Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2023-24864: Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Microsoft Security Response Center
Open in Source
#vulnerability#web#microsoft#Microsoft PostScript Printer Driver#Security Vulnerability
CVE-2023-24865: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

CVE-2023-24890: Microsoft OneDrive for iOS Security Feature Bypass Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

CVE-2023-24866: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

CVE-2023-24867: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.

CVE-2023-23413: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.

CVE-2023-23410: Windows HTTP.sys Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-23409: Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

CVE-2023-23398: Microsoft Excel Spoofing Vulnerability

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.

CVE-2023-1234: Chromium: CVE-2023-1234 Inappropriate implementation in Intents

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**