Msrc Windows Server 2022 vulnerabilities

CVE-2023-36400 [HIGH] CWE-122 Windows HMAC Key Derivation Elevation of Privilege Vulnerability Windows HMAC Key Derivation Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker

CVE-2023-36423 [HIGH] CWE-122 Microsoft Remote Registry Service Remote Code Execution Vulnerability Microsoft Remote Registry Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. FAQ: How could an attacker exploit this vulnerability? A remote, authenticated attacker who is on

CVE-2023-36395 [HIGH] CWE-190 Windows Deployment Services Denial of Service Vulnerability Windows Deployment Services Denial of Service Vulnerability Windows Deployment Services: Windows Deployment Services Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 Reference: https://support.mi

CVE-2023-36425 [HIGH] CWE-122 Windows Distributed File System (DFS) Remote Code Execution Vulnerability Windows Distributed File System (DFS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker or targeted user to have both domain user and delegate management permissions on a non-default DFS namespace. FAQ: How could an attacker

CVE-2023-36407 [HIGH] CWE-20 Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Hyper-V: Windows Hyper-V Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest

CVE-2023-36047 [HIGH] CWE-59 Windows Authentication Elevation of Privilege Vulnerability Windows Authentication Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Authentication Methods: Windows Authentication Methods Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Statu

CVE-2023-36424 [HIGH] CWE-125 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate privileges from Medium Integrity Level to a High Integrity Level. Windows Common Log File System Driver: Windows Common Log File System Driver Microsoft: Microsoft Cu

CVE-2023-36427 [HIGH] Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Real-world exploitability of this attack is very low. Successful e

CVE-2023-36394 [HIGH] CWE-59 Windows Search Service Elevation of Privilege Vulnerability Windows Search Service Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability

CVE-2023-36033 [HIGH] CWE-822 Windows DWM Core Library Elevation of Privilege Vulnerability Windows DWM Core Library Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows DWM Core Library: Windows DWM Core Library Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publ

CVE-2023-36036 [HIGH] CWE-122 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Cloud Files Mini Filter Driver: Windows Cloud Files Mini Filter Driver Microsoft: Microsoft Customer Action Required: Y

CVE-2023-36017 [HIGH] CWE-843 Windows Scripting Engine Memory Corruption Vulnerability Windows Scripting Engine Memory Corruption Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this s

CVE-2023-36705 [HIGH] CWE-59 Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Installer: Windows Installer Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:N

CVE-2023-36403 [HIGH] CWE-591 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an at

CVE-2023-36404 [MEDIUM] CWE-284 Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is values of registry keys the attacker does not have permissions to view. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Information Discl

CVE-2023-36406 [MEDIUM] CWE-20 Windows Hyper-V Information Disclosure Vulnerability Windows Hyper-V Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process. Windows Hyper-V: Windows Hyper-V Microsoft: Microsoft Customer Action R

CVE-2023-36428 [MEDIUM] CWE-125 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Windows Authentication Methods: Windows Authentication Methods Microsoft: Microsoft Customer Ac

CVE-2023-36398 [MEDIUM] CWE-908 Windows NTFS Information Disclosure Vulnerability Windows NTFS Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. FAQ: According to the CVSS metric, successful exploitation could lead to a s

CVE-2023-35349 [CRITICAL] CWE-20 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server. Windows Message Queuing: Windows Message Queuing Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Code Execution Explo

CVE-2023-36434 [CRITICAL] CWE-307 Windows IIS Server Elevation of Privilege Vulnerability Windows IIS Server Elevation of Privilege Vulnerability FAQ: How could an attacker exploit this vulnerability? In a network-based attack, an attacker could brute force user account passwords to log in as that user. Microsoft encourages the use of strong passwords that are more difficult for an attacker to brute force. FAQ: Why is the severity for this CVE rated as Important, but the CVSS score is 9.8? The