Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2023-29011: GitHub: CVE-2023-29011 The config file of `connect.exe` is susceptible to malicious placing

**Why is this GitHub CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#microsoft#git#Visual Studio#Security Vulnerability
CVE-2023-25652: GitHub: CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write

**Why is this GitHub CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in mingit software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

CVE-2023-29007: GitHub: CVE-2023-29007 Arbitrary configuration injection via `git submodule deinit`

**Why is this GitHub CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in mingit software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

CVE-2023-29362: Remote Desktop Client Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

CVE-2023-29361: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2023-29351: Windows Group Policy Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.

CVE-2023-29346: NTFS Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited this vulnerability could gain administrator privileges.

CVE-2023-29358: Windows GDI Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-29357: Microsoft SharePoint Server Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited this vulnerability could gain administrator privileges.

CVE-2023-29352: Windows Remote Desktop Security Feature Bypass Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious file and convince them to open it.