVE-2023-32043 [MEDIUM] CWE-327 Windows Remote Desktop Security Feature Bypass Vulnerability Windows Remote Desktop Security Feature Bypass Vulnerability FAQ: What security feature is being bypassed? An attacker with a machine-in-the-middle (MitM) position who successfully exploited this vulnerability could bypass the certificate validation performed when a targeted user connects to a trusted server. Windows Remote Desktop: Windows Remote Desktop Microsoft: Microsoft Customer Action Required

CVE-2023-33168 [MEDIUM] CWE-126 Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call: Windows Remote Procedure Call Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 Reference:

CVE-2023-32055 [MEDIUM] CWE-416 Active Template Library Elevation of Privilege Vulnerability Active Template Library Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. FAQ: What privileges could be gained by an attacker who successfully exploit

CVE-2023-32034 [MEDIUM] CWE-125 Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call: Windows Remote Procedure Call Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 Reference:

CVE-2023-32042 [MEDIUM] CWE-908 OLE Automation Information Disclosure Vulnerability OLE Automation Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Windows OLE: Windows OLE Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status: Publicly Disclosed:No;Exploited:N

CVE-2023-35319 [MEDIUM] CWE-125 Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call: Windows Remote Procedure Call Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 Reference:

CVE-2023-35316 [MEDIUM] CWE-125 Remote Procedure Call Runtime Information Disclosure Vulnerability Remote Procedure Call Runtime Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Remote Procedure Call: Windows Remote Procedure Call Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure E

CVE-2023-33173 [MEDIUM] CWE-126 Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call: Windows Remote Procedure Call Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 Reference:

CVE-2023-32015 [CRITICAL] CWE-20 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. Windows PGM: Windows PGM Microsoft: Mic

CVE-2023-29363 [CRITICAL] CWE-122 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. Windows PGM: Windows PGM Microsoft: Mi

CVE-2023-32014 [CRITICAL] CWE-191 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. Windows PGM: Windows PGM Microsoft: Mi

CVE-2023-29351 [HIGH] CWE-59 Windows Group Policy Elevation of Privilege Vulnerability Windows Group Policy Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact

CVE-2023-29364 [HIGH] CWE-190 Windows Authentication Elevation of Privilege Vulnerability Windows Authentication Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerabilit

CVE-2023-32011 [HIGH] CWE-125 Windows iSCSI Discovery Service Denial of Service Vulnerability Windows iSCSI Discovery Service Denial of Service Vulnerability Windows iSCSI: Windows iSCSI Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222 Reference: https://support.microsoft.com/help/502