Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2023-24907: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.

Microsoft Security Response Center
Open in Source
#vulnerability#web#microsoft#rce#auth#Microsoft PostScript Printer Driver#Security Vulnerability
CVE-2023-23383: Service Fabric Explorer Spoofing Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** The vulnerability is in the web client, but the malicious scripts executed in the victim’s browser translate into actions executed in the (remote) cluster.

CVE-2023-24892: Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

CVE-2023-24913: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.

CVE-2023-22743: GitHub: CVE-2023-22743 Git for Windows Installer Elevation of Privilege Vulnerability

**Why is this GitHub CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

CVE-2023-23946: GitHub: CVE-2023-23946 mingit Remote Code Execution Vulnerability

**Why is this GitHub CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in mingit software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

CVE-2023-23618: GitHub: CVE-2023-23618 Git for Windows Remote Code Execution Vulnerability

**Why is this GitHub CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

CVE-2023-24911: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

CVE-2023-24910: Windows Graphics Component Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-24909: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.