Msrc Windows Server 2019 vulnerabilities

CVE-2023-35297 [HIGH] CWE-843 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. FAQ: According to the CVSS score, the attack

CVE-2023-36884 [HIGH] CWE-362 Windows Search Remote Code Execution Vulnerability Windows Search Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to high loss of confidentiality (C:H), integrity (I:H) and availa

CVE-2023-32084 [HIGH] CWE-476 HTTP.sys Denial of Service Vulnerability HTTP.sys Denial of Service Vulnerability Windows HTTP.sys: Windows HTTP.sys Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 Reference: https://support.microsoft.com/help/5028168 Reference: https://catalog

CVE-2023-33163 [HIGH] CWE-591 Windows Network Load Balancing Remote Code Execution Vulnerability Windows Network Load Balancing Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Successf

CVE-2023-35357 [HIGH] CWE-125 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest So

CVE-2023-35322 [HIGH] CWE-121 Windows Deployment Services Remote Code Execution Vulnerability Windows Deployment Services Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? FAQ: How can attacker successfully exploit this vulnerability? An attacker with user permissions could alter specific variables in the CNTCIR Packet of the WDSMA protocol in order to exploit this vulnerability. For more information about CNTCIR Packet see CNTCIR Packet. Windows Deplo

CVE-2023-35338 [HIGH] CWE-476 Windows Peer Name Resolution Protocol Denial of Service Vulnerability Windows Peer Name Resolution Protocol Denial of Service Vulnerability Windows Peer Name Resolution Protocol: Windows Peer Name Resolution Protocol Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search

CVE-2023-35339 [HIGH] CWE-400 Windows CryptoAPI Denial of Service Vulnerability Windows CryptoAPI Denial of Service Vulnerability Windows CryptoAPI: Windows CryptoAPI Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 Reference: https://support.microsoft.com/help/5028168 Refer

CVE-2023-35306 [MEDIUM] CWE-20 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. Microsoft Printer Drivers: Microsoft Printer Drivers Microsoft: Microsoft Customer Acti

CVE-2023-33172 [MEDIUM] CWE-126 Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call: Windows Remote Procedure Call Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 Reference:

CVE-2023-32035 [MEDIUM] CWE-125 Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call: Windows Remote Procedure Call Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 Reference:

CVE-2023-35314 [MEDIUM] CWE-125 Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call: Windows Remote Procedure Call Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 Reference:

CVE-2023-32040 [MEDIUM] CWE-822 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. Microsoft Printer Drivers: Microsoft Printer Drivers Microsoft: Microsoft Customer Act

CVE-2023-32037 [MEDIUM] CWE-20 Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. FAQ: According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability? This attack is li

CVE-2023-32083 [MEDIUM] CWE-122 Microsoft Failover Cluster Information Disclosure Vulnerability Microsoft Failover Cluster Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnera

CVE-2023-35326 [MEDIUM] CWE-908 Windows CDP User Components Information Disclosure Vulnerability Windows CDP User Components Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Windows CDP User Components: Windows CDP User Components Microsoft: Microsoft Customer Action Required: Yes Impact: Information Dis

CVE-2023-35308 [MEDIUM] CWE-73 Windows MSHTML Platform Security Feature Bypass Vulnerability Windows MSHTML Platform Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? A security feature bypass vulnerability exists wh

CVE-2023-35321 [MEDIUM] CWE-170 Windows Deployment Services Denial of Service Vulnerability Windows Deployment Services Denial of Service Vulnerability Windows Deployment Services: Windows Deployment Services Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 Reference: https://

CVE-2023-35329 [MEDIUM] CWE-400 Windows Authentication Denial of Service Vulnerability Windows Authentication Denial of Service Vulnerability Windows Authentication Methods: Windows Authentication Methods Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 Reference: https://supp

CVE-2023-35345 [MEDIUM] CWE-591 Windows DNS Server Remote Code Execution Vulnerability Windows DNS Server Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this