Msrc Windows 11 Version 22H2 vulnerabilities

CVE-2023-35318 [MEDIUM] CWE-125 Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call: Windows Remote Procedure Call Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 Reference:

CVE-2023-35296 [MEDIUM] CWE-125 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Microsoft Printer Drivers: Microsoft Printer Drivers Microsoft: Microsoft Customer Action Required: Yes

CVE-2023-33164 [MEDIUM] CWE-125 Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call: Windows Remote Procedure Call Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 Reference:

CVE-2023-35341 [MEDIUM] CWE-190 Microsoft DirectMusic Information Disclosure Vulnerability Microsoft DirectMusic Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Media: Windows Media Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status: Publicly Disclosed:No;Exploited:N

CVE-2023-33174 [MEDIUM] CWE-200 Windows Cryptographic Information Disclosure Vulnerability Windows Cryptographic Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Cryptographic Services: Windows Cryptographic Services Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status:

CVE-2023-36871 [MEDIUM] Azure Active Directory Security Feature Bypass Vulnerability Azure Active Directory Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker can bypass Windows Trusted Platform Module by crafting an assertion and using the assertion to request a Primary Refresh Token from another device. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean fo

CVE-2023-35336 [MEDIUM] CWE-20 Windows MSHTML Platform Security Feature Bypass Vulnerability Windows MSHTML Platform Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L) and some loss of availability (A:L). What does that mean for this vulnerability? An attacker who successfully exploits the vulnerability could craft a malicious URL that would evade zone checks, resulting in a limited lo

CVE-2023-32039 [MEDIUM] CWE-125 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. Microsoft Printer Drivers: Microsoft Printer Drivers Microsoft: Microsoft Customer Act

CVE-2023-35324 [MEDIUM] CWE-126 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Microsoft Printer Drivers: Microsoft Printer Drivers Microsoft: Microsoft Customer Action Required: Yes

CVE-2023-33167 [MEDIUM] CWE-126 Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call: Windows Remote Procedure Call Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 Reference:

CVE-2023-33166 [MEDIUM] CWE-126 Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call: Windows Remote Procedure Call Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 Reference:

CVE-2023-35332 [MEDIUM] CWE-326 Windows Remote Desktop Protocol Security Feature Bypass Windows Remote Desktop Protocol Security Feature Bypass FAQ: What security feature is bypassed with this vulnerability? The RDP Gateway protocol is enforcing the usage of Datagram Transport Layer Security (DTLS) version 1.0, which is a deprecated (RFC 8996) protocol with known vulnerabilities. An attacker with a machine-in-the-middle (MitM) position who successfully exploited this vulnerability could comprom

CVE-2023-32085 [MEDIUM] CWE-126 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated attacker with normal user permissions could use the Microsoft PS Class Driver to print a malicious XPS file, which could enable an information disclosure attack on the machine. Please see Standard XPS Filters for more i

CVE-2023-32043 [MEDIUM] CWE-327 Windows Remote Desktop Security Feature Bypass Vulnerability Windows Remote Desktop Security Feature Bypass Vulnerability FAQ: What security feature is being bypassed? An attacker with a machine-in-the-middle (MitM) position who successfully exploited this vulnerability could bypass the certificate validation performed when a targeted user connects to a trusted server. Windows Remote Desktop: Windows Remote Desktop Microsoft: Microsoft Customer Action Required

CVE-2023-33168 [MEDIUM] CWE-126 Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call: Windows Remote Procedure Call Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 Reference:

CVE-2023-32055 [MEDIUM] CWE-416 Active Template Library Elevation of Privilege Vulnerability Active Template Library Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. FAQ: What privileges could be gained by an attacker who successfully exploit

CVE-2023-32034 [MEDIUM] CWE-125 Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call: Windows Remote Procedure Call Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 Reference:

CVE-2023-32042 [MEDIUM] CWE-908 OLE Automation Information Disclosure Vulnerability OLE Automation Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Windows OLE: Windows OLE Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status: Publicly Disclosed:No;Exploited:N

CVE-2023-35319 [MEDIUM] CWE-125 Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call: Windows Remote Procedure Call Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 Reference:

CVE-2023-32041 [MEDIUM] CWE-908 Windows Update Orchestrator Service Information Disclosure Vulnerability Windows Update Orchestrator Service Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Windows Update Orchestrator Service: Windows Update Orchestrator Service Microsoft: Microsoft Customer Action Requir