Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2023-36423: Microsoft Remote Registry Service Remote Code Execution Vulnerability

**According to the CVSS metric, privileges required is low (PR:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires the attacker must be an authenticated user on the network who is a member of the performance log users group. Although this group defaults to only Administrators, it is possible for an Administrator to add other standard users to this group.

Microsoft Security Response Center
Open in Source
#vulnerability#microsoft#rce#auth#Microsoft Remote Registry Service#Security Vulnerability
CVE-2023-36427: Windows Hyper-V Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-36428: Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.

CVE-2023-36705: Windows Installer Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-36719: Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-36425: Windows Distributed File System (DFS) Remote Code Execution Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

CVE-2023-36424: Windows Common Log File System Driver Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker could use this vulnerability to elevate privileges from Medium Integrity Level to a High Integrity Level.

CVE-2023-36410: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

CVE-2023-36560: ASP.NET Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** The attacker would be able to bypass the security checks that prevents an attacker from accessing internal applications in a website.

CVE-2023-36413: Microsoft Office Security Feature Bypass Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious file and convince them to open it.