Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2023-38177: Microsoft SharePoint Server Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** In a network-based attack, an authenticated attacker could execute code remotely within the SharePoint Server.

Microsoft Security Response Center
Open in Source
#vulnerability#microsoft#rce#auth#Microsoft Office SharePoint#Security Vulnerability
CVE-2023-36007: Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

CVE-2023-36439: Microsoft Exchange Server Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** For the vulnerability to be exploited, the attacker would need to be authenticated as a valid exchange user.

CVE-2023-36422: Microsoft Windows Defender Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-36423: Microsoft Remote Registry Service Remote Code Execution Vulnerability

**According to the CVSS metric, privileges required is low (PR:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires the attacker must be an authenticated user on the network who is a member of the performance log users group. Although this group defaults to only Administrators, it is possible for an Administrator to add other standard users to this group.

CVE-2023-36428: Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.

CVE-2023-36719: Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-36410: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

CVE-2023-36413: Microsoft Office Security Feature Bypass Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious file and convince them to open it.

CVE-2023-38151: Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the target machine if the victim connects to the attacker's malicious DB2 server and they execute a specially crafted query.