Msrc Windows Server 2012 vulnerabilities

CVE-2023-36903 [HIGH] CWE-59 Windows System Assessment Tool Elevation of Privilege Vulnerability Windows System Assessment Tool Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. Windows System Assessment Tool: Windows System Assessment Tool Microsoft: Microsoft Customer Action Required: Yes Impact: Eleva

CVE-2023-38172 [HIGH] CWE-126 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Windows Message Queuing: Windows Message Queuing Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029247 Reference: https://

CVE-2023-36913 [MEDIUM] CWE-908 Microsoft Message Queuing Information Disclosure Vulnerability Microsoft Message Queuing Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. FAQ: According to the CVSS met

CVE-2023-35377 [MEDIUM] CWE-20 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability? To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. The vulnerability is triggered when a user on the target machine accesses message queuing, which cou

CVE-2023-36908 [MEDIUM] CWE-200 Windows Hyper-V Information Disclosure Vulnerability Windows Hyper-V Information Disclosure Vulnerability FAQ: According to the CVSS metric, the Hyper-V attack vector is adjacent (AV:A). What does that mean for this vulnerability? Where the attack vector metric is Adjacent (A), this represents virtual machines connected via a Hyper-V Network Virtualization (HNV) logical network. This configuration forms an isolation boundary where the virtual machines within the

CVE-2023-35376 [MEDIUM] CWE-20 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability? To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. The vulnerability is triggered when a user on the target machine accesses message queuing, which cou

CVE-2023-36906 [MEDIUM] CWE-170 Windows Cryptographic Services Information Disclosure Vulnerability Windows Cryptographic Services Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. FAQ: How could an attacker exploit this vulnerability? For successful exploitation, a locally authenticated attacker needs to send a specially cra

CVE-2023-36889 [MEDIUM] CWE-284 Windows Group Policy Security Feature Bypass Vulnerability Windows Group Policy Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An authenticated attacker who successfully exploited this vulnerability could read specific Group Policy configuration settings. Windows Group Policy: Windows Group Policy Microsoft: Microsoft Customer Action Required: Yes Impact: Security Featu

CVE-2023-36909 [MEDIUM] CWE-191 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability? To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. The vulnerability is triggered when a user on the target machine accesses message queuing, which co

CVE-2023-36907 [MEDIUM] CWE-170 Windows Cryptographic Services Information Disclosure Vulnerability Windows Cryptographic Services Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. FAQ: How could an attacker exploit this vulnerability? For successful exploitation, a locally authenticated attacker needs to send a specially cra

CVE-2023-38254 [MEDIUM] CWE-20 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability? To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. The vulnerability is triggered when a user on the target machine accesses message queuing, which cou

CVE-2023-35367 [CRITICAL] CWE-20 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would need to send specially crafted packets to a server configured with the Routing and Remote Access Service running. Windows Routing and Remote Access Service (RRAS): Windows Routing and Remote

CVE-2023-35366 [CRITICAL] CWE-20 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would need to send specially crafted packets to a server configured with the Routing and Remote Access Service running. Windows Routing and Remote Access Service (RRAS): Windows Routing and Remote

CVE-2023-32057 [CRITICAL] CWE-20 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side. Windows Message Queuing: Windows Message Queuing Microsoft: Microsoft Customer Action

CVE-2023-35365 [CRITICAL] CWE-20 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would need to send specially crafted packets to a server configured with the Routing and Remote Access Service running. Windows Routing and Remote Access Service (RRAS): Windows Routing and Remote

CVE-2023-35340 [HIGH] CWE-591 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability Windows CNG Key Isolation Service Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

CVE-2023-35350 [HIGH] CWE-122 Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker with Certificate Authority (CA) read access permissions can send a specially crafted request to a vulnerable Certificate Server. By default, only domain administrators are granted CA read access. Windows Active Directory

CVE-2023-36874 [HIGH] CWE-59 Windows Error Reporting Service Elevation of Privilege Vulnerability Windows Error Reporting Service Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. FAQ: According to the CVSS metrics, the attack vector is local (AV:L) and privilege required is low (PR:L). What does that mean for this v

CVE-2023-32044 [HIGH] CWE-125 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Windows Message Queuing: Windows Message Queuing Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 Reference: https://

CVE-2023-32054 [HIGH] CWE-36 Volume Shadow Copy Elevation of Privilege Vulnerability Volume Shadow Copy Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? The attacker would gain the rights of the user that is running the affected application. FAQ: According to the CVSS metrics, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? An authenticate