Msrc Windows Server 2022 vulnerabilities

CVE-2023-21549 [HIGH] CWE-285 Windows SMB Witness Service Elevation of Privilege Vulnerability Windows SMB Witness Service Elevation of Privilege Vulnerability FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker could execute a specially crafted malicious script which executes an RPC call to an RPC host. This could result in elevation of privilege on the server. FAQ: What privileges could be gained by an attacker who successfully exploited the vulne

CVE-2023-21733 [HIGH] CWE-122 Windows Bind Filter Driver Elevation of Privilege Vulnerability Windows Bind Filter Driver Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exp

CVE-2023-21683 [HIGH] CWE-476 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Windows IKE Extension: Windows IKE Extension Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502228

CVE-2023-21524 [HIGH] CWE-798 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could impersonate the group Managed Service Account (gMSA) to perform actions or access resources over the network. Windows Local Security Authority (LSA): Wind

CVE-2023-21551 [HIGH] CWE-416 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Microsoft Cryptographic Services Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Cryptographic Services: Windows Cryptographic Services Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Pri

CVE-2023-21547 [HIGH] CWE-476 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability Windows Internet Key Exchange (IKE) Protocol: Windows Internet Key Exchange (IKE) Protocol Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7

CVE-2023-21674 [HIGH] CWE-416 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? This vulnerability could lead to a browser sandbox escape. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An at

CVE-2023-21558 [HIGH] CWE-20 Windows Error Reporting Service Elevation of Privilege Vulnerability Windows Error Reporting Service Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. Windows Error Reporting: Windows Error Reporting Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Priv

CVE-2023-21767 [HIGH] CWE-20 Windows Overlay Filter Elevation of Privilege Vulnerability Windows Overlay Filter Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Overlay Filter: Windows Overlay Filter Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disc

CVE-2023-21758 [HIGH] CWE-476 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Windows IKE Extension: Windows IKE Extension Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.upd

CVE-2023-21712 [HIGH] CWE-362 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could send a special

CVE-2023-21771 [HIGH] CWE-591 Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker wh

CVE-2023-21724 [HIGH] CWE-416 Microsoft DWM Core Library Elevation of Privilege Vulnerability Microsoft DWM Core Library Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows DWM Core Library: Windows DWM Core Library Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status:

CVE-2023-21539 [HIGH] CWE-125 Windows Authentication Remote Code Execution Vulnerability Windows Authentication Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does th

CVE-2023-21535 [HIGH] CWE-591 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. FAQ: According to the CVSS metric, the a

CVE-2023-21550 [MEDIUM] CWE-20 Windows Cryptographic Information Disclosure Vulnerability Windows Cryptographic Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Windows cryptographic secrets. Windows Cryptographic Services: Windows Cryptographic Services Microsoft: Microsoft Customer Action Required: Yes Impact: Information D

CVE-2023-21536 [MEDIUM] CWE-125 Event Tracing for Windows Information Disclosure Vulnerability Event Tracing for Windows Information Disclosure Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attac

CVE-2023-21559 [MEDIUM] CWE-20 Windows Cryptographic Information Disclosure Vulnerability Windows Cryptographic Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Windows cryptographic secrets. Windows Cryptographic Services: Windows Cryptographic Services Microsoft: Microsoft Customer Action Required: Yes Impact: Information D

CVE-2023-21540 [MEDIUM] CWE-20 Windows Cryptographic Information Disclosure Vulnerability Windows Cryptographic Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Windows cryptographic secrets. Windows Cryptographic Services: Windows Cryptographic Services Microsoft: Microsoft Customer Action Required: Yes Impact: Information D

CVE-2023-21766 [MEDIUM] CWE-591 Windows Overlay Filter Information Disclosure Vulnerability Windows Overlay Filter Information Disclosure Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker su