Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2023-35387: Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability

**How could an attacker exploit this vulnerability?** An authorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to elevation of privilege on the Bluetooth component.

Microsoft Security Response Center
Open in Source
#vulnerability#web#windows#auth#Windows Bluetooth A2DP driver#Security Vulnerability
CVE-2023-38184: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2023-38185: Microsoft Exchange Server Remote Code Execution Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?** Yes, the attacker must be authenticated.

CVE-2023-38188: Azure Apache Hadoop Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker would have to send the victim a malicious file that the victim would have to execute.

CVE-2023-35394: Azure HDInsight Jupyter Notebook Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker would have to send the victim a malicious file that the victim would have to execute.

CVE-2023-38186: Windows Mobile Device Management Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-35383: Microsoft Message Queuing Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited the vulnerability could potentially read User Mode Service Memory.

CVE-2023-35393: Azure Apache Hive Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker would have to send the victim a malicious file that the victim would have to execute.

CVE-2023-35386: Windows Kernel Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-36911: Microsoft Message Queuing Remote Code Execution Vulnerability

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation: The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel. You can check to see if there is a service running named **Message Queuing** and TCP port 1801 is listening on the machine.