Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2023-36394: Windows Search Service Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#Microsoft Windows Search Component#Security Vulnerability
CVE-2023-36439: Microsoft Exchange Server Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** For the vulnerability to be exploited, the attacker would need to be authenticated as a valid exchange user.

CVE-2023-36558: ASP.NET Core - Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An unauthenticated attacker could bypass validations on Blazor Server forms.

CVE-2023-38177: Microsoft SharePoint Server Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** In a network-based attack, an authenticated attacker could execute code remotely within the SharePoint Server.

CVE-2023-36007: Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

CVE-2023-36017: Windows Scripting Engine Memory Corruption Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.

CVE-2023-36036: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-36043: Open Management Infrastructure Information Disclosure Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** An attacker who successfully exploits this vulnerability could affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component could be different from the impacted component and are managed by different security authorities.

CVE-2023-36402: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.

CVE-2023-36403: Windows Kernel Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.