Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2023-36019: Microsoft Power Platform Connector Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

Microsoft Security Response Center
Open in Source
#vulnerability#microsoft#Microsoft Power Platform Connector#Security Vulnerability
CVE-2023-36020: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

CVE-2023-36005: Windows Telephony Server Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2023-35624: Azure Connected Machine Agent Elevation of Privilege Vulnerability

**According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?** A non-admin local user who has sufficient permissions to create symbolic links on a Windows computer that has Azure Connected Machine Agent installed (or before the agent is installed) could create links from a directory used by the agent to other privileged files on the computer. If the administrator later installs virtual machine extensions on the machine, those files could be deleted.

CVE-2023-35619: Microsoft Outlook for Mac Spoofing Vulnerability

**What is the nature of the spoofing?** An attacker could appear as a trusted user when they should not be. This could cause a user to mistakenly trust a signed email message as if it came from a legitimate user.

CVE-2023-36391: Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-36696: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-6512: Chromium: CVE-2023-6512 Inappropriate implementation in Web Browser UI

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

CVE-2023-6511: Chromium: CVE-2023-6511 Inappropriate implementation in Autofill

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**