Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Microsoft Patch Tuesday, November 2023 Edition

Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three "zero day" vulnerabilities that Microsoft warns are already being exploited in active attacks.

Krebs on Security
Open in Source
#vulnerability#web#windows#microsoft#dos#auth#zero_day#asp.net#blog
CVE-2023-36007

Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability

GHSA-c3hf-8vgx-72rh: Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability

# Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 7.0 and .NET 8.0 RC2. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. An elevation of privilege vulnerability exists in .NET where untrusted URIs provided to System.Net.WebRequest.Create can be used to inject arbitrary commands to backend FTP servers. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/287 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 6.0 application running on .NET 6.0.24 or earlier. * Any .NET 7.0 application running on .NET 7.0.13 or e...

GHSA-3fx3-85r4-8j3w: Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability

# Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 6.0, ASP.NET Core 7.0 and, ASP.NET Core 8.0 RC2. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. A security feature bypass vulnerability exists in ASP.NET where an unauthenticated user is able to bypass validation on Blazor server forms which could trigger unintended actions. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/288 ### <a name="mitigation-factors"></a>Mitigation factors This vulnerability only affects ASP.NET Core Blazor apps. Other application types, including ASP.NET Core apps which do not utilize Blazor, are not affected. ## <a name="affected-software"></a>Affected software * Any ASP...

Microsoft discloses only three critical vulnerabilities in November’s Patch Tuesday update, three other zero-days

In all, this set of vulnerabilities Microsoft patched includes 57 vulnerabilities, 54 of which are considered “important.”

CVE-2023-36041

Microsoft Excel Remote Code Execution Vulnerability

CVE-2023-36428

Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability

CVE-2023-36402

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2023-36030

Microsoft Dynamics 365 Sales Spoofing Vulnerability

CVE-2023-36401

Microsoft Remote Registry Service Remote Code Execution Vulnerability