Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-38139: Windows Kernel Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#Windows Kernel#Security Vulnerability
CVE-2023-38140: Windows Kernel Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

CVE-2023-38141: Windows Kernel Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-38146: Windows Themes Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker would need to convince a targeted user to load a Windows Themes file on a vulnerable system with access to an attacker-controlled SMB share.

CVE-2023-38147: Windows Miracast Wireless Display Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** Exploiting this vulnerability requires an attacker to be within proximity of the target system in order to send and receive radio transmissions.

CVE-2023-36803: Windows Kernel Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

CVE-2023-38142: Windows Kernel Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-38143: Windows Common Log File System Driver Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-38144: Windows Common Log File System Driver Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now

Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that could result in arbitrary code execution or a crash. Apple Security Engineering and Architecture (SEAR