This report contains detail for the following vulnerabilities:
| CVE Issued by | Tag | CVE ID | CVE Title |
|---|---|---|---|
| Microsoft | .NET and Visual Studio | CVE-2023-33127 | .NET and Visual Studio Elevation of Privilege Vulnerability |
| Microsoft | ASP.NET and Visual Studio | CVE-2023-33170 | ASP.NET and Visual Studio Security Feature Bypass Vulnerability |
| Microsoft | Azure Active Directory | CVE-2023-36871 | Azure Active Directory Security Feature Bypass Vulnerability |
| Microsoft | Azure Active Directory | CVE-2023-35348 | Active Directory Federation Service Security Feature Bypass Vulnerability |
| Microsoft | Microsoft Dynamics | CVE-2023-33171 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| Microsoft | Microsoft Dynamics | CVE-2023-35335 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| Microsoft | Microsoft Graphics Component | CVE-2023-33149 | Microsoft Office Graphics Remote Code Execution Vulnerability |
| Microsoft | Microsoft Graphics Component | CVE-2023-21756 | Windows Win32k Elevation of Privilege Vulnerability |
| Microsoft | Microsoft Media-Wiki Extensions | CVE-2023-35333 | MediaWiki PandocUpload Extension Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office | CVE-2023-33148 | Microsoft Office Elevation of Privilege Vulnerability |
| Microsoft | Microsoft Office | CVE-2023-36884 | Office and Windows HTML Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office | CVE-2023-33150 | Microsoft Office Security Feature Bypass Vulnerability |
| Microsoft | Microsoft Office Access | CVE-2023-33152 | Microsoft ActiveX Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Excel | CVE-2023-33158 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Excel | CVE-2023-33161 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Excel | CVE-2023-33162 | Microsoft Excel Information Disclosure Vulnerability |
| Microsoft | Microsoft Office Outlook | CVE-2023-33151 | Microsoft Outlook Spoofing Vulnerability |
| Microsoft | Microsoft Office Outlook | CVE-2023-33153 | Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Outlook | CVE-2023-35311 | Microsoft Outlook Security Feature Bypass Vulnerability |
| Microsoft | Microsoft Office SharePoint | CVE-2023-33134 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office SharePoint | CVE-2023-33160 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office SharePoint | CVE-2023-33165 | Microsoft SharePoint Server Security Feature Bypass Vulnerability |
| Microsoft | Microsoft Office SharePoint | CVE-2023-33157 | Microsoft SharePoint Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office SharePoint | CVE-2023-33159 | Microsoft SharePoint Server Spoofing Vulnerability |
| Microsoft | Microsoft Power Apps | CVE-2023-32052 | Microsoft Power Apps Spoofing Vulnerability |
| Microsoft | Microsoft Printer Drivers | CVE-2023-32085 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| Microsoft | Microsoft Printer Drivers | CVE-2023-35302 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| Microsoft | Microsoft Printer Drivers | CVE-2023-35296 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| Microsoft | Microsoft Printer Drivers | CVE-2023-35324 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| Microsoft | Microsoft Printer Drivers | CVE-2023-32040 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| Microsoft | Microsoft Printer Drivers | CVE-2023-35306 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| Microsoft | Microsoft Printer Drivers | CVE-2023-32039 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| Microsoft | Microsoft Windows Codecs Library | CVE-2023-35303 | USB Audio Class System Driver Remote Code Execution Vulnerability |
| Microsoft | Microsoft Windows Codecs Library | CVE-2023-36872 | VP9 Video Extensions Information Disclosure Vulnerability |
| Microsoft | Microsoft Windows Codecs Library | CVE-2023-32051 | Raw Image Extension Remote Code Execution Vulnerability |
| Microsoft | Mono Authenticode | CVE-2023-35373 | Mono Authenticode Validation Spoofing Vulnerability |
| Microsoft | Paint 3D | CVE-2023-35374 | Paint 3D Remote Code Execution Vulnerability |
| Microsoft | Paint 3D | CVE-2023-32047 | Paint 3D Remote Code Execution Vulnerability |
| Microsoft | Role: DNS Server | CVE-2023-35310 | Windows DNS Server Remote Code Execution Vulnerability |
| Microsoft | Role: DNS Server | CVE-2023-35346 | Windows DNS Server Remote Code Execution Vulnerability |
| Microsoft | Role: DNS Server | CVE-2023-35345 | Windows DNS Server Remote Code Execution Vulnerability |
| Microsoft | Role: DNS Server | CVE-2023-35344 | Windows DNS Server Remote Code Execution Vulnerability |
| Microsoft | Service Fabric | CVE-2023-36868 | Azure Service Fabric on Windows Information Disclosure Vulnerability |
| Microsoft | Visual Studio Code | CVE-2023-36867 | Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability |
| Microsoft | Windows Active Directory Certificate Services | CVE-2023-35351 | Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability |
| Microsoft | Windows Active Directory Certificate Services | CVE-2023-35350 | Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability |
| Microsoft | Windows Active Template Library | CVE-2023-32055 | Active Template Library Elevation of Privilege Vulnerability |
| Microsoft | Windows Admin Center | CVE-2023-29347 | Windows Admin Center Spoofing Vulnerability |
| Microsoft | Windows App Store | CVE-2023-35347 | Microsoft Install Service Elevation of Privilege Vulnerability |
| Microsoft | Windows Authentication Methods | CVE-2023-35329 | Windows Authentication Denial of Service Vulnerability |
| Microsoft | Windows CDP User Components | CVE-2023-35326 | Windows CDP User Components Information Disclosure Vulnerability |
| Microsoft | Windows Certificates | ADV230001 | Guidance on Microsoft Signed Drivers Being Used Maliciously |
| Microsoft | Windows Clip Service | CVE-2023-35362 | Windows Clip Service Elevation of Privilege Vulnerability |
| Microsoft | Windows Cloud Files Mini Filter Driver | CVE-2023-33155 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows Cluster Server | CVE-2023-32033 | Microsoft Failover Cluster Remote Code Execution Vulnerability |
| Microsoft | Windows CNG Key Isolation Service | CVE-2023-35340 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability |
| Microsoft | Windows Common Log File System Driver | CVE-2023-35299 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows Connected User Experiences and Telemetry | CVE-2023-35320 | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability |
| Microsoft | Windows Connected User Experiences and Telemetry | CVE-2023-35353 | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability |
| Microsoft | Windows CryptoAPI | CVE-2023-35339 | Windows CryptoAPI Denial of Service Vulnerability |
| Microsoft | Windows Cryptographic Services | CVE-2023-33174 | Windows Cryptographic Information Disclosure Vulnerability |
| Microsoft | Windows Defender | CVE-2023-33156 | Microsoft Defender Elevation of Privilege Vulnerability |
| Microsoft | Windows Deployment Services | CVE-2023-35322 | Windows Deployment Services Remote Code Execution Vulnerability |
| Microsoft | Windows Deployment Services | CVE-2023-35321 | Windows Deployment Services Denial of Service Vulnerability |
| Microsoft | Windows EFI Partition | ADV230002 | Microsoft Guidance for Addressing Security Feature Bypass in Trend Micro EFI Modules |
| Microsoft | Windows Error Reporting | CVE-2023-36874 | Windows Error Reporting Service Elevation of Privilege Vulnerability |
| Microsoft | Windows Failover Cluster | CVE-2023-32083 | Microsoft Failover Cluster Information Disclosure Vulnerability |
| Microsoft | Windows Geolocation Service | CVE-2023-35343 | Windows Geolocation Service Remote Code Execution Vulnerability |
| Microsoft | Windows HTTP.sys | CVE-2023-32084 | HTTP.sys Denial of Service Vulnerability |
| Microsoft | Windows HTTP.sys | CVE-2023-35298 | HTTP.sys Denial of Service Vulnerability |
| Microsoft | Windows Image Acquisition | CVE-2023-35342 | Windows Image Acquisition Elevation of Privilege Vulnerability |
| Microsoft | Windows Installer | CVE-2023-32053 | Windows Installer Elevation of Privilege Vulnerability |
| Microsoft | Windows Installer | CVE-2023-32050 | Windows Installer Elevation of Privilege Vulnerability |
| Microsoft | Windows Kernel | CVE-2023-35304 | Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft | Windows Kernel | CVE-2023-35363 | Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft | Windows Kernel | CVE-2023-35305 | Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft | Windows Kernel | CVE-2023-35356 | Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft | Windows Kernel | CVE-2023-35357 | Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft | Windows Kernel | CVE-2023-35358 | Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft | Windows Layer 2 Tunneling Protocol | CVE-2023-32037 | Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability |
| Microsoft | Windows Layer-2 Bridge Network Driver | CVE-2023-35315 | Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability |
| Microsoft | Windows Local Security Authority (LSA) | CVE-2023-35331 | Windows Local Security Authority (LSA) Denial of Service Vulnerability |
| Microsoft | Windows Media | CVE-2023-35341 | Microsoft DirectMusic Information Disclosure Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2023-32057 | Microsoft Message Queuing Remote Code Execution Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2023-35309 | Microsoft Message Queuing Remote Code Execution Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2023-32045 | Microsoft Message Queuing Denial of Service Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2023-32044 | Microsoft Message Queuing Denial of Service Vulnerability |
| Microsoft | Windows MSHTML Platform | CVE-2023-32046 | Windows MSHTML Platform Elevation of Privilege Vulnerability |
| Microsoft | Windows MSHTML Platform | CVE-2023-35336 | Windows MSHTML Platform Security Feature Bypass Vulnerability |
| Microsoft | Windows MSHTML Platform | CVE-2023-35308 | Windows MSHTML Platform Security Feature Bypass Vulnerability |
| Microsoft | Windows Netlogon | CVE-2023-21526 | Windows Netlogon Information Disclosure Vulnerability |
| Microsoft | Windows Network Load Balancing | CVE-2023-33163 | Windows Network Load Balancing Remote Code Execution Vulnerability |
| Microsoft | Windows NT OS Kernel | CVE-2023-35361 | Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft | Windows NT OS Kernel | CVE-2023-35364 | Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft | Windows NT OS Kernel | CVE-2023-35360 | Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft | Windows ODBC Driver | CVE-2023-32038 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
| Microsoft | Windows OLE | CVE-2023-32042 | OLE Automation Information Disclosure Vulnerability |
| Microsoft | Windows Online Certificate Status Protocol (OCSP) SnapIn | CVE-2023-35323 | Windows OLE Remote Code Execution Vulnerability |
| Microsoft | Windows Online Certificate Status Protocol (OCSP) SnapIn | CVE-2023-35313 | Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability |
| Microsoft | Windows Partition Management Driver | CVE-2023-33154 | Windows Partition Management Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows Peer Name Resolution Protocol | CVE-2023-35338 | Windows Peer Name Resolution Protocol Denial of Service Vulnerability |
| Microsoft | Windows PGM | CVE-2023-35297 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability |
| Microsoft | Windows Print Spooler Components | CVE-2023-35325 | Windows Print Spooler Information Disclosure Vulnerability |
| Microsoft | Windows Remote Desktop | CVE-2023-35352 | Windows Remote Desktop Security Feature Bypass Vulnerability |
| Microsoft | Windows Remote Desktop | CVE-2023-32043 | Windows Remote Desktop Security Feature Bypass Vulnerability |
| Microsoft | Windows Remote Desktop | CVE-2023-35332 | Windows Remote Desktop Protocol Security Feature Bypass |
| Microsoft | Windows Remote Procedure Call | CVE-2023-35300 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Microsoft | Windows Remote Procedure Call | CVE-2023-33168 | Remote Procedure Call Runtime Denial of Service Vulnerability |
| Microsoft | Windows Remote Procedure Call | CVE-2023-33173 | Remote Procedure Call Runtime Denial of Service Vulnerability |
| Microsoft | Windows Remote Procedure Call | CVE-2023-33172 | Remote Procedure Call Runtime Denial of Service Vulnerability |
| Microsoft | Windows Remote Procedure Call | CVE-2023-32035 | Remote Procedure Call Runtime Denial of Service Vulnerability |
| Microsoft | Windows Remote Procedure Call | CVE-2023-33166 | Remote Procedure Call Runtime Denial of Service Vulnerability |
| Microsoft | Windows Remote Procedure Call | CVE-2023-32034 | Remote Procedure Call Runtime Denial of Service Vulnerability |
| Microsoft | Windows Remote Procedure Call | CVE-2023-33167 | Remote Procedure Call Runtime Denial of Service Vulnerability |
| Microsoft | Windows Remote Procedure Call | CVE-2023-33169 | Remote Procedure Call Runtime Denial of Service Vulnerability |
| Microsoft | Windows Remote Procedure Call | CVE-2023-35318 | Remote Procedure Call Runtime Denial of Service Vulnerability |
| Microsoft | Windows Remote Procedure Call | CVE-2023-33164 | Remote Procedure Call Runtime Denial of Service Vulnerability |
| Microsoft | Windows Remote Procedure Call | CVE-2023-35319 | Remote Procedure Call Runtime Denial of Service Vulnerability |
| Microsoft | Windows Remote Procedure Call | CVE-2023-35316 | Remote Procedure Call Runtime Information Disclosure Vulnerability |
| Microsoft | Windows Remote Procedure Call | CVE-2023-35314 | Remote Procedure Call Runtime Denial of Service Vulnerability |
| Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2023-35367 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2023-35366 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2023-35365 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| Microsoft | Windows Server Update Service | CVE-2023-35317 | Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability |
| Microsoft | Windows Server Update Service | CVE-2023-32056 | Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability |
| Microsoft | Windows SmartScreen | CVE-2023-32049 | Windows SmartScreen Security Feature Bypass Vulnerability |
| Microsoft | Windows SPNEGO Extended Negotiation | CVE-2023-35330 | Windows Extended Negotiation Denial of Service Vulnerability |
| Microsoft | Windows Transaction Manager | CVE-2023-35328 | Windows Transaction Manager Elevation of Privilege Vulnerability |
| Microsoft | Windows Update Orchestrator Service | CVE-2023-32041 | Windows Update Orchestrator Service Information Disclosure Vulnerability |
| Microsoft | Windows VOLSNAP.SYS | CVE-2023-35312 | Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability |
| Microsoft | Windows Volume Shadow Copy | CVE-2023-32054 | Volume Shadow Copy Elevation of Privilege Vulnerability |
| Microsoft | Windows Win32K | CVE-2023-35337 | Win32k Elevation of Privilege Vulnerability |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-21756
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-21756 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-21756 | Microsoft Input and Composition Servicing team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33148
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to local clients only. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33148 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.5571.1000 | Maybe | None |
| Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.5571.1000 | Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| CVE ID | Acknowledgements |
| CVE-2023-33148 | Ruslan Sayfiev and Denis Faiustov |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33149
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Graphics Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: Is the Preview Pane an attack vector for this vulnerability? Yes, the Preview Pane is an attack vector. There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33149 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2013 RT Service Pack 1 | 5002400 (Security Update) 5001952 (Security Update) |
Important | Remote Code Execution | 5002279 4464542 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.5571.1000 | Maybe | None |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | 5002400 (Security Update) 5001952 (Security Update) |
Important | Remote Code Execution | 5002279 4464542 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.5571.1000 | Maybe | None |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | 5002400 (Security Update) 5001952 (Security Update) |
Important | Remote Code Execution | 5002279 4464542 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.5571.1000 | Maybe | None |
| Microsoft Office 2016 (32-bit edition) | 5002419 (Security Update) 4493154 (Security Update) |
Important | Remote Code Execution | 5002288 4011628 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5404.1000 | Maybe | None |
| Microsoft Office 2016 (64-bit edition) | 5002419 (Security Update) 4493154 (Security Update) |
Important | Remote Code Execution | 5002288 4011628 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5404.1000 | Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.75.23070901 | Maybe | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.75.23070901 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-33149 | willJ of vulnerability research institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33150
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.6/TemporalScore:8.3
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires the victim to open a specially crafted file and click through Office Security Prompt(s). An attacker would have no way to force users to open the file.,
Is the Attachment Preview Pane an attack vector for this vulnerability? Yes. The attachment Preview Pane that is accessed when a user clicks to preview an attached file is an attack vector; however, the email Preview Pane itself is not. What kind of security feature could be bypassed by successfully exploiting this vulnerability? Successful exploitation of this vulnerability would allow an attacker to escape the Office Protected View. Is Application Guard for Office affected by this vulnerability? No. Customers using Application Guard for Office are not affected. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33150 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 9.6 Temporal: 8.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 9.6 Temporal: 8.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 9.6 Temporal: 8.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 9.6 Temporal: 8.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 9.6 Temporal: 8.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 9.6 Temporal: 8.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Word 2013 RT Service Pack 1 | 5002411 (Security Update) | Important | Security Feature Bypass | 5002365 | Base: 9.6 Temporal: 8.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.5571.1000 | Maybe | None |
| Microsoft Word 2013 Service Pack 1 (32-bit editions) | 5002411 (Security Update) | Important | Security Feature Bypass | 5002365 | Base: 9.6 Temporal: 8.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.5571.1000 | Maybe | None |
| Microsoft Word 2013 Service Pack 1 (64-bit editions) | 5002411 (Security Update) | Important | Security Feature Bypass | 5002365 | Base: 9.6 Temporal: 8.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.5571.1000 | Maybe | None |
| Microsoft Word 2016 (32-bit edition) | 5002406 (Security Update) | Important | Security Feature Bypass | 5002369 | Base: 9.6 Temporal: 8.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5404.1000 | Maybe | None |
| Microsoft Word 2016 (64-bit edition) | 5002406 (Security Update) | Important | Security Feature Bypass | 5002369 | Base: 9.6 Temporal: 8.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5404.1000 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-33150 | Ben Lichtman |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33151
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Outlook Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. Is the Preview Pane an attack vector for this vulnerability? Yes. The Preview Pane is an attack vector, but additional user interaction is required. What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of NetNTLMv2 hashes. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33151 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Outlook 2013 (32-bit editions) | 5002432 (Security Update) | Important | Spoofing | 5002382 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
15.0.5571.1000 | Maybe | None |
| Microsoft Outlook 2013 (64-bit editions) | 5002432 (Security Update) | Important | Spoofing | 5002382 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
15.0.5571.1000 | Maybe | None |
| Microsoft Outlook 2013 RT Service Pack 1 | 5002432 (Security Update) | Important | Spoofing | 5002382 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
15.0.5571.1000 | Maybe | None |
| Microsoft Outlook 2016 (32-bit edition) | 5002427 (Security Update) | Important | Spoofing | 5002387 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.0.5404.1000 | Maybe | None |
| Microsoft Outlook 2016 (64-bit edition) | 5002427 (Security Update) | Important | Spoofing | 5002387 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.0.5404.1000 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-33151 | Jordan Hopkins - Rootshell Security |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33152
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft ActiveX Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the victim to open a document and click through multiple warning popups for the attack to be initiated. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33152 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2013 RT Service Pack 1 | 5002069 (Security Update) | Important | Remote Code Execution | 4018332 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.5571.1000 | Maybe | None |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | 5002069 (Security Update) | Important | Remote Code Execution | 4018332 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.5571.1000 | Maybe | None |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | 5002069 (Security Update) | Important | Remote Code Execution | 4018332 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.5571.1000 | Maybe | None |
| Microsoft Office 2016 (32-bit edition) | 5002058 (Security Update) | Important | Remote Code Execution | 4461476 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5404.1000 | Maybe | None |
| Microsoft Office 2016 (64-bit edition) | 5002058 (Security Update) | Important | Remote Code Execution | 4461476 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5404.1000 | Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| CVE ID | Acknowledgements |
| CVE-2023-33152 | Greg Linares (@Laughing_Mantis) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33153
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Outlook Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33153 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2013 RT Service Pack 1 | 4464506 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
15.0.5571.1000 | Maybe | None |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4464506 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
15.0.5571.1000 | Maybe | None |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4464506 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
15.0.5571.1000 | Maybe | None |
| Microsoft Office 2016 (32-bit edition) | 4475581 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
16.0.5404.1000 | Maybe | None |
| Microsoft Office 2016 (64-bit edition) | 4475581 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
16.0.5404.1000 | Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| CVE ID | Acknowledgements |
| CVE-2023-33153 | Greg Linares (@Laughing_Mantis) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33165
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.3/TemporalScore:3.8
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker who successfully exploits the vulnerability could download files without the access being logged. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker could bypass the logging of downloaded files. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33165 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SharePoint Server 2019 | 5002423 (Security Update) | Important | Security Feature Bypass | 5002402 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C |
16.0.10400.20008 | Maybe | None |
| Microsoft SharePoint Server Subscription Edition | 5002424 (Security Update) | Important | Security Feature Bypass | 5002416 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C |
16.0.16130.20642 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-33165 | Anonymous Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33166
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Remote Procedure Call Runtime Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33166 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-33166 | Microsoft Offensive Research & Security Engineering. with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33167
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Remote Procedure Call Runtime Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33167 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-33167 | Microsoft Offensive Research & Security Engineering with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33168
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Remote Procedure Call Runtime Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33168 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-33168 | Microsoft Offensive Research & Security Engineering with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33169
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Remote Procedure Call Runtime Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33169 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-33169 | Microsoft Offensive Research & Security Engineering with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33172
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Remote Procedure Call Runtime Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33172 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-33172 | Microsoft Offensive Research & Security Engineering with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33173
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Remote Procedure Call Runtime Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33173 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-33173 | Microsoft Offensive Research & Security Engineering with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33174
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Cryptographic Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33174 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Information Disclosure | 5027230 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Information Disclosure | 5027230 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Information Disclosure | 5027279 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Information Disclosure | 5027279 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Information Disclosure | 5027279 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Information Disclosure | 5027279 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Information Disclosure | 5027275 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Information Disclosure | 5027275 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Information Disclosure | 5027283 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Information Disclosure | 5027283 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Information Disclosure | 5027271 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Information Disclosure | 5027271 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-33174 | ziming zhang with Ant Security Light-Year Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32033
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Failover Cluster Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. Only users with roles “Cluster Admin” and “Cluster Operator” can access this. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32033 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-32033 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32034
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Remote Procedure Call Runtime Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32034 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-32034 | Microsoft Offensive Research & Security Engineering with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32035
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Remote Procedure Call Runtime Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32035 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-32035 | Microsoft Offensive Research & Security Engineering with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32037
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability? This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32037 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2019 | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-32037 | greenbamboo |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32038
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft ODBC Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. Mitigations: The following mitigating factors might be helpful in your situation: Exploitation of this vulnerability requires an attacker to trick or convince the victim into connecting to their malicious server. If your environment only connects to known, trusted servers and there is no ability to reconfigure existing connections to point to another location (e.g., you use TLS encryption with certificate validation), the vulnerability cannot be exploited. Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32038 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Remote Code Execution | 5027230 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Remote Code Execution | 5027230 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Remote Code Execution | 5027223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Remote Code Execution | 5027223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Remote Code Execution | 5027231 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Remote Code Execution | 5027231 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-32038 | guoxi with Venustech ADLab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32039
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32039 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Information Disclosure | 5027230 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Information Disclosure | 5027230 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Information Disclosure | 5027283 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Information Disclosure | 5027283 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Information Disclosure | 5027271 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Information Disclosure | 5027271 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-32039 | kap0k |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32040
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32040 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Information Disclosure | 5027230 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Information Disclosure | 5027230 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Information Disclosure | 5027283 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Information Disclosure | 5027283 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Information Disclosure | 5027271 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Information Disclosure | 5027271 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-32040 | kap0k |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32041
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Update Orchestrator Service Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32041 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2016 | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-32041 | R4nger and Kap0k |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32042
MITRE NVD Issuing CNA: Microsoft |
CVE Title: OLE Automation Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32042 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Information Disclosure | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Information Disclosure | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Information Disclosure | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Information Disclosure | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Information Disclosure | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Information Disclosure | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Information Disclosure | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Information Disclosure | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Information Disclosure | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Information Disclosure | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Information Disclosure | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Information Disclosure | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-32042 | R4nger |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32043
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: What security feature is being bypassed? An attacker with a machine-in-the-middle (MitM) position who successfully exploited this vulnerability could bypass the certificate validation performed when a targeted user connects to a trusted server. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32043 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Security Feature Bypass | 5027230 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Security Feature Bypass | 5027230 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Security Feature Bypass | 5027223 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Security Feature Bypass | 5027223 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Security Feature Bypass | 5027231 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Security Feature Bypass | 5027231 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Security Feature Bypass | 5027279 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Security Feature Bypass | 5027279 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Security Feature Bypass | 5027279 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Security Feature Bypass | 5027279 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Security Feature Bypass | 5027275 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Security Feature Bypass | 5027275 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Security Feature Bypass | 5027283 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Security Feature Bypass | 5027283 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Security Feature Bypass | 5027271 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Security Feature Bypass | 5027271 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Security Feature Bypass | 5027225 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Security Feature Bypass | 5027225 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-32043 | Lee Riefberg |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32044
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32044 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-32044 | Yuki Chen with Cyber KunLun Jarvis_1oop of vulnerability research institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32045
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32045 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-32045 | Jarvis_1oop of vulnerability research institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32046
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows MSHTML Platform Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. What privileges could be gained by an attacker who successfully exploited the vulnerability? The attacker would gain the rights of the user that is running the affected application. The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32046 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) 5028167 (IE Cumulative) |
Important | Elevation of Privilege | 5027279 5026366 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 1.001 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) 5028167 (IE Cumulative) |
Important | Elevation of Privilege | 5027279 5026366 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 1.001 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) 5028167 (IE Cumulative) |
Important | Elevation of Privilege | 5027279 5026366 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 1.001 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) 5028167 (IE Cumulative) |
Important | Elevation of Privilege | 5027279 5026366 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 1.001 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028167 (IE Cumulative) 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Elevation of Privilege | 5026366 5027275 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
1.001 6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028167 (IE Cumulative) 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Elevation of Privilege | 5026366 5027275 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
1.001 6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028167 (IE Cumulative) 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5026366 5027283 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
1.001 6.2.9200.24374 |
Yes | None |
| Windows Server 2012 (Server Core installation) | 5028167 (IE Cumulative) 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5026366 5027283 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
1.001 6.2.9200.24374 |
Yes | None |
| Windows Server 2012 R2 | 5028167 (IE Cumulative) 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5026366 5027271 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
1.001 6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028167 (IE Cumulative) 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5026366 5027271 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
1.001 6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-32046 | MSTIC MSTIC |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32047
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Paint 3D Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environment; is it vulnerable? Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. How can I check if the update is installed? App package versions 6.2305.16087.0 and later contain this update. You can check the package version in PowerShell:
Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Unlikely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32047 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Paint 3D | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2305.16087.0 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-32047 | Keqi Hu |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| ADV230002
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Guidance for Addressing Security Feature Bypass in Trend Micro EFI Modules
CVSS: None Executive Summary: Trend Micro has released CVE-2023-28005 to address a secure boot bypass. Subsequently Microsoft has released the July Windows security updates to block the vulnerable UEFI modules by using the DBX (UEFI Secure Boot Forbidden Signature Database) disallow list. To exploit this vulnerability, an attacker would need to have administrative privileges or physical access on a system where Secure Boot is configured to trust the Microsoft Unified Extensible Firmware Interface (UEFI) Certificate Authority (CA). CVEs released for this issue: CVE-2023-28005. Recommended Actions:Microsoft recommends that all customers install the latest Windows security updates. Background InformationIn 2012, Microsoft introduced the Secure Boot feature into the then-new, UEFI-based PC ecosystem. UEFI Secure Boot is an anti-rootkit feature that defends the boot process from untrusted code execution. As part of enabling this feature, Microsoft signs boot code both for Windows and 3rd-parties including Linux distributions. This boot code allows Linux systems to take advantage of Secure Boot. What is UEFI? UEFI (Unified Extensible Firmware Interface) defines the interactions between the operating system and the platform firmware. The Secure Boot feature of UEFI prevents the loading of operating system loaders and firmware drivers that are not signed by a trusted signature. What is DBX? DBX is the Forbidden Signature Database and tracks the revoked boot images. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| ADV230002 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Security Feature Bypass | 5027230 | Base: N/A Temporal: N/A Vector: N/A |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Security Feature Bypass | 5027230 | Base: N/A Temporal: N/A Vector: N/A |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: N/A Temporal: N/A Vector: N/A |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: N/A Temporal: N/A Vector: N/A |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Security Feature Bypass | 5027223 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Security Feature Bypass | 5027223 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Security Feature Bypass | 5027231 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Security Feature Bypass | 5027231 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Security Feature Bypass | 5027283 |
Base: N/A Temporal: N/A Vector: N/A |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Security Feature Bypass | 5027283 |
Base: N/A Temporal: N/A Vector: N/A |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Security Feature Bypass | 5027271 |
Base: N/A Temporal: N/A Vector: N/A |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Security Feature Bypass | 5027271 |
Base: N/A Temporal: N/A Vector: N/A |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: N/A Temporal: N/A Vector: N/A |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: N/A Temporal: N/A Vector: N/A |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Security Feature Bypass | 5027225 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Security Feature Bypass | 5027225 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| ADV230002 | Zammis Clark |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32049
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows SmartScreen Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:8.2
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. What kind of security feature could be bypassed by successfully exploiting this vulnerability? The attacker would be able to bypass the Open File - Security Warning prompt. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32049 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Security Feature Bypass | 5027223 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Security Feature Bypass | 5027223 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Security Feature Bypass | 5027231 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Security Feature Bypass | 5027231 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2016 | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Security Feature Bypass | 5027225 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Security Feature Bypass | 5027225 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-32049 | Microsoft Threat Intelligence and Microsoft Office Product Group security team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32050
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Installer Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32050 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Elevation of Privilege | 5027275 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Elevation of Privilege | 5027275 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| CVE ID | Acknowledgements |
| CVE-2023-32050 | JeongOh Kyea of THEORI Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32051
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Raw Image Extension Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32051 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Raw Image Extension on Windows 10 Version 21H2 for 32-bit Systems | Update Information (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
2.0.61662.0 | Maybe | None |
| Raw Image Extension on Windows 10 Version 21H2 for ARM64-based Systems | Update Information (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
2.0.61662.0 | Maybe | None |
| Raw Image Extension on Windows 10 Version 21H2 for x64-based Systems | Update Information (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
2.0.61662.0 | Maybe | None |
| Raw Image Extension on Windows 10 Version 22H2 for 32-bit Systems | Update Information (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
2.0.61662.0 | Maybe | None |
| Raw Image Extension on Windows 10 Version 22H2 for ARM64-based Systems | Update Information (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
2.0.61662.0 | Maybe | None |
| Raw Image Extension on Windows 10 Version 22H2 for x64-based Systems | Update Information (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
2.0.61662.0 | Maybe | None |
| Raw Image Extension on Windows 11 version 21H2 for ARM64-based Systems | Update Information (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
2.0.61662.0 | Maybe | None |
| Raw Image Extension on Windows 11 version 21H2 for x64-based Systems | Update Information (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
2.0.61662.0 | Maybe | None |
| Raw Image Extension on Windows 11 Version 22H2 for ARM64-based Systems | Update Information (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
2.1.61661.0 | Maybe | None |
| Raw Image Extension on Windows 11 Version 22H2 for x64-based Systems | Update Information (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
2.1.61661.0 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-32051 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35313
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35313 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Remote Code Execution | 5027230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Remote Code Execution | 5027230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Remote Code Execution | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Remote Code Execution | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Remote Code Execution | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Remote Code Execution | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2016 | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35313 | kap0k |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35314
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Remote Procedure Call Runtime Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35314 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35314 | Microsoft Offensive Research & Security Engineering with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35315
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could exploit the vulnerability by sending a specially crafted request to a Windows Server configured as a Layer-2 Bridge. According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35315 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Critical | Remote Code Execution | 5027223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Critical | Remote Code Execution | 5027223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Critical | Remote Code Execution | 5027231 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Critical | Remote Code Execution | 5027231 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2019 | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Critical | Remote Code Execution | 5027225 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Critical | Remote Code Execution | 5027225 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35315 | greenbamboo |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35316
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Remote Procedure Call Runtime Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35316 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Information Disclosure | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Information Disclosure | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Information Disclosure | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Information Disclosure | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Information Disclosure | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Information Disclosure | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Information Disclosure | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Information Disclosure | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Information Disclosure | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Information Disclosure | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Information Disclosure | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Information Disclosure | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35316 | Microsoft Offensive Research & Security Engineering with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35317
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35317 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35317 | l1k3beef |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35318
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Remote Procedure Call Runtime Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35318 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35318 | Microsoft Offensive Research & Security Engineering with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35319
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Remote Procedure Call Runtime Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35319 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35319 | Microsoft Offensive Research & Security Engineering with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35320
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35320 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2016 | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35320 | JeongOh Kyea with THEORI |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35321
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Deployment Services Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35321 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35321 | Jarvis_1oop of vulnerability research institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35322
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Deployment Services Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How can attacker successfully exploit this vulnerability? An attacker with user permissions could alter specific variables in the CNTCIR Packet of the WDSMA protocol in order to exploit this vulnerability. For more information about CNTCIR Packet see CNTCIR Packet. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35322 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35322 | Jarvis_1oop of vulnerability research institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35323
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows OLE Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35323 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Remote Code Execution | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Remote Code Execution | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35323 | kap0k |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35324
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35324 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Information Disclosure | 5027230 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Information Disclosure | 5027230 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Information Disclosure | 5027283 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Information Disclosure | 5027283 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Information Disclosure | 5027271 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Information Disclosure | 5027271 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35324 | kap0k |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35325
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Print Spooler Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35325 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Information Disclosure | 5027230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Information Disclosure | 5027230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Information Disclosure | 5027283 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Information Disclosure | 5027283 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Information Disclosure | 5027271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Information Disclosure | 5027271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35325 | R4nger |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35326
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows CDP User Components Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35326 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2019 | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35326 | R4nger |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35328
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Transaction Manager Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35328 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Elevation of Privilege | 5027275 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Elevation of Privilege | 5027275 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35328 | eputv manavoid |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35329
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Authentication Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35329 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35329 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35330
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Extended Negotiation Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35330 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35330 | liubenjin with Codesafe Team of Legendsec at QI-ANXIN Group |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35331
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Local Security Authority (LSA) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35331 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35331 | Wei in Kunlun Lab with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35332
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Protocol Security Feature Bypass
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: What security feature is bypassed with this vulnerability? The RDP Gateway protocol is enforcing the usage of Datagram Transport Layer Security (DTLS) version 1.0, which is a deprecated (RFC 8996) protocol with known vulnerabilities. An attacker with a machine-in-the-middle (MitM) position who successfully exploited this vulnerability could compromise the confidentiality and integrity of data when the targeted user connects to a trusted server. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35332 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Security Feature Bypass | 5027230 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Security Feature Bypass | 5027230 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Security Feature Bypass | 5027223 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Security Feature Bypass | 5027223 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Security Feature Bypass | 5027231 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Security Feature Bypass | 5027231 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Security Feature Bypass | 5027275 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Security Feature Bypass | 5027275 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Security Feature Bypass | 5027283 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Security Feature Bypass | 5027283 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Security Feature Bypass | 5027271 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Security Feature Bypass | 5027271 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Security Feature Bypass | 5027225 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Security Feature Bypass | 5027225 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35332 | Dor Dali with Cyolo |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35333
MITRE NVD Issuing CNA: Microsoft |
CVE Title: MediaWiki PandocUpload Extension Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. According to the CVSS metric, the attack vector is network (AV:N), and privilege required is low (PR:L). What is the target used in the context of the remote code execution? The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call. The privilege requirement is low because the attacker needs to be authenticated as a normal user. How could an attacker exploit this vulnerability? An authenticated attacker could exploit this vulnerability by uploading a file with the destination name as a malicious payload due to shell arguments not being properly escaped. When successfully exploited this could allow the malicious actor to perform remote code execution. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35333 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| PandocUpload | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
1.0.1 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-35333 | bawolff |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35336
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows MSHTML Platform Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? A security feature bypass vulnerability exists when the MSHTML platform fails to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended. To exploit this vulnerability, an attacker could email or otherwise provide a specially crafted URL to a victim and convince them to click on it. The security update addresses the vulnerability by correcting security feature behavior to properly map affected URLs to the correct Security Zone. The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows except Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012. Why are IE Cumulative updates listed for Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35336 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Security Feature Bypass | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Security Feature Bypass | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Security Feature Bypass | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Security Feature Bypass | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Security Feature Bypass | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Security Feature Bypass | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) 5028167 (IE Cumulative) |
Important | Security Feature Bypass | 5027271 5026366 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 1.001 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) 5028167 (IE Cumulative) |
Important | Security Feature Bypass | 5027271 5026366 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 1.001 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Security Feature Bypass | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Security Feature Bypass | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35336 | Roberto Bamberger and Matt Wagenknecht with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35337
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35337 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35337 | 袁子建 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35338
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Peer Name Resolution Protocol Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35338 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35338 | Jarvis_1oop of vulnerability research institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35339
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows CryptoAPI Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35339 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2016 | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35339 | Polar Bear |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35340
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35340 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Elevation of Privilege | 5027275 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Elevation of Privilege | 5027275 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35340 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35341
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft DirectMusic Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.2/TemporalScore:5.4
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35341 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Information Disclosure | 5027230 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Information Disclosure | 5027230 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Information Disclosure | 5027275 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Information Disclosure | 5027275 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Information Disclosure | 5027283 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Information Disclosure | 5027283 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Information Disclosure | 5027271 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Information Disclosure | 5027271 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35341 | Vipin Kumar with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35342
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Image Acquisition Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35342 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Elevation of Privilege | 5027275 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Elevation of Privilege | 5027275 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35342 | OUYANG FEI T0 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35343
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Geolocation Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious input file and convince the user to open said input file. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35343 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Remote Code Execution | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Remote Code Execution | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Remote Code Execution | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Remote Code Execution | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2019 | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35343 | CHEN QINGYANG with Topsec Alpha Team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35344
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows DNS Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35344 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35344 | George Hughey with MSRC Vulnerabilities and Mitigations |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35345
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows DNS Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35345 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35345 | George Hughey with MSRC Vulnerabilities and Mitigations |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35346
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows DNS Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35346 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35346 | George Hughey with MSRC Vulnerabilities and Mitigations |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35347
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Install Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.1/TemporalScore:6.2
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metrics, successful exploitation of this vulnerability does not impact confidentiality (C:N) but has major impact on integrity (I:H) and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploits this vulnerability cannot access files but can overwrite their contents and potentially cause the service to become unavailable. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35347 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35347 | Filip Dragović with Infigo IS |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35348
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Active Directory Federation Service Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? An attacker would require access to a low privileged session on the user's device to obtain a JWT (JSON Web Token) which can then be used to craft a long-lived assertion using the Windows Hello for Business Key from the victim's device. According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of integrity (I:H)? What does that mean for this vulnerability? By exploiting this vulnerability, an attacker can craft a long-lived assertion and impersonate a victim user affecting the integrity of the assertion. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker can bypass Windows Trusted Platform Module by crafting an assertion and using the assertion to request a Primary Refresh Token from another device. What actions do I need to take to be protected from this vulnerability? To be protected, apply the fix as follows: Install Windows updates released on or after July 11, 2023 on all AD FS servers of the farm. Then, enable the setting by running the following PowerShell command on the primary AD FS server of the farm:
Important You may see authentication failures in certain scenarios when there are clients that are not updated and send JWT authentication requests to the AD FS server. In such cases, we recommend updating all clients by installing the Windows update released on or after July 11, 2023. Alternatively, an administrator can disable the EnforceNonceInJWT setting and monitor the AD FS servers for the logging of Event 187 to identify potential requests that could be rejected when EnforceNonceInJWT is set to Enabled. After confirming the absence of Event 187 on AD FS servers for a defined period of time, the EnforceNonceInJWT setting must be updated to Enabled. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35348 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2016 | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Security Feature Bypass | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Security Feature Bypass | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35348 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35350
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.2/TemporalScore:6.3
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker with Certificate Authority (CA) read access permissions can send a specially crafted request to a vulnerable Certificate Server. By default, only domain administrators are granted CA read access. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35350 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35350 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35351
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit this vulnerability? An attacker with Certificate Authority (CA) read access permissions can send a specially crafted request to a vulnerable Certificate Server. By default, only domain administrators are granted CA read access. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35351 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35351 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35352
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited the vulnerability could bypass certificate or private key authentication when establishing a remote desktop protocol session. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Critical | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35352 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Critical | Security Feature Bypass | 5027283 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Critical | Security Feature Bypass | 5027283 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Critical | Security Feature Bypass | 5027271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Critical | Security Feature Bypass | 5027271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Critical | Security Feature Bypass | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Critical | Security Feature Bypass | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Critical | Security Feature Bypass | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Critical | Security Feature Bypass | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Critical | Security Feature Bypass | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Critical | Security Feature Bypass | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35352 | Dor Dali with Cyolo |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35353
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35353 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2016 | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35353 | George Hughey with MSRC Vulnerabilities & Mitigations |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35356
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35356 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2016 | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35356 | Mateusz Jurczyk of Google Project Zero |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35357
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35357 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2016 | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35357 | Mateusz Jurczyk of Google Project Zero |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35358
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35358 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2016 | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35358 | Mateusz Jurczyk of Google Project Zero |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35360
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35360 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35360 | Microsoft Offensive Research & Security Engineering |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35361
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35361 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35361 | ziming zhang with Ant Security Light-Year Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35362
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Clip Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35362 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2016 | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35362 | ziming zhang with Ant Security Light-Year Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35363
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35363 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35363 | ziming zhang with Ant Security Light-Year Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35364
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35364 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35364 | ziming zhang with Ant Security Light-Year Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35365
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.8/TemporalScore:8.5
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would need to send specially crafted packets to a server configured with the Routing and Remote Access Service running. Mitigations: This vulnerability is only exploitable on Windows Servers that have installed and configured the Routing and Remote Access Service (RRAS) role which is not installed and configured by default. Please see Routing and Remote Access Server (RRAS) | Microsoft Learn for more information. You might also benefit by reading more about Roles here: Roles, Role Services, and Features included in Windows Server - Server Core | Microsoft Learn Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35365 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Critical | Remote Code Execution | 5027230 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Critical | Remote Code Execution | 5027230 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Critical | Remote Code Execution | 5027219 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Critical | Remote Code Execution | 5027219 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Critical | Remote Code Execution | 5027223 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Critical | Remote Code Execution | 5027223 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Critical | Remote Code Execution | 5027231 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Critical | Remote Code Execution | 5027231 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Critical | Remote Code Execution | 5027279 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Critical | Remote Code Execution | 5027279 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Critical | Remote Code Execution | 5027279 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Critical | Remote Code Execution | 5027279 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Critical | Remote Code Execution | 5027275 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Critical | Remote Code Execution | 5027275 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Critical | Remote Code Execution | 5027283 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Critical | Remote Code Execution | 5027283 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Critical | Remote Code Execution | 5027271 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Critical | Remote Code Execution | 5027271 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Critical | Remote Code Execution | 5027219 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Critical | Remote Code Execution | 5027219 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Critical | Remote Code Execution | 5027225 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Critical | Remote Code Execution | 5027225 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35365 | wkai with Codesafe Team of Legendsec at QI-ANXIN Group |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35366
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.8/TemporalScore:8.5
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would need to send specially crafted packets to a server configured with the Routing and Remote Access Service running. Mitigations: This vulnerability is only exploitable on Windows Servers that have installed and configured the Routing and Remote Access Service (RRAS) role which is not installed and configured by default. Please see Routing and Remote Access Server (RRAS) | Microsoft Learn for more information. You might also benefit by reading more about Roles here: Roles, Role Services, and Features included in Windows Server - Server Core | Microsoft Learn Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35366 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Critical | Remote Code Execution | 5027230 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Critical | Remote Code Execution | 5027230 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Critical | Remote Code Execution | 5027219 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Critical | Remote Code Execution | 5027219 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Critical | Remote Code Execution | 5027223 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Critical | Remote Code Execution | 5027223 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Critical | Remote Code Execution | 5027231 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Critical | Remote Code Execution | 5027231 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Critical | Remote Code Execution | 5027279 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Critical | Remote Code Execution | 5027279 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Critical | Remote Code Execution | 5027279 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Critical | Remote Code Execution | 5027279 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Critical | Remote Code Execution | 5027275 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Critical | Remote Code Execution | 5027275 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Critical | Remote Code Execution | 5027283 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Critical | Remote Code Execution | 5027283 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Critical | Remote Code Execution | 5027271 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Critical | Remote Code Execution | 5027271 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Critical | Remote Code Execution | 5027219 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Critical | Remote Code Execution | 5027219 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Critical | Remote Code Execution | 5027225 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Critical | Remote Code Execution | 5027225 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35366 | wkai with Codesafe Team of Legendsec at QI-ANXIN Group |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35367
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.8/TemporalScore:8.5
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would need to send specially crafted packets to a server configured with the Routing and Remote Access Service running. Mitigations: This vulnerability is only exploitable on Windows Servers that have installed and configured the Routing and Remote Access Service (RRAS) role which is not installed and configured by default. Please see Routing and Remote Access Server (RRAS) | Microsoft Learn for more information. You might also benefit by reading more about Roles here: Roles, Role Services, and Features included in Windows Server - Server Core | Microsoft Learn Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35367 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Critical | Remote Code Execution | 5027230 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Critical | Remote Code Execution | 5027230 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Critical | Remote Code Execution | 5027219 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Critical | Remote Code Execution | 5027219 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Critical | Remote Code Execution | 5027223 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Critical | Remote Code Execution | 5027223 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Critical | Remote Code Execution | 5027231 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Critical | Remote Code Execution | 5027231 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Critical | Remote Code Execution | 5027279 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Critical | Remote Code Execution | 5027279 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Critical | Remote Code Execution | 5027279 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Critical | Remote Code Execution | 5027279 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Critical | Remote Code Execution | 5027275 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Critical | Remote Code Execution | 5027275 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Critical | Remote Code Execution | 5027283 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Critical | Remote Code Execution | 5027283 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Critical | Remote Code Execution | 5027271 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Critical | Remote Code Execution | 5027271 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Critical | Remote Code Execution | 5027219 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Critical | Remote Code Execution | 5027219 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Critical | Remote Code Execution | 5027225 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Critical | Remote Code Execution | 5027225 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35367 | wkai with Codesafe Team of Legendsec at QI-ANXIN Group |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-36872
MITRE NVD Issuing CNA: Microsoft |
CVE Title: VP9 Video Extensions Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. My system is in a disconnected environment; is it vulnerable? It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. VLSC customers can visit the Volume Licensing Servicing Center to get the update https://www.microsoft.com/Licensing/servicecenter/. Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. How can I check if the update is installed? App package versions 1.0.61591.0 and later contain this update. You can check the package version in PowerShell: Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-36872 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| VP9 Video Extensions | More Information (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
1.0.61591.0 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-36872 | K24 Sec |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-36874
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Error Reporting Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. According to the CVSS metrics, the attack vector is local (AV:L) and privilege required is low (PR:L). What does that mean for this vulnerability? An attacker must have local access to the targeted machine and the user must be able to create folders and performance traces on the machine, with restricted privileges that normal users have by default. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2023-36874 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) | Important | Elevation of Privilege | 5027275 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) | Important | Elevation of Privilege | 5027275 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-36874 | Vlad Stolyarov and Maddie Stone of Googles Threat Analysis Group (TAG) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-36884
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Office and Windows HTML Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.3/TemporalScore:8.1
Executive Summary: Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents. An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This might include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs. Please see the Microsoft Threat Intelligence Blog Entry for important information about steps you can take to protect your system from this vulnerability. This CVE will be updated with new information and links to security updates when they become available. FAQ: None Mitigations:
Please see the Microsoft Threat Intelligence Blog Entry for more detailed information.
Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | Yes | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2023-36884 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Office 2019 for 32-bit editions | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Microsoft Office 2019 for 64-bit editions | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Microsoft Office LTSC 2021 for 32-bit editions | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Microsoft Office LTSC 2021 for 64-bit editions | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Microsoft Word 2013 Service Pack 1 (32-bit editions) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Microsoft Word 2013 Service Pack 1 (64-bit editions) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Microsoft Word 2016 (32-bit edition) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Microsoft Word 2016 (64-bit edition) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows 10 for 32-bit Systems | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows 10 for x64-based Systems | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows 10 Version 1607 for 32-bit Systems | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows 10 Version 1607 for x64-based Systems | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows 10 Version 1809 for 32-bit Systems | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows 10 Version 1809 for ARM64-based Systems | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows 10 Version 1809 for x64-based Systems | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows 10 Version 21H2 for 32-bit Systems | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows 10 Version 21H2 for ARM64-based Systems | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows 10 Version 21H2 for x64-based Systems | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows 10 Version 22H2 for 32-bit Systems | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows 10 Version 22H2 for ARM64-based Systems | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows 10 Version 22H2 for x64-based Systems | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows 11 version 21H2 for ARM64-based Systems | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows 11 version 21H2 for x64-based Systems | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows 11 Version 22H2 for ARM64-based Systems | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows 11 Version 22H2 for x64-based Systems | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows Server 2008 for x64-based Systems Service Pack 2 | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows Server 2012 | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows Server 2012 (Server Core installation) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows Server 2012 R2 | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows Server 2012 R2 (Server Core installation) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows Server 2016 | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows Server 2016 (Server Core installation) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows Server 2019 | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows Server 2019 (Server Core installation) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows Server 2022 | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| Windows Server 2022 (Server Core installation) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C |
Unknown | Unknown | None | |
| CVE ID | Acknowledgements |
| CVE-2023-36884 | Microsoft Office Product Group Security Team Tom Lancaster with Volexity Paul Rascagneres with Volexity Vlad Stolyarov, Clement Lecigne and Bahare Sabouri of Google’s Threat Analysis Group (TAG) Microsoft Threat Intelligence |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-21526
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Netlogon Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.4/TemporalScore:6.4
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a man-in-the-middle (MITM) attack. What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could intercept and potentially modify traffic between client and server systems. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-21526 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Information Disclosure | 5027230 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Information Disclosure | 5027230 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Information Disclosure | 5027279 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Information Disclosure | 5027279 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Information Disclosure | 5027279 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Information Disclosure | 5027279 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Information Disclosure | 5027275 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Information Disclosure | 5027275 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Information Disclosure | 5027283 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Information Disclosure | 5027283 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Information Disclosure | 5027271 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Information Disclosure | 5027271 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-21526 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| ADV230001
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Guidance on Microsoft Signed Drivers Being Used Maliciously
CVSS: None Executive Summary: Executive Summary:Microsoft was recently informed that drivers certified by Microsoft’s Windows Hardware Developer Program (MWHDP) were being used maliciously in post-exploitation activity. In these attacks, the attacker gained administrative privileges on compromised systems before using the drivers. Microsoft has completed its investigation and determined that the activity was limited to the abuse of several developer program accounts and that no Microsoft account compromise has been identified. We’ve suspended the partners' seller accounts and implemented blocking detections for all the reported malicious drivers to help protect customers from this threat. Details: Microsoft was informed that drivers certified by Microsoft’s Windows Hardware Developer Program were being used maliciously in post-exploitation activity. In these attacks, the attacker had already gained administrative privileges on compromised systems prior to use of the drivers. An investigation was performed when we were notified of this activity by Sophos on February 9, 2023; Trend Micro and Cisco subsequently provided reports containing additional details. This investigation revealed that several developer accounts for the Microsoft Partner Center (MPC) were engaged in submitting malicious drivers to obtain a Microsoft signature. All the developer accounts involved in this incident were immediately suspended. Microsoft has released Window Security updates (see Security Updates table) that untrust drivers and driver signing certificates for the impacted files and has suspended the partners' seller accounts. Additionally, Microsoft has implemented blocking detections (Microsoft Defender 1.391.3822.0 and newer) to help protect customers from legitimately signed drivers that have been used maliciously in post-exploit activity. For more information about how the Windows Code Integrity feature protects Microsoft customers from revoked certificates see: (Notice of additions to the Windows Driver.STL revocation list - Microsoft Support)[https://support.microsoft.com/help/5029033]. Microsoft is working with Microsoft Active Protections Program (MAPP) partners to help develop further detections and to better protect our shared customers. Microsoft Partner Center is also working on long-term solutions to address these deceptive practices and prevent future customer impacts. Recommended Actions:Microsoft recommends that all customers install the latest Windows updates and ensure their anti-virus and endpoint detection products are up to date with the latest signatures and are enabled to prevent these attacks. Frequently Asked Questions:Are any Microsoft services (Azure, M365, XBOX, Etc.) affected by this issue? Microsoft’s services are not affected by this issue. Our investigation has not identified any instances of malicious drivers affecting any of our services. How can customers deploy their own Hypervisor-protected Code Integrity (HVCI) policy to perform detections in their own environment? Updates will be made to the Microsoft Recommended Driver Blocklist - Microsoft recommended driver block rules (Windows 10) - Windows security | Microsoft Docs policy to perform detections in their own environment. After the full set of malicious files has been locked, customers (enterprise and consumer) can deploy this policy onto devices to block against this malicious file and other malicious and vulnerable drivers on the blocklist. Additionally, enabling Hypervisor-protected Code Integrity (HVCI) will automatically enforce the policy without needing to deploy the policy. How do I determine if any drivers are affected that were installed prior to the available detections were implemented? Offline scans will be required to detect malicious drivers which might have been installed prior to March 2, 2023, when new Microsoft detections were implemented. For more information see Remove malware from your Windows PC. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
None | Defense in Depth |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
| ADV230001 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | None | Defense in Depth | 5027230 | Base: N/A Temporal: N/A Vector: N/A |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | None | Defense in Depth | 5027230 | Base: N/A Temporal: N/A Vector: N/A |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | None | Defense in Depth | 5027219 | Base: N/A Temporal: N/A Vector: N/A |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | None | Defense in Depth | 5027219 | Base: N/A Temporal: N/A Vector: N/A |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | None | Defense in Depth | 5027222 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | None | Defense in Depth | 5027222 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | None | Defense in Depth | 5027222 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | None | Defense in Depth | 5027215 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | None | Defense in Depth | 5027215 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | None | Defense in Depth | 5027215 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | None | Defense in Depth | 5027215 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | None | Defense in Depth | 5027215 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | None | Defense in Depth | 5027215 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | None | Defense in Depth | 5027223 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | None | Defense in Depth | 5027223 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | None | Defense in Depth | 5027231 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | None | Defense in Depth | 5027231 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
None | Defense in Depth | 5027279 |
Base: N/A Temporal: N/A Vector: N/A |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
None | Defense in Depth | 5027279 |
Base: N/A Temporal: N/A Vector: N/A |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
None | Defense in Depth | 5027279 |
Base: N/A Temporal: N/A Vector: N/A |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
None | Defense in Depth | 5027279 |
Base: N/A Temporal: N/A Vector: N/A |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
None | Defense in Depth | 5027275 |
Base: N/A Temporal: N/A Vector: N/A |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
None | Defense in Depth | 5027275 |
Base: N/A Temporal: N/A Vector: N/A |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
None | Defense in Depth | 5027283 |
Base: N/A Temporal: N/A Vector: N/A |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
None | Defense in Depth | 5027283 |
Base: N/A Temporal: N/A Vector: N/A |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
None | Defense in Depth | 5027271 |
Base: N/A Temporal: N/A Vector: N/A |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
None | Defense in Depth | 5027271 |
Base: N/A Temporal: N/A Vector: N/A |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | None | Defense in Depth | 5027219 | Base: N/A Temporal: N/A Vector: N/A |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | None | Defense in Depth | 5027219 | Base: N/A Temporal: N/A Vector: N/A |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | None | Defense in Depth | 5027222 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | None | Defense in Depth | 5027222 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | None | Defense in Depth | 5027225 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | None | Defense in Depth | 5027225 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| ADV230001 | Sophos X-Ops teams
Chris Neal of Cisco Talos Trend Micro Research |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-29347
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Admin Center Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.7/TemporalScore:7.6
Executive Summary: None FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. Where can customer obtain the updated software? Customers can download the latest build of Windows Admin Center by using this link: aka.ms/downloadwac How could an attacker exploit this vulnerability? An authenticated attacker could exploit the vulnerability by carrying out any one of the following actions:
If the victim who triggers the attack is a highly-privileged administrator the injected scripts could perform operations on the WAC server, thus spoofing the WAC application with the privileges of the victim administrator. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-29347 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Admin Center | Release Notes (Security Update) | Important | Spoofing | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C |
2306 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-29347 | Christian Pöschl with usd AG |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33127
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET and Visual Studio Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.3
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment. According to the CVSS metric, the attack vector is network (AV:N). How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by abusing the .NET diagnostics server to gain elevation of privileges. What privileges could be gained by an attacker who successfully exploited the vulnerability? The attacker would gain the rights of the user that is running the affected application. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33127 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| .NET 6.0 | 5028705 (Security Update) | Important | Elevation of Privilege | None | Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
6.0.20 | Maybe | None |
| .NET 7.0 | 5028706 (Security Update) | Important | Elevation of Privilege | None | Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
7.0.9 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.0 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
17.0.23 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.2 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
17.2.17 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.4 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
17.4.9 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
17.6.5 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-33127 | Jimmy Bayne |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33134
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Within a SharePoint site, the attacker must be authenticated, and they would need to have the “Use Remote Interfaces” and “Add and Customize Pages” permissions on a Policy Center site to be able to exploit this vulnerability. What is the attack vector for this vulnerability? In a network-based attack, the attacker must be authenticated to a SharePoint Online tenant associated with a hybrid deployment to tamper with data. This tampered data is synchronized down to the on-premises server and exploits the vulnerability. The attackers code will run in the context of the SharePoint timer service on the on-premises server. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33134 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SharePoint Enterprise Server 2016 | 5002425 (Security Update) | Important | Remote Code Execution | 5002404 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5404.1000 | Maybe | None |
| Microsoft SharePoint Server 2019 | 5002423 (Security Update) | Important | Remote Code Execution | 5002402 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10400.20008 | Maybe | None |
| Microsoft SharePoint Server Subscription Edition | 5002424 (Security Update) | Important | Remote Code Execution | 5002416 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.16130.20642 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-33134 | zcgonvh |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33154
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Partition Management Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33154 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Elevation of Privilege | 5027275 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Elevation of Privilege | 5027275 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-33154 | Fraunhofer FKIE CA&D |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33155
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33155 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-33155 | Abdelhamid Naceri |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||
| CVE-2023-33156
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Defender Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.3/TemporalScore:5.5
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
See Manage Updates Baselines Microsoft Defender Antivirus for more information. Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue? Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state. Why is no action required to install this update? In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Platform. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner. For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Platform are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating. Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Platform updates and malware definitions, is working as expected in their environment. How often are the Microsoft Malware Protection Platform and malware definitions updated? Microsoft typically releases an update for the Microsoft Malware Protection Platform once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed. Depending on which Microsoft antimalware software is used and how it is configured, the software may search for platform, engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time. What is the Microsoft Malware Protection Platform? The Microsoft Malware Protection Platform is a collection of user-mode binaries (e.g. MsMpEng.exe) and kernel-mode drivers that run on top of Windows to keep devices protected against new and prevalent threats. Windows Defender uses the Microsoft Malware Protection Platform. On which products is Defender installed and active by default? Defender runs on all supported version of Windows. Are there other products that use the Microsoft Malware Protection Platform? Yes, Microsoft System Center Endpoint Protection, Microsoft System Center 2012 R2 Endpoint Protection, Microsoft System Center 2012 Endpoint Protection and Microsoft Security Essentials. Does this update contain any additional security-related changes to functionality? Yes. In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features. Suggested ActionsVerify that the update is installed Customers should verify that the latest version of the Microsoft Malware Protection Platform and definition updates are being actively downloaded and installed for their Microsoft antimalware products.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability? This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33156 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Malware Protection Engine | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 6.3 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
1.1.23050.3 | No | None |
| CVE ID | Acknowledgements |
| CVE-2023-33156 | Abdelhamid Naceri |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33157
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit the vulnerability? In a network-based attack, an authenticated attacker with Manage List permissions could execute code remotely on the SharePoint Server. According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the targeted environment. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker must be authenticated to the target site as at least a Site Member. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33157 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SharePoint Enterprise Server 2016 | 5002425 (Security Update) | Critical | Remote Code Execution | 5002404 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5404.1000 | Maybe | None |
| Microsoft SharePoint Server 2019 | 5002423 (Security Update) | Critical | Remote Code Execution | 5002402 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10400.20008 | Maybe | None |
| Microsoft SharePoint Server Subscription Edition | 5002424 (Security Update) | Critical | Remote Code Execution | 5002416 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.16130.20642 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-33157 | zcgonvh |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33158
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33158 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.75.23070901 | Maybe | None |
| Microsoft Office for Universal | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.14326.21502 | Maybe | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.75.23070901 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-33158 | Michael Heinzl |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33159
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the targeted environment. How could an attacker exploit the vulnerability? An attacker who successfully exploited this vulnerability might be able to run their scripts in the security context of the current user by enticing the user to click on a link resulting in a cross-site scripting attack on the SharePoint Server. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33159 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SharePoint Enterprise Server 2016 | 5002425 (Security Update) | Important | Spoofing | 5002404 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5404.1000 | Maybe | None |
| Microsoft SharePoint Server 2019 | 5002423 (Security Update) | Important | Spoofing | 5002402 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10400.20008 | Maybe | None |
| Microsoft SharePoint Server Subscription Edition | 5002424 (Security Update) | Important | Spoofing | 5002416 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.16130.20642 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-33159 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33160
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the targeted environment. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker must be authenticated to the target site as at least a Site Member. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by leveraging vulnerable APIs through a deserialization of unsafe data input vulnerability. Exploitation of this vulnerability requires that a user access a susceptible API on an affected version of SharePoint with specially-formatted input, resulting in possible remote code execution on the SharePoint Server. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33160 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SharePoint Enterprise Server 2016 | 5002425 (Security Update) | Critical | Remote Code Execution | 5002404 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5404.1000 | Maybe | None |
| Microsoft SharePoint Server 2019 | 5002423 (Security Update) | Critical | Remote Code Execution | 5002402 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10400.20008 | Maybe | None |
| Microsoft SharePoint Server Subscription Edition | 5002424 (Security Update) | Critical | Remote Code Execution | 5002416 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.16130.20642 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-33160 | Markus Wulftange with CODE WHITE GmbH |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33161
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33161 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.75.23070901 | Maybe | None |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.75.23070901 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-33161 | Wenguang Jiao |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33162
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Excel Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is information disclosure? The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer which could leak data. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33162 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Excel 2013 RT Service Pack 1 | 5002434 (Security Update) | Important | Information Disclosure | 5002414 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
15.0.5571.1000 | Maybe | None |
| Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 5002434 (Security Update) | Important | Information Disclosure | 5002414 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
15.0.5571.1000 | Maybe | None |
| Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 5002434 (Security Update) | Important | Information Disclosure | 5002414 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
15.0.5571.1000 | Maybe | None |
| Microsoft Excel 2016 (32-bit edition) | 5002426 (Security Update) | Important | Information Disclosure | 5002405 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.0.5404.1000 | Maybe | None |
| Microsoft Excel 2016 (64-bit edition) | 5002426 (Security Update) | Important | Information Disclosure | 5002405 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.0.5404.1000 | Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.75.23070901 | Maybe | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.75.23070901 | Maybe | None |
| Microsoft Office Online Server | 5002421 (Security Update) | Important | Information Disclosure | 5002401 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.0.10400.20000 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-33162 | Genwei Jiang with Mandiant, FLARE OTF Dhanesh Kizhakkinan with Mandiant, FLARE OTF Li Qi, Dong Kangwei and Zhang Yanping with 360 HuntingZero Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33163
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Network Load Balancing Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33163 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-33163 | b2ahex |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33164
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Remote Procedure Call Runtime Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33164 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Denial of Service | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Denial of Service | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Denial of Service | 5027279 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Denial of Service | 5027275 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Denial of Service | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Denial of Service | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Denial of Service | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-33164 | Microsoft Offensive Research & Security Engineering with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33170
MITRE NVD Issuing CNA: Microsoft |
CVE Title: ASP.NET and Visual Studio Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.3
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33170 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| .NET 6.0 | 5028705 (Security Update) | Important | Security Feature Bypass | None | Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
6.0.20 | Maybe | None |
| .NET 7.0 | 5028706 (Security Update) | Important | Security Feature Bypass | None | Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
7.0.9 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.0 | Release Notes (Security Update) | Important | Security Feature Bypass | None | Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
17.0.23 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.2 | Release Notes (Security Update) | Important | Security Feature Bypass | None | Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
17.2.17 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.4 | Release Notes (Security Update) | Important | Security Feature Bypass | None | Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
17.4.9 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Security Feature Bypass | None | Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
17.6.5 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-33170 | Jack Moran with ZX Security Matt Cotterell with ZX Security Ethan McKee-Harris with ZX Security |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-33171
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.2/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-33171 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Dynamics 365 (on-premises) version 9.0 | 5026500 (Security Update) | Important | Spoofing | None | Base: 8.2 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
9.0.47.08 | Maybe | None |
| Microsoft Dynamics 365 (on-premises) version 9.1 | 5026501 (Security Update) | Important | Spoofing | None | Base: 8.2 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
9.1.18.22 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-33171 | batram |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32052
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Power Apps Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.4/TemporalScore:4.7
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability? Limited information can be disclosed to the attacker through the misuse of the infrastructure, but no sensitive information can be obtained by the attacker. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32052 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Dynamics 365 (on-premises) version 9.0 | 5026500 (Security Update) | Important | Spoofing | None | Base: 5.4 Temporal: 4.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C |
9.0.47.08 | Maybe | None |
| Microsoft Dynamics 365 (on-premises) version 9.1 | 5026501 (Security Update) | Important | Spoofing | None | Base: 5.4 Temporal: 4.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C |
9.1.18.22 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-32052 | Firas Fatnassi |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32053
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Installer Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32053 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Elevation of Privilege | 5027275 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Elevation of Privilege | 5027275 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-32053 | Naceri with MSRC V&M |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32054
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Volume Shadow Copy Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? The attacker would gain the rights of the user that is running the affected application. According to the CVSS metrics, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? An authenticated attacker would need to perform specific actions on a vulnerable system, then convince another user on that system to interact with the Volume Shadow Copy functionality. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32054 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Elevation of Privilege | 5027275 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Elevation of Privilege | 5027275 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-32054 | Or Yair with SafeBreach |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32055
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Active Template Library Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.7/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32055 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Elevation of Privilege | 5027275 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Elevation of Privilege | 5027275 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-32055 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32056
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32056 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-32056 | Naceri with MSRC V&M |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32057
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.8/TemporalScore:8.5
Executive Summary: None FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side. Mitigations: Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation: The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel. You can check to see if there is a service running named Message Queuing and TCP port 1801 is listening on the machine. Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32057 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Critical | Remote Code Execution | 5027230 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Critical | Remote Code Execution | 5027230 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Critical | Remote Code Execution | 5027219 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Critical | Remote Code Execution | 5027219 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Critical | Remote Code Execution | 5027223 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Critical | Remote Code Execution | 5027223 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Critical | Remote Code Execution | 5027231 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Critical | Remote Code Execution | 5027231 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Critical | Remote Code Execution | 5027279 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Critical | Remote Code Execution | 5027279 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Critical | Remote Code Execution | 5027279 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Critical | Remote Code Execution | 5027279 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Critical | Remote Code Execution | 5027275 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Critical | Remote Code Execution | 5027275 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Critical | Remote Code Execution | 5027283 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Critical | Remote Code Execution | 5027283 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Critical | Remote Code Execution | 5027271 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Critical | Remote Code Execution | 5027271 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Critical | Remote Code Execution | 5027219 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Critical | Remote Code Execution | 5027219 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Critical | Remote Code Execution | 5027225 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Critical | Remote Code Execution | 5027225 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-32057 | Wayne Low of Fortinet's FortiGuard Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32083
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Failover Cluster Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. Only users with roles “Cluster Admin” and “Cluster Operator” can access this. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32083 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2016 | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-32083 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32084
MITRE NVD Issuing CNA: Microsoft |
CVE Title: HTTP.sys Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32084 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2019 | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Denial of Service | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-32084 | Dragana Damjanovic |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-32085
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. How could an attacker exploit this vulnerability? An authenticated attacker with normal user permissions could use the Microsoft PS Class Driver to print a malicious XPS file, which could enable an information disclosure attack on the machine. Please see Standard XPS Filters for more information. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-32085 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Information Disclosure | 5027230 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Information Disclosure | 5027230 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Information Disclosure | 5027283 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Information Disclosure | 5027283 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Information Disclosure | 5027271 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Information Disclosure | 5027271 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-32085 | kap0k |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35296
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35296 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Information Disclosure | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Information Disclosure | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Information Disclosure | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Information Disclosure | 5027283 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Information Disclosure | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Information Disclosure | 5027271 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35296 | kap0k |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35297
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability? This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35297 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Critical | Remote Code Execution | 5027230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Critical | Remote Code Execution | 5027230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Critical | Remote Code Execution | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Critical | Remote Code Execution | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Critical | Remote Code Execution | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Critical | Remote Code Execution | 5027223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Critical | Remote Code Execution | 5027223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Critical | Remote Code Execution | 5027231 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Critical | Remote Code Execution | 5027231 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Critical | Remote Code Execution | 5027279 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Critical | Remote Code Execution | 5027279 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Critical | Remote Code Execution | 5027279 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Critical | Remote Code Execution | 5027279 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Critical | Remote Code Execution | 5027275 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Critical | Remote Code Execution | 5027275 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Critical | Remote Code Execution | 5027283 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Critical | Remote Code Execution | 5027283 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Critical | Remote Code Execution | 5027271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Critical | Remote Code Execution | 5027271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Critical | Remote Code Execution | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Critical | Remote Code Execution | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Critical | Remote Code Execution | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Critical | Remote Code Execution | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Critical | Remote Code Execution | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35297 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35298
MITRE NVD Issuing CNA: Microsoft |
CVE Title: HTTP.sys Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the Server Name Indication (SNI) over HTTP Protocol Stack (http.sys) to process packets, causing a denial of service (DOS). Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35298 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Denial of Service | 5027223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Denial of Service | 5027231 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Denial of Service | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35298 | Hong Hai with Alibaba Orion Security Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35299
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35299 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Elevation of Privilege | 5027279 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Elevation of Privilege | 5027275 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Elevation of Privilege | 5027275 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35299 | ThunderJ with KunlunLab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35300
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? The authenticated attacker could take advantage of this vulnerability to execute malicious code through the RPC runtime. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35300 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Remote Code Execution | 5027230 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Remote Code Execution | 5027230 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Remote Code Execution | 5027223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Remote Code Execution | 5027223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Remote Code Execution | 5027231 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Remote Code Execution | 5027231 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35300 | Microsoft Offensive Research & Security Engineering with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35302
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. Mitigations: None Workarounds: Determine if the Print Spooler service is running Run the following in Windows PowerShell:
If the Print Spooler is running or if the service is not set to disabled, select one of the following options to either disable the Print Spooler service, or to Disable inbound remote printing through Group Policy: Option 1 - Disable the Print Spooler service If disabling the Print Spooler service is appropriate for your enterprise, use the following PowerShell commands:
Impact of workaround Disabling the Print Spooler service disables the ability to print both locally and remotely. Option 2 - Disable inbound remote printing through Group Policy You can also configure the settings via Group Policy as follows: Computer Configuration / Administrative Templates / Printers Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks. You must restart the Print Spooler service for the group policy to take effect. Impact of workaround This policy will block the remote attack vector by preventing inbound remote printing operations. The system will no longer function as a print server, but local printing to a directly attached device will still be possible. For more information see: Use Group Policy settings to control printers. Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35302 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Remote Code Execution | 5027230 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Remote Code Execution | 5027230 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Remote Code Execution | 5027223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Remote Code Execution | 5027223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Remote Code Execution | 5027231 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Remote Code Execution | 5027231 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35302 | kap0k |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35303
MITRE NVD Issuing CNA: Microsoft |
CVE Title: USB Audio Class System Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An authenticated attacker could use Remote Desktop to connect to a vulnerable system that has Plug and Play device redirection enabled. Alternatively, an attacker could plug a specially crafted USB device into the port of a vulnerable system. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35303 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Remote Code Execution | 5027230 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Remote Code Execution | 5027230 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Remote Code Execution | 5027223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Remote Code Execution | 5027223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Remote Code Execution | 5027231 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Remote Code Execution | 5027231 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35303 | B1aN |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35304
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35304 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2016 | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35304 | B1aN |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35305
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35305 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2016 | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35305 | B1aN |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35306
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35306 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Information Disclosure | 5027230 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Information Disclosure | 5027230 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Information Disclosure | 5027215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Information Disclosure | 5027223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Information Disclosure | 5027231 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Information Disclosure | 5027283 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Information Disclosure | 5027283 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Information Disclosure | 5027271 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Information Disclosure | 5027271 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Information Disclosure | 5027219 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Information Disclosure | 5027222 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Information Disclosure | 5027225 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35306 | kap0k |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35308
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows MSHTML Platform Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. What kind of security feature could be bypassed by successfully exploiting this vulnerability? A security feature bypass vulnerability exists when the MSHTML platform fails to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended. To exploit this vulnerability, an attacker could email or otherwise provide a specially crafted URL to a victim and convince them to click on it. The security update addresses the vulnerability by correcting security feature behavior to properly map affected URLs to the correct Security Zone. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L) and some loss of availability (A:L). What does that mean for this vulnerability? An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows except Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012. Why are IE Cumulative updates listed for Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35308 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Security Feature Bypass | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Security Feature Bypass | 5027230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Security Feature Bypass | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Security Feature Bypass | 5027223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Security Feature Bypass | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Security Feature Bypass | 5027231 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) 5028167 (IE Cumulative) |
Important | Security Feature Bypass | 5027271 5026366 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 1.001 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) 5028167 (IE Cumulative) |
Important | Security Feature Bypass | 5027271 5026366 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 1.001 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Security Feature Bypass | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Security Feature Bypass | 5027225 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35308 | Ben Faull with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35309
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit this vulnerability? In order to successfully exploit this vulnerability, the target server must be configured to allow remote activation of the COM object as well as the attacker having sufficient user privileges on that server. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35309 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Remote Code Execution | 5027230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Remote Code Execution | 5027230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Remote Code Execution | 5027215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Remote Code Execution | 5027223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Remote Code Execution | 5027223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Remote Code Execution | 5027231 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Remote Code Execution | 5027231 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35309 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35310
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows DNS Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35310 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5028222 (Monthly Rollup) 5028226 (Security Only) |
Important | Remote Code Execution | 5027279 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22175 |
Yes | 5028222 5028226 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Remote Code Execution | 5027275 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Remote Code Execution | 5027283 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Remote Code Execution | 5027271 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Remote Code Execution | 5027219 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Remote Code Execution | 5027222 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Remote Code Execution | 5027225 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35310 | George Hughey with MSRC Vulnerabilities and Mitigations |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35311
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Outlook Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:8.2
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. What kind of security feature could be bypassed by successfully exploiting this vulnerability? The attacker would be able to bypass the Microsoft Outlook Security Notice prompt. Is the Preview Pane an attack vector for this vulnerability? Yes. The Preview Pane is an attack vector, but additional user interaction is required. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35311 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Outlook 2013 (32-bit editions) | 5002432 (Security Update) | Important | Security Feature Bypass | 5002382 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
15.0.5571.1000 | Maybe | None |
| Microsoft Outlook 2013 (64-bit editions) | 5002432 (Security Update) | Important | Security Feature Bypass | 5002382 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
15.0.5571.1000 | Maybe | None |
| Microsoft Outlook 2013 RT Service Pack 1 | 5002432 (Security Update) | Important | Security Feature Bypass | 5002382 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
15.0.5571.1000 | Maybe | None |
| Microsoft Outlook 2016 (32-bit edition) | 5002427 (Security Update) | Important | Security Feature Bypass | 5002387 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
16.0.5404.1000 | Maybe | None |
| Microsoft Outlook 2016 (64-bit edition) | 5002427 (Security Update) | Important | Security Feature Bypass | 5002387 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
16.0.5404.1000 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-35311 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35312
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35312 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Elevation of Privilege | 5027230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Elevation of Privilege | 5027215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Elevation of Privilege | 5027223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Elevation of Privilege | 5027231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Elevation of Privilege | 5027275 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5028240 (Monthly Rollup) 5028224 (Security Only) |
Important | Elevation of Privilege | 5027275 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26623 |
Yes | 5028240 5028224 |
| Windows Server 2012 | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5028232 (Monthly Rollup) 5028233 (Security Only) |
Important | Elevation of Privilege | 5027283 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24374 | Yes | None |
| Windows Server 2012 R2 | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5028228 (Monthly Rollup) 5028223 (Security Only) |
Important | Elevation of Privilege | 5027271 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21063 6.3.9600.21075 |
Yes | None |
| Windows Server 2016 | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Elevation of Privilege | 5027219 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Elevation of Privilege | 5027222 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Elevation of Privilege | 5027225 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-35312 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35335
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.2/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability? There could be a loss of confidentiality if an unaware user clicked on a popup therefore creating an opportunity for an attacker to retrieve cookies or present the user with a dialog box to enter user credentials. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35335 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Dynamics 365 (on-premises) version 9.0 | 5026500 (Security Update) | Important | Spoofing | None | Base: 8.2 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
9.0.47.08 | Maybe | None |
| Microsoft Dynamics 365 (on-premises) version 9.1 | 5026501 (Security Update) | Important | Spoofing | None | Base: 8.2 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
9.1.18.22 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-35335 | Erik Donker |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35373
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Mono Authenticode Validation Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.3/TemporalScore:4.8
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35373 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Mono 6.12.0 | Release Notes (Security Update) | Important | Spoofing | None | Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
6.XX.X | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-35373 | Bill Demirkapi with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-35374
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Paint 3D Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environment; is it vulnerable? Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. How can I check if the update is installed? App package versions 6.2305.16087.0 and later contain this update. You can check the package version in PowerShell:
Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-35374 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Paint 3D | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2305.16087.0 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-35374 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-36867
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.0
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-36867 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Visual Studio Code - GitHub Pull Requests and Issues Extension | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
0.66.2 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-36867 | Paul Gerste with Sonar |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-36868
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure Service Fabric on Windows Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment. Mitigations: Does Azure Service Fabric provide any additional protections which can help reduce or mitigate the risks posed by this vulnerability? A user must explicitly configure the virtual network associated with an Azure Service Fabric resource, to expose the endpoints to be accessible by a potential attacker. Resources configured as described in the Azure Service Fabric Best Practices are at a lower risk of exploitation. Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-36868 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Service Fabric 9.0 for Windows | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
9.0.1526.9590 | Maybe | None |
| Azure Service Fabric 9.1 for Windows | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
9.1.1799.9590 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2023-36868 | Carolina Hatanpaa with Azure Red Team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2023-36871
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure Active Directory Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.0
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? An attacker would require access to a low privileged session on the user's device to obtain a JWT (JSON Web Token) which can then be used to craft a long-lived assertion using the Windows Hello for Business Key from the victim's device. According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of integrity (I:H)? What does that mean for this vulnerability? By exploiting this vulnerability, an attacker can craft a long-lived assertion and impersonate a victim user affecting the integrity of the assertion. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker can bypass Windows Trusted Platform Module by crafting an assertion and using the assertion to request a Primary Refresh Token from another device. What actions do I need to take to be protected from this vulnerability? To be protected, apply the fix as follows: Install Windows updates released on or after July 11, 2023 on all AD FS servers of the farm. Then, enable the setting by running the following PowerShell command on the primary AD FS server of the farm:
Important You may see authentication failures in certain scenarios when there are clients that are not updated and send JWT authentication requests to the AD FS server. In such cases, we recommend updating all clients by installing the Windows update released on or after July 11, 2023. Alternatively, an administrator can disable the EnforceNonceInJWT setting and monitor the AD FS servers for the logging of Event 187 to identify potential requests that could be rejected when EnforceNonceInJWT is set to Enabled. After confirming the absence of Event 187 on AD FS servers for a defined period of time, the EnforceNonceInJWT setting must be updated to Enabled. What actions do I need to take to be protected from this vulnerability? Customers should install Windows updates released on or after July 11, 2023 on client devices with Windows OS. Please refer the affected software section to apply the update. Mitigations: None Workarounds: None Revision: 1.0 11-Jul-23 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-36871 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5028186 (Security Update) | Important | Security Feature Bypass | 5027230 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 for x64-based Systems | 5028186 (Security Update) | Important | Security Feature Bypass | 5027230 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.10240.20048 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for ARM64-based Systems | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 1809 for x64-based Systems | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows 10 Version 21H2 for 32-bit Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 21H2 for x64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.19041.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for 32-bit Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 10 Version 22H2 for x64-based Systems | 5028166 (Security Update) | Important | Security Feature Bypass | 5027215 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.19045.3208 |
Yes | 5028166 |
| Windows 11 version 21H2 for ARM64-based Systems | 5028182 (Security Update) | Important | Security Feature Bypass | 5027223 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 version 21H2 for x64-based Systems | 5028182 (Security Update) | Important | Security Feature Bypass | 5027223 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.22000.2176 |
Yes | 5028182 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5028185 (Security Update) | Important | Security Feature Bypass | 5027231 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows 11 Version 22H2 for x64-based Systems | 5028185 (Security Update) | Important | Security Feature Bypass | 5027231 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.22621.1992 |
Yes | 5028185 |
| Windows Server 2016 | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5028169 (Security Update) | Important | Security Feature Bypass | 5027219 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.14393.6085 | Yes | None |
| Windows Server 2019 | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2019 (Server Core installation) | 5028168 (Security Update) | Important | Security Feature Bypass | 5027222 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.17763.4645 |
Yes | 5028168 |
| Windows Server 2022 | 5028171 (Security Update) | Important | Security Feature Bypass | 5027225 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| Windows Server 2022 (Server Core installation) | 5028171 (Security Update) | Important | Security Feature Bypass | 5027225 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.20348.1850 |
Yes | 5028171 |
| CVE ID | Acknowledgements |
| CVE-2023-36871 | Dirk-jan Mollema with Outsider Security |