Msrc Windows Server 2022 23H2 Edition vulnerabilities

CVE-2023-36028 [CRITICAL] CWE-122 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could attack a Microsoft Protected Extensible Authentication Protocol (PEAP) Server by sending specially crafted malicious PEAP packets over the network. Windows Protected EAP (PEAP): W

CVE-2023-36405 [HIGH] CWE-362 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an at

CVE-2023-24023 [MEDIUM] CWE-326 Mitre: CVE-2023-24023 Bluetooth Vulnerability Mitre: CVE-2023-24023 Bluetooth Vulnerability Description: Microsoft is aware of the Bluetooth Forward and Future Secrecy Attacks and Defenses (BLUFFS) vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that enforces the use of BR/EDR Secure Connections defined encryption and authentic

CVE-2023-36408 [HIGH] CWE-122 Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: How could an attacker exploit this vulnerability? This vulnerability would require an unauthenticated attacker on a guest VM to send specially crafted file operation requ

CVE-2023-36046 [HIGH] CWE-59 Windows Authentication Denial of Service Vulnerability Windows Authentication Denial of Service Vulnerability FAQ: According to the CVSS metrics, successful exploitation of this vulnerability does not impact confidentiality (C:N) but has major impact on integrity (I:H) and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploits this vulnerability cannot access existing files (C:N) but can write or overwrite file contents

CVE-2023-36399 [HIGH] CWE-59 Windows Storage Elevation of Privilege Vulnerability Windows Storage Elevation of Privilege Vulnerability FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability? This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data th

CVE-2023-36392 [HIGH] CWE-126 DHCP Server Service Denial of Service Vulnerability DHCP Server Service Denial of Service Vulnerability Windows DHCP Server: Windows DHCP Server Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 Reference: https://support.microsoft.com/help/5032196 Refere

CVE-2023-36400 [HIGH] CWE-122 Windows HMAC Key Derivation Elevation of Privilege Vulnerability Windows HMAC Key Derivation Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker

CVE-2023-36395 [HIGH] CWE-190 Windows Deployment Services Denial of Service Vulnerability Windows Deployment Services Denial of Service Vulnerability Windows Deployment Services: Windows Deployment Services Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 Reference: https://support.mi

CVE-2023-36407 [HIGH] CWE-20 Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Hyper-V: Windows Hyper-V Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest

CVE-2023-36047 [HIGH] CWE-59 Windows Authentication Elevation of Privilege Vulnerability Windows Authentication Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Authentication Methods: Windows Authentication Methods Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Statu

CVE-2023-36427 [HIGH] Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Real-world exploitability of this attack is very low. Successful e

CVE-2023-36033 [HIGH] CWE-822 Windows DWM Core Library Elevation of Privilege Vulnerability Windows DWM Core Library Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows DWM Core Library: Windows DWM Core Library Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publ

CVE-2023-36017 [HIGH] CWE-843 Windows Scripting Engine Memory Corruption Vulnerability Windows Scripting Engine Memory Corruption Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this s

CVE-2023-36404 [MEDIUM] CWE-284 Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is values of registry keys the attacker does not have permissions to view. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Information Discl

CVE-2023-36406 [MEDIUM] CWE-20 Windows Hyper-V Information Disclosure Vulnerability Windows Hyper-V Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process. Windows Hyper-V: Windows Hyper-V Microsoft: Microsoft Customer Action R

CVE-2023-36398 [MEDIUM] CWE-908 Windows NTFS Information Disclosure Vulnerability Windows NTFS Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. FAQ: According to the CVSS metric, successful exploitation could lead to a s

CVE-2021-45985 [HIGH] CWE-1395 Mitre: CVE-2021-45985 Erroneous finalizer call in Lua leads to a heap-based buffer over-read Mitre: CVE-2021-45985 Erroneous finalizer call in Lua leads to a heap-based buffer over-read NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2021-45985 Description: This CVE was assigned by Mitre. Some Microsoft products consume Lau open-source software. The purpose of this document is to attest to the fact that the products listed in the Security Updates table hav