Msrc Windows 10 Version 20H2 For 32-Bit Systems vulnerabilities

CVE-2023-24947 [HIGH] CWE-416 Windows Bluetooth Driver Remote Code Execution Vulnerability Windows Bluetooth Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. FAQ: How could an attacker exploit this vulnerability? An unauthorized attacker could exploit

CVE-2023-24905 [HIGH] CWE-284 Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. FAQ: How could an attacker exploit this vulnerability? An attacker could host the malicious .rdp file on a file share, a user accessing the .rdp file from the

CVE-2023-24949 [HIGH] CWE-190 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest So

CVE-2023-24944 [MEDIUM] CWE-843 Windows Bluetooth Driver Information Disclosure Vulnerability Windows Bluetooth Driver Information Disclosure Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. FAQ: What type of information could be disclosed by this vulnerability? Exploiting this v

CVE-2023-28274 [HIGH] CWE-20 Windows Win32k Elevation of Privilege Vulnerability Windows Win32k Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Win32K: Windows Win32K Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Sof

CVE-2023-28235 [MEDIUM] Windows Lock Screen Security Feature Bypass Vulnerability Windows Lock Screen Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass the Windows Lock Screen security feature. Windows Lock Screen: Windows Lock Screen Microsoft: Microsoft Customer Action Required: Yes Impact: Security Feature Bypass Exploit Status: P

CVE-2023-28270 [MEDIUM] Windows Lock Screen Security Feature Bypass Vulnerability Windows Lock Screen Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? The authentication feature could be bypassed as this vulnerability allows impersonation. Windows Lock Screen: Windows Lock Screen Microsoft: Microsoft Customer Action Required: Yes Impact: Security Feature Bypass Exploit Status: Publicly Disclosed:No;Exp

CVE-2023-28226 [MEDIUM] CWE-347 Windows Enroll Engine Security Feature Bypass Vulnerability Windows Enroll Engine Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack. FAQ: Wh

CVE-2023-24871 [HIGH] CWE-190 Windows Bluetooth Service Remote Code Execution Vulnerability Windows Bluetooth Service Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to remote code execution on the Bluetooth component. FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean

CVE-2023-23393 [HIGH] CWE-591 Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker

CVE-2023-21803 [CRITICAL] CWE-190 Windows iSCSI Discovery Service Remote Code Execution Vulnerability Windows iSCSI Discovery Service Remote Code Execution Vulnerability FAQ: How could an attacker exploit the vulnerability? An attacker could exploit the vulnerability by sending a specially crafted malicious DHCP discovery request to the iSCSI Discovery Service on 32-bit machines. An attacker who successfully exploited the vulnerability could then gain the ability to execute code on the target s

CVE-2023-21819 [HIGH] CWE-125 Windows Secure Channel Denial of Service Vulnerability Windows Secure Channel Denial of Service Vulnerability Windows Cryptographic Services: Windows Cryptographic Services Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 Reference: https://suppor

CVE-2023-21676 [HIGH] Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? This vulnerability could be exploited over the network by an authenticated attacker through a low complexity attack on a server configured as the domain controller. Windows LDAP - Lightweight Directory Access Protocol: Windows LDAP - Lightweig

CVE-2023-21733 [HIGH] CWE-122 Windows Bind Filter Driver Elevation of Privilege Vulnerability Windows Bind Filter Driver Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exp

CVE-2023-21551 [HIGH] CWE-416 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Microsoft Cryptographic Services Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Cryptographic Services: Windows Cryptographic Services Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Pri

CVE-2023-21755 [HIGH] CWE-416 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest So

CVE-2023-21771 [HIGH] CWE-591 Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker wh

CVE-2023-21724 [HIGH] CWE-416 Microsoft DWM Core Library Elevation of Privilege Vulnerability Microsoft DWM Core Library Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows DWM Core Library: Windows DWM Core Library Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status:

CVE-2023-21539 [HIGH] CWE-125 Windows Authentication Remote Code Execution Vulnerability Windows Authentication Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does th

CVE-2023-21550 [MEDIUM] CWE-20 Windows Cryptographic Information Disclosure Vulnerability Windows Cryptographic Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Windows cryptographic secrets. Windows Cryptographic Services: Windows Cryptographic Services Microsoft: Microsoft Customer Action Required: Yes Impact: Information D