Security
Headlines
HeadlinesLatestCVEs

Source

Microsoft Security Response Center

CVE-2023-23409: Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

Microsoft Security Response Center
Open in Source
#vulnerability#web#microsoft#Client Server Run-time Subsystem (CSRSS)#Security Vulnerability
CVE-2023-23410: Windows HTTP.sys Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-23413: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.

CVE-2023-23392: HTTP Protocol Stack Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets.

CVE-2023-21708: Remote Procedure Call Runtime Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.

CVE-2023-23405: Remote Procedure Call Runtime Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.

CVE-2023-24908: Remote Procedure Call Runtime Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.

CVE-2023-24869: Remote Procedure Call Runtime Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.

CVE-2023-23398: Microsoft Excel Spoofing Vulnerability

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.