Msrc Windows 11 Version 22H2 vulnerabilities

CVE-2023-24929 [HIGH] CWE-843 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. Microsoft Printer Drivers: Microsoft Printer Drivers Microsoft: Microsoft Customer Action R

CVE-2023-24928 [HIGH] CWE-122 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The a

CVE-2023-28236 [HIGH] CWE-591 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows ALPC: Windows ALPC Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Softwa

CVE-2023-28297 [HIGH] CWE-416 Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: How could an attacker exploit this vulnerability? A locally authenticated attacker could exploit this vulnerab

CVE-2023-28272 [HIGH] CWE-191 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest So

CVE-2023-21769 [HIGH] CWE-125 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Windows Message Queuing: Windows Message Queuing Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 Reference: https://

CVE-2023-24926 [HIGH] CWE-122 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. Microsoft Printer Drivers: Microsoft Printer Drivers Microsoft: Microsoft Customer Action R

CVE-2023-28232 [HIGH] Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. FAQ: According to the CVSS metric, user interaction

CVE-2023-24925 [HIGH] CWE-416 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. Microsoft Printer Drivers: Microsoft Printer Drivers Microsoft: Microsoft Customer Action R

CVE-2023-24927 [HIGH] CWE-843 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The a

CVE-2023-28273 [HIGH] CWE-591 Windows Clip Service Elevation of Privilege Vulnerability Windows Clip Service Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this

CVE-2023-28248 [HIGH] CWE-190 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:

CVE-2023-28241 [HIGH] Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability Windows Secure Socket Tunneling Protocol (SSTP): Windows Secure Socket Tunneling Protocol (SSTP) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.upd

CVE-2023-24912 [HIGH] CWE-122 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit

CVE-2023-28302 [HIGH] CWE-20 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Windows Active Directory: Windows Active Directory Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 Reference: https:/

CVE-2023-28224 [HIGH] CWE-591 Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? A user would need to dial a PPPoE connection at the same time an attacker was attempting to exploit the vulnerability. FAQ: According to the CVSS metric, the attack complex

CVE-2023-28238 [HIGH] CWE-591 Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Internet Key Exchange (IKE) Protocol: Windows Internet Key Exchange

CVE-2023-28222 [HIGH] CWE-59 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on a

CVE-2023-24924 [HIGH] CWE-125 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. Microsoft Printer Drivers: Microsoft Printer Drivers Microsoft: Microsoft Customer Action R

CVE-2023-28243 [HIGH] CWE-843 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. Microsoft PostScript Printer Driver: Microsoft PostScript Printer Driver Microsoft: Microsof