Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2023-35325: Windows Print Spooler Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

Microsoft Security Response Center
Open in Source
#vulnerability#web#windows#microsoft#Windows Print Spooler Components#Security Vulnerability
CVE-2023-35326: Windows CDP User Components Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

CVE-2023-35328: Windows Transaction Manager Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-35331: Windows Local Security Authority (LSA) Denial of Service Vulnerability

**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.

CVE-2023-35320: Connected User Experiences and Telemetry Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-35322: Windows Deployment Services Remote Code Execution Vulnerability

**How can attacker successfully exploit this vulnerability?** An attacker with user permissions could alter specific variables in the CNTCIR Packet of the WDSMA protocol in order to exploit this vulnerability. For more information about CNTCIR Packet see CNTCIR Packet.

CVE-2023-35347: Microsoft Install Service Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-35341: Microsoft DirectMusic Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

CVE-2023-35340: Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2023-35346: Windows DNS Server Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.