#microsoft

**According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

**How could an attacker exploit this vulnerability?** Exploitation requires the victim to open a malicious Microsoft Office Project file on a system where the Block macros from running in Office files from the Internet policy is disabled and VBA Macro Notification Settings are not enabled allowing the attacker to perform remote code execution. * In an email attack scenario, an attacker could send the malicious file to the victim and convince them to open the file. * In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a malicious file designed to exploit the vulnerability. An attacker would have no way to force the victim to visit the website. Instead, an attacker would have to convince the victim to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the malicious file.

**How could an attacker exploit this vulnerability?** To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**Why is this Red Hat, Inc. CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Linux Shim boot. It is being documented in the Security Update Guide to announce that the latest builds of Microsoft Windows address this vulnerability by blocking old, unpatched, Linux boot loaders by applying SBAT (Secure Boot Advanced Targeting) EFI variables in the UEFI library. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. For more information see: CVE-2023-40547.

**According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) and integrity (I:L) but does not impact availability (A:N)? What does that mean for this vulnerability?** The attacker is only able to modify the sender's name of Teams message (I:L) and through social engineering, attempt to trick the recipient into disclosing information (C:L). The availability of the product cannot be affected (A:N).

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of stack memory.

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of stack memory.

**According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

**According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.