Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-35323: Windows OLE Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

Microsoft Security Response Center
#vulnerability#web#windows#rce#Windows Online Certificate Status Protocol (OCSP) SnapIn#Security Vulnerability
CVE-2023-35322: Windows Deployment Services Remote Code Execution Vulnerability

**How can attacker successfully exploit this vulnerability?** An attacker with user permissions could alter specific variables in the CNTCIR Packet of the WDSMA protocol in order to exploit this vulnerability. For more information about CNTCIR Packet see CNTCIR Packet.

CVE-2023-35313: Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

CVE-2023-35332: Windows Remote Desktop Protocol Security Feature Bypass

**What security feature is bypassed with this vulnerability?** The RDP Gateway protocol is enforcing the usage of Datagram Transport Layer Security (DTLS) version 1.0, which is a deprecated (RFC 8996) protocol with known vulnerabilities. An attacker with a machine-in-the-middle (MitM) position who successfully exploited this vulnerability could compromise the confidentiality and integrity of data when the targeted user connects to a trusted server.

CVE-2023-35331: Windows Local Security Authority (LSA) Denial of Service Vulnerability

**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.

CVE-2023-35325: Windows Print Spooler Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

CVE-2023-35317: Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited this vulnerability could gain administrator privileges.

CVE-2023-35328: Windows Transaction Manager Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-35326: Windows CDP User Components Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

CVE-2023-35315: Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An unauthenticated attacker could exploit the vulnerability by sending a specially crafted request to a Windows Server configured as a Layer-2 Bridge.