Security
Headlines
HeadlinesLatestCVEs

Source

Microsoft Security Response Center

CVE-2023-36888: Microsoft Edge for Android (Chromium-based) Tampering Vulnerability

**According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability?** The performance can be interrupted and/or reduced, but the attacker cannot fully deny service.

Microsoft Security Response Center
Open in Source
#vulnerability#web#android#microsoft#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
CVE-2023-36887: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious file and convince them to open it.

CVE-2023-36883: Microsoft Edge for iOS Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

CVE-2023-36887: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious file and convince them to open it.

CVE-2023-36883: Microsoft Edge for iOS Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

CVE-2023-36888: Microsoft Edge for Android (Chromium-based) Tampering Vulnerability

**According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability?** The performance can be interrupted and/or reduced, but the attacker cannot fully deny service.

CVE-2023-32049: Windows SmartScreen Security Feature Bypass Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

CVE-2023-32054: Volume Shadow Copy Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** The attacker would gain the rights of the user that is running the affected application.

CVE-2023-21756: Windows Win32k Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-29347: Windows Admin Center Spoofing Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.