Msrc Windows 11 Version 21H2 vulnerabilities

CVE-2023-36882 [HIGH] CWE-416 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: O

CVE-2023-35387 [HIGH] CWE-191 Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack. FAQ: How could an attacker exploit this vulnerability? An auth

CVE-2023-35381 [HIGH] CWE-190 Windows Fax Service Remote Code Execution Vulnerability Windows Fax Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open

CVE-2023-36903 [HIGH] CWE-59 Windows System Assessment Tool Elevation of Privilege Vulnerability Windows System Assessment Tool Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. Windows System Assessment Tool: Windows System Assessment Tool Microsoft: Microsoft Customer Action Required: Yes Impact: Eleva

CVE-2023-38172 [HIGH] CWE-126 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Windows Message Queuing: Windows Message Queuing Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029247 Reference: https://

CVE-2023-36913 [MEDIUM] CWE-908 Microsoft Message Queuing Information Disclosure Vulnerability Microsoft Message Queuing Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. FAQ: According to the CVSS met

CVE-2023-35384 [MEDIUM] CWE-73 Windows HTML Platforms Security Feature Bypass Vulnerability Windows HTML Platforms Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? A security feature bypass vulnerability exists when the MSHTML platform fails to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security

CVE-2023-35377 [MEDIUM] CWE-20 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability? To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. The vulnerability is triggered when a user on the target machine accesses message queuing, which cou

CVE-2023-36908 [MEDIUM] CWE-200 Windows Hyper-V Information Disclosure Vulnerability Windows Hyper-V Information Disclosure Vulnerability FAQ: According to the CVSS metric, the Hyper-V attack vector is adjacent (AV:A). What does that mean for this vulnerability? Where the attack vector metric is Adjacent (A), this represents virtual machines connected via a Hyper-V Network Virtualization (HNV) logical network. This configuration forms an isolation boundary where the virtual machines within the

CVE-2023-35376 [MEDIUM] CWE-20 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability? To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. The vulnerability is triggered when a user on the target machine accesses message queuing, which cou

CVE-2023-36906 [MEDIUM] CWE-170 Windows Cryptographic Services Information Disclosure Vulnerability Windows Cryptographic Services Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. FAQ: How could an attacker exploit this vulnerability? For successful exploitation, a locally authenticated attacker needs to send a specially cra

CVE-2023-36889 [MEDIUM] CWE-284 Windows Group Policy Security Feature Bypass Vulnerability Windows Group Policy Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An authenticated attacker who successfully exploited this vulnerability could read specific Group Policy configuration settings. Windows Group Policy: Windows Group Policy Microsoft: Microsoft Customer Action Required: Yes Impact: Security Featu

CVE-2023-36909 [MEDIUM] CWE-191 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability? To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. The vulnerability is triggered when a user on the target machine accesses message queuing, which co

CVE-2023-36907 [MEDIUM] CWE-170 Windows Cryptographic Services Information Disclosure Vulnerability Windows Cryptographic Services Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. FAQ: How could an attacker exploit this vulnerability? For successful exploitation, a locally authenticated attacker needs to send a specially cra

CVE-2023-38254 [MEDIUM] CWE-20 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability? To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. The vulnerability is triggered when a user on the target machine accesses message queuing, which cou

CVE-2023-36905 [MEDIUM] CWE-125 Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vul

CVE-2023-35367 [CRITICAL] CWE-20 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would need to send specially crafted packets to a server configured with the Routing and Remote Access Service running. Windows Routing and Remote Access Service (RRAS): Windows Routing and Remote

CVE-2023-35366 [CRITICAL] CWE-20 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would need to send specially crafted packets to a server configured with the Routing and Remote Access Service running. Windows Routing and Remote Access Service (RRAS): Windows Routing and Remote

CVE-2023-32057 [CRITICAL] CWE-20 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side. Windows Message Queuing: Windows Message Queuing Microsoft: Microsoft Customer Action

CVE-2023-35365 [CRITICAL] CWE-20 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would need to send specially crafted packets to a server configured with the Routing and Remote Access Service running. Windows Routing and Remote Access Service (RRAS): Windows Routing and Remote