Msrc Windows Server 2019 vulnerabilities

CVE-2023-35312 [HIGH] CWE-190 Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. Windows VOLSNAP.SYS: Windows VOLSNAP.SYS Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Discl

CVE-2023-35313 [HIGH] CWE-416 Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution

CVE-2023-35361 [HIGH] CWE-362 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an at

CVE-2023-35343 [HIGH] CWE-426 Windows Geolocation Service Remote Code Execution Vulnerability Windows Geolocation Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For examp

CVE-2023-35330 [HIGH] CWE-126 Windows Extended Negotiation Denial of Service Vulnerability Windows Extended Negotiation Denial of Service Vulnerability Windows SPNEGO Extended Negotiation: Windows SPNEGO Extended Negotiation Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 Ref

CVE-2023-32046 [HIGH] Windows MSHTML Platform Elevation of Privilege Vulnerability Windows MSHTML Platform Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? The attacker would gain the rights of the user that is running the affected application. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a u

CVE-2023-35300 [HIGH] CWE-416 Remote Procedure Call Runtime Remote Code Execution Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? The authenticated attacker could take advantage of this vulnerability to execute malicious code through the RPC runtime. Windows Remote Procedure Call: Windows Remote Procedure Call Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Code Execution Exploit Status

CVE-2023-35363 [HIGH] CWE-122 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest So

CVE-2023-35328 [HIGH] CWE-197 Windows Transaction Manager Elevation of Privilege Vulnerability Windows Transaction Manager Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Transaction Manager: Windows Transaction Manager Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit

CVE-2023-35352 [HIGH] Windows Remote Desktop Security Feature Bypass Vulnerability Windows Remote Desktop Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited the vulnerability could bypass certificate or private key authentication when establishing a remote desktop protocol session. Windows Remote Desktop: Windows Remote Desktop Microsoft: Microsoft Customer Action Req

CVE-2023-35362 [HIGH] CWE-591 Windows Clip Service Elevation of Privilege Vulnerability Windows Clip Service Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the

CVE-2023-35353 [HIGH] CWE-59 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability Connected User Experiences and Telemetry Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Connected User Experiences and Telemetry: Windows Connected User Experiences and Telemetry Microsoft: Microsoft Cust

CVE-2023-35317 [HIGH] CWE-502 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. Windows Server Update Service: Windows Server Update Service Microsoft: Microsoft Customer Action Required: Yes Impact: Elev

CVE-2023-35302 [HIGH] CWE-122 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. Microsoft Printer Drivers: Microsoft Printer Drivers Microsoft: Microsoft Customer Action R

CVE-2023-35309 [HIGH] CWE-591 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? To successfully exploit this vulnerability, the target server must be configured to allow remote activation of the COM object. In addition, the attacker must have sufficient user privileges on that server. FAQ: According to the CVSS metric, the attack complexity is high (AC:

CVE-2023-32049 [HIGH] Windows SmartScreen Security Feature Bypass Vulnerability Windows SmartScreen Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? The attacker would be able to bypass the Open File - Security Warning prompt. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be comp

CVE-2023-35356 [HIGH] CWE-843 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest So

CVE-2023-32038 [HIGH] CWE-416 Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. Windows ODBC

CVE-2023-35315 [HIGH] CWE-190 Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack. FAQ: How could an attacker exploit this vulnerab

CVE-2023-35360 [HIGH] CWE-591 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an at