Security
Headlines
HeadlinesLatestCVEs

Tag

#web

CVE-2023-33148: Microsoft Office Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to local clients only.

Microsoft Security Response Center
Open in Source
#vulnerability#web#microsoft#Microsoft Office#Security Vulnerability
CVE-2023-35332: Windows Remote Desktop Protocol Security Feature Bypass

**What security feature is bypassed with this vulnerability?** The RDP Gateway protocol is enforcing the usage of Datagram Transport Layer Security (DTLS) version 1.0, which is a deprecated (RFC 8996) protocol with known vulnerabilities. An attacker with a machine-in-the-middle (MitM) position who successfully exploited this vulnerability could compromise the confidentiality and integrity of data when the targeted user connects to a trusted server.

CVE-2023-33174: Windows Cryptographic Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

CVE-2023-33170: ASP.NET and Visual Studio Security Feature Bypass Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment.

CVE-2023-32052: Microsoft Power Apps Spoofing Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

CVE-2023-32051: Raw Image Extension Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious file and convince them to open it.

CVE-2023-32053: Windows Installer Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-32055: Active Template Library Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

CVE-2023-32050: Windows Installer Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.