Msrc Windows Server 2008 R2 vulnerabilities

CVE-2023-21811 [HIGH] CWE-126 Windows iSCSI Service Denial of Service Vulnerability Windows iSCSI Service Denial of Service Vulnerability Windows iSCSI: Windows iSCSI Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 Reference: https://support.microsoft.com/help/5022840 Refere

CVE-2023-21685 [HIGH] CWE-20 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to ex

CVE-2023-21812 [HIGH] CWE-122 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Common Log File System Driver: Windows Common Log File System Driver Microsoft: Microsoft Customer Action Required: Yes

CVE-2023-21805 [HIGH] CWE-77 Windows MSHTML Platform Remote Code Execution Vulnerability Windows MSHTML Platform Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when

CVE-2023-21822 [HIGH] CWE-416 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Win32K: Windows Win32K Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:N

CVE-2023-21684 [HIGH] CWE-191 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated attacker could send a specially crafted file to a shared printer. This could result in arbitrary code execution on the system that is sharing the printer. Microsoft PostScript Printer Driver: Microsoft PostScript Printer D

CVE-2023-21798 [HIGH] CWE-125 Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. Windows ODBC

CVE-2023-21817 [HIGH] CWE-287 Windows Kerberos Elevation of Privilege Vulnerability Windows Kerberos Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kerberos: Windows Kerberos Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;L

CVE-2023-21691 [HIGH] CWE-125 Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. FAQ: How could an attacker exploit this vulnerability? An authentica

CVE-2023-21801 [HIGH] Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack it

CVE-2023-21820 [HIGH] CWE-126 Windows Distributed File System (DFS) Remote Code Execution Vulnerability Windows Distributed File System (DFS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack. FAQ: According to the CVSS metric, user interact

CVE-2023-21701 [HIGH] CWE-126 Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability Windows Protected EAP (PEAP): Windows Protected EAP (PEAP) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.updat

CVE-2023-21702 [HIGH] CWE-125 Windows iSCSI Service Denial of Service Vulnerability Windows iSCSI Service Denial of Service Vulnerability Windows iSCSI: Windows iSCSI Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 Reference: https://support.microsoft.com/help/5022840 Refere

CVE-2023-21818 [HIGH] CWE-20 Windows Secure Channel Denial of Service Vulnerability Windows Secure Channel Denial of Service Vulnerability Windows SChannel: Windows SChannel Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 Refere

CVE-2023-21802 [HIGH] CWE-190 Windows Media Remote Code Execution Vulnerability Windows Media Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates

CVE-2023-21799 [HIGH] CWE-122 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to e

CVE-2023-21813 [HIGH] CWE-126 Windows Secure Channel Denial of Service Vulnerability Windows Secure Channel Denial of Service Vulnerability Windows Cryptographic Services: Windows Cryptographic Services Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Se

CVE-2023-21816 [HIGH] CWE-20 Windows Active Directory Domain Services API Denial of Service Vulnerability Windows Active Directory Domain Services API Denial of Service Vulnerability Windows Active Directory: Windows Active Directory Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502

CVE-2023-21700 [HIGH] CWE-476 Windows iSCSI Discovery Service Denial of Service Vulnerability Windows iSCSI Discovery Service Denial of Service Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of availability (A:H)? What does that mean for this vulnerability? An attacker could impact availability of the service resulting in Denial of Service (DoS). Windows iSCSI: Windows iSCSI Microsoft: Microsoft Customer Action Required

CVE-2023-21686 [HIGH] CWE-190 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to e