This report contains detail for the following vulnerabilities:
Tag | CVE ID | CVE Title |
---|---|---|
Azure | CVE-2023-23408 | Azure Apache Ambari Spoofing Vulnerability |
Client Server Run-time Subsystem (CSRSS) | CVE-2023-23409 | Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability |
Client Server Run-time Subsystem (CSRSS) | CVE-2023-23394 | Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability |
Internet Control Message Protocol (ICMP) | CVE-2023-23415 | Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability |
Mariner | CVE-2023-0567 | Unknown |
Mariner | CVE-2023-20052 | Unknown |
Mariner | CVE-2023-20032 | Unknown |
Microsoft Bluetooth Driver | CVE-2023-23388 | Windows Bluetooth Driver Elevation of Privilege Vulnerability |
Microsoft Dynamics | CVE-2023-24920 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
Microsoft Dynamics | CVE-2023-24879 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
Microsoft Dynamics | CVE-2023-24919 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
Microsoft Dynamics | CVE-2023-24891 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
Microsoft Dynamics | CVE-2023-24922 | Microsoft Dynamics 365 Information Disclosure Vulnerability |
Microsoft Dynamics | CVE-2023-24921 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
Microsoft Edge (Chromium-based) | CVE-2023-1236 | Chromium: CVE-2023-1236 Inappropriate implementation in Internals |
Microsoft Edge (Chromium-based) | CVE-2023-1235 | Chromium: CVE-2023-1235 Type Confusion in DevTools |
Microsoft Edge (Chromium-based) | CVE-2023-1213 | Chromium: CVE-2023-1213 Use after free in Swiftshader |
Microsoft Edge (Chromium-based) | CVE-2023-24892 | Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability |
Microsoft Edge (Chromium-based) | CVE-2023-1234 | Chromium: CVE-2023-1234 Inappropriate implementation in Intents |
Microsoft Edge (Chromium-based) | CVE-2023-1223 | Chromium: CVE-2023-1223 Insufficient policy enforcement in Autofill |
Microsoft Edge (Chromium-based) | CVE-2023-1222 | Chromium: CVE-2023-1222 Heap buffer overflow in Web Audio API |
Microsoft Edge (Chromium-based) | CVE-2023-1221 | Chromium: CVE-2023-1221 Insufficient policy enforcement in Extensions API |
Microsoft Edge (Chromium-based) | CVE-2023-1229 | Chromium: CVE-2023-1229 Inappropriate implementation in Permission prompts |
Microsoft Edge (Chromium-based) | CVE-2023-1228 | Chromium: CVE-2023-1228 Insufficient policy enforcement in Intents |
Microsoft Edge (Chromium-based) | CVE-2023-1224 | Chromium: CVE-2023-1224 Insufficient policy enforcement in Web Payments API |
Microsoft Edge (Chromium-based) | CVE-2023-1220 | Chromium: CVE-2023-1220 Heap buffer overflow in UMA |
Microsoft Edge (Chromium-based) | CVE-2023-1216 | Chromium: CVE-2023-1216 Use after free in DevTools |
Microsoft Edge (Chromium-based) | CVE-2023-1215 | Chromium: CVE-2023-1215 Type Confusion in CSS |
Microsoft Edge (Chromium-based) | CVE-2023-1214 | Chromium: CVE-2023-1214 Type Confusion in V8 |
Microsoft Edge (Chromium-based) | CVE-2023-1219 | Chromium: CVE-2023-1219 Heap buffer overflow in Metrics |
Microsoft Edge (Chromium-based) | CVE-2023-1218 | Chromium: CVE-2023-1218 Use after free in WebRTC |
Microsoft Edge (Chromium-based) | CVE-2023-1217 | Chromium: CVE-2023-1217 Stack buffer overflow in Crash reporting |
Microsoft Edge (Chromium-based) | CVE-2023-1230 | Chromium: CVE-2023-1230 Inappropriate implementation in WebApp Installs |
Microsoft Edge (Chromium-based) | CVE-2023-1232 | Chromium: CVE-2023-1232 Insufficient policy enforcement in Resource Timing |
Microsoft Edge (Chromium-based) | CVE-2023-1233 | Chromium: CVE-2023-1233 Insufficient policy enforcement in Resource Timing |
Microsoft Edge (Chromium-based) | CVE-2023-1231 | Chromium: CVE-2023-1231 Inappropriate implementation in Autofill |
Microsoft Graphics Component | CVE-2023-24910 | Windows Graphics Component Elevation of Privilege Vulnerability |
Microsoft Office Excel | CVE-2023-23398 | Microsoft Excel Spoofing Vulnerability |
Microsoft Office Excel | CVE-2023-23396 | Microsoft Excel Denial of Service Vulnerability |
Microsoft Office Excel | CVE-2023-23399 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office Outlook | CVE-2023-23397 | Microsoft Outlook Elevation of Privilege Vulnerability |
Microsoft Office SharePoint | CVE-2023-23395 | Microsoft SharePoint Server Spoofing Vulnerability |
Microsoft OneDrive | CVE-2023-24890 | Microsoft OneDrive for iOS Security Feature Bypass Vulnerability |
Microsoft OneDrive | CVE-2023-24930 | Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability |
Microsoft OneDrive | CVE-2023-24882 | Microsoft OneDrive for Android Information Disclosure Vulnerability |
Microsoft OneDrive | CVE-2023-24923 | Microsoft OneDrive for Android Information Disclosure Vulnerability |
Microsoft PostScript Printer Driver | CVE-2023-24907 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
Microsoft PostScript Printer Driver | CVE-2023-24857 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
Microsoft PostScript Printer Driver | CVE-2023-24868 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
Microsoft PostScript Printer Driver | CVE-2023-24872 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
Microsoft PostScript Printer Driver | CVE-2023-24876 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
Microsoft PostScript Printer Driver | CVE-2023-24913 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
Microsoft PostScript Printer Driver | CVE-2023-24864 | Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability |
Microsoft PostScript Printer Driver | CVE-2023-24866 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
Microsoft PostScript Printer Driver | CVE-2023-24906 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
Microsoft PostScript Printer Driver | CVE-2023-24867 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
Microsoft PostScript Printer Driver | CVE-2023-24863 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
Microsoft PostScript Printer Driver | CVE-2023-24858 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
Microsoft PostScript Printer Driver | CVE-2023-24911 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
Microsoft PostScript Printer Driver | CVE-2023-24870 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
Microsoft PostScript Printer Driver | CVE-2023-24909 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
Microsoft PostScript Printer Driver | CVE-2023-23406 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
Microsoft PostScript Printer Driver | CVE-2023-23413 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
Microsoft PostScript Printer Driver | CVE-2023-24856 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
Microsoft Printer Drivers | CVE-2023-24865 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
Microsoft Printer Drivers | CVE-2023-23403 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
Microsoft Windows Codecs Library | CVE-2023-23401 | Windows Media Remote Code Execution Vulnerability |
Microsoft Windows Codecs Library | CVE-2023-23402 | Windows Media Remote Code Execution Vulnerability |
Office for Android | CVE-2023-23391 | Office for Android Spoofing Vulnerability |
Remote Access Service Point-to-Point Tunneling Protocol | CVE-2023-23404 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
Role: DNS Server | CVE-2023-23400 | Windows DNS Server Remote Code Execution Vulnerability |
Role: Windows Hyper-V | CVE-2023-23411 | Windows Hyper-V Denial of Service Vulnerability |
Service Fabric | CVE-2023-23383 | Service Fabric Explorer Spoofing Vulnerability |
Visual Studio | CVE-2023-23618 | GitHub: CVE-2023-23618 Git for Windows Remote Code Execution Vulnerability |
Visual Studio | CVE-2023-22743 | GitHub: CVE-2023-22743 Git for Windows Installer Elevation of Privilege Vulnerability |
Visual Studio | CVE-2023-23946 | GitHub: CVE-2023-23946 mingit Remote Code Execution Vulnerability |
Visual Studio | CVE-2023-22490 | GitHub: CVE-2023-22490 mingit Information Disclosure Vulnerability |
Windows Accounts Control | CVE-2023-23412 | Windows Accounts Picture Elevation of Privilege Vulnerability |
Windows Bluetooth Service | CVE-2023-24871 | Windows Bluetooth Service Remote Code Execution Vulnerability |
Windows Central Resource Manager | CVE-2023-23393 | Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability |
Windows Cryptographic Services | CVE-2023-23416 | Windows Cryptographic Services Remote Code Execution Vulnerability |
Windows Defender | CVE-2023-23389 | Microsoft Defender Elevation of Privilege Vulnerability |
Windows HTTP Protocol Stack | CVE-2023-23392 | HTTP Protocol Stack Remote Code Execution Vulnerability |
Windows HTTP.sys | CVE-2023-23410 | Windows HTTP.sys Elevation of Privilege Vulnerability |
Windows Internet Key Exchange (IKE) Protocol | CVE-2023-24859 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability |
Windows Kernel | CVE-2023-23420 | Windows Kernel Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2023-23422 | Windows Kernel Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2023-23421 | Windows Kernel Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2023-23423 | Windows Kernel Elevation of Privilege Vulnerability |
Windows Partition Management Driver | CVE-2023-23417 | Windows Partition Management Driver Elevation of Privilege Vulnerability |
Windows Point-to-Point Protocol over Ethernet (PPPoE) | CVE-2023-23407 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability |
Windows Point-to-Point Protocol over Ethernet (PPPoE) | CVE-2023-23385 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability |
Windows Point-to-Point Protocol over Ethernet (PPPoE) | CVE-2023-23414 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability |
Windows Remote Procedure Call | CVE-2023-21708 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
Windows Remote Procedure Call Runtime | CVE-2023-23405 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
Windows Remote Procedure Call Runtime | CVE-2023-24869 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
Windows Remote Procedure Call Runtime | CVE-2023-24908 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
Windows Resilient File System (ReFS) | CVE-2023-23419 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
Windows Resilient File System (ReFS) | CVE-2023-23418 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
Windows Secure Channel | CVE-2023-24862 | Windows Secure Channel Denial of Service Vulnerability |
Windows SmartScreen | CVE-2023-24880 | Windows SmartScreen Security Feature Bypass Vulnerability |
Windows TPM | CVE-2023-1017 | CERT/CC: CVE-2023-1017 TPM2.0 Module Library Elevation of Privilege Vulnerability |
Windows TPM | CVE-2023-1018 | CERT/CC: CVE-2023-1018 TPM2.0 Module Library Elevation of Privilege Vulnerability |
Windows Win32K | CVE-2023-24861 | Windows Graphics Component Elevation of Privilege Vulnerability |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-1213 MITRE NVD |
CVE Title: Chromium: CVE-2023-1213 Use after free in Swiftshader
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2023-03-13T07:00:00     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-1213 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2023-1213 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-1214 MITRE NVD |
CVE Title: Chromium: CVE-2023-1214 Type Confusion in V8
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2023-03-13T07:00:00     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-1214 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Edge (Chromium-based) Extended Stable | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2023-1214 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-1215 MITRE NVD |
CVE Title: Chromium: CVE-2023-1215 Type Confusion in CSS
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2023-03-13T07:00:00     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-1215 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Edge (Chromium-based) Extended Stable | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2023-1215 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-1216 MITRE NVD |
CVE Title: Chromium: CVE-2023-1216 Use after free in DevTools
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2023-03-13T07:00:00     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-1216 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Edge (Chromium-based) Extended Stable | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2023-1216 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-1217 MITRE NVD |
CVE Title: Chromium: CVE-2023-1217 Stack buffer overflow in Crash reporting
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2023-03-13T07:00:00     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-1217 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Edge (Chromium-based) Extended Stable | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2023-1217 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-1218 MITRE NVD |
CVE Title: Chromium: CVE-2023-1218 Use after free in WebRTC
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2023-03-13T07:00:00     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-1218 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Edge (Chromium-based) Extended Stable | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2023-1218 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-1219 MITRE NVD |
CVE Title: Chromium: CVE-2023-1219 Heap buffer overflow in Metrics
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2023-03-13T07:00:00     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-1219 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2023-1219 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-1220 MITRE NVD |
CVE Title: Chromium: CVE-2023-1220 Heap buffer overflow in UMA
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2023-03-13T07:00:00     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-1220 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Edge (Chromium-based) Extended Stable | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2023-1220 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-1221 MITRE NVD |
CVE Title: Chromium: CVE-2023-1221 Insufficient policy enforcement in Extensions API
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2023-03-13T07:00:00     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-1221 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2023-1221 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-1222 MITRE NVD |
CVE Title: Chromium: CVE-2023-1222 Heap buffer overflow in Web Audio API
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2023-03-13T07:00:00     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-1222 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2023-1222 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-1223 MITRE NVD |
CVE Title: Chromium: CVE-2023-1223 Insufficient policy enforcement in Autofill
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2023-03-13T07:00:00     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-1223 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2023-1223 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-1224 MITRE NVD |
CVE Title: Chromium: CVE-2023-1224 Insufficient policy enforcement in Web Payments API
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2023-03-13T07:00:00     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-1224 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2023-1224 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-1228 MITRE NVD |
CVE Title: Chromium: CVE-2023-1228 Insufficient policy enforcement in Intents
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2023-03-13T07:00:00     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-1228 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Edge (Chromium-based) Extended Stable | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2023-1228 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-1229 MITRE NVD |
CVE Title: Chromium: CVE-2023-1229 Inappropriate implementation in Permission prompts
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2023-03-13T07:00:00     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-1229 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2023-1229 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-1230 MITRE NVD |
CVE Title: Chromium: CVE-2023-1230 Inappropriate implementation in WebApp Installs
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2023-03-13T07:00:00     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-1230 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2023-1230 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-1231 MITRE NVD |
CVE Title: Chromium: CVE-2023-1231 Inappropriate implementation in Autofill
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2023-03-13T07:00:00     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-1231 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2023-1231 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-1232 MITRE NVD |
CVE Title: Chromium: CVE-2023-1232 Insufficient policy enforcement in Resource Timing
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2023-03-13T07:00:00     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-1232 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Edge (Chromium-based) Extended Stable | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2023-1232 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-1233 MITRE NVD |
CVE Title: Chromium: CVE-2023-1233 Insufficient policy enforcement in Resource Timing
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2023-03-13T07:00:00     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-1233 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2023-1233 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-1234 MITRE NVD |
CVE Title: Chromium: CVE-2023-1234 Inappropriate implementation in Intents
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2023-03-13T07:00:00     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-1234 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2023-1234 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-1235 MITRE NVD |
CVE Title: Chromium: CVE-2023-1235 Type Confusion in DevTools
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2023-03-13T07:00:00     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-1235 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2023-1235 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-1236 MITRE NVD |
CVE Title: Chromium: CVE-2023-1236 Inappropriate implementation in Internals
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2023-03-13T07:00:00     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-1236 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2023-1236 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-23383 MITRE NVD |
CVE Title: Service Fabric Explorer Spoofing Vulnerability
CVSS: CVSS:3.1 8.2/7.1
FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? The vulnerability is in the web client, but the malicious scripts executed in the victim’s browser translate into actions executed in the (remote) cluster. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? A victim user would have to click the stored XSS payload injected by the attacker to be compromised. How can I update my Service Fabric Cluster to the latest version? If you have automatic updates, no action is needed. However, for those who choose to manually update, please refer to Manage Service Fabric cluster upgrades for instructions on how to update your Service Fabric Cluster. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? The vulnerability is in the web client, but the malicious scripts executed in the victim’s browser translate into actions executed in the (remote) cluster. Mitigations: None Workarounds: None Revision: 1.0    2023-03-14T07:00:00     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-23383 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Azure Service Fabric 9.1 for Ubuntu | Release Notes (Security Update) | Important | Spoofing | None | Base: 8.2 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Azure Service Fabric 9.1 for Windows | Release Notes (Security Update) | Important | Spoofing | None | Base: 8.2 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2023-23383 | Lidor B. with Orca Security |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-23385 MITRE NVD |
CVE Title: Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    2023-03-14T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-23385 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5023713 (Security Update) | Important | Elevation of Privilege | 5022858 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5023713 (Security Update) | Important | Elevation of Privilege | 5022921 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) |
Important | Elevation of Privilege | 5022838 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) |
Important | Elevation of Privilege | 5022838 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Elevation of Privilege | 5022840 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Elevation of Privilege | 5022840 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Elevation of Privilege | 5022840 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5023698 (Security Update) 5023698 (Security Update) |
Important | Elevation of Privilege | 5022836 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5023698 (Security Update) 5023698 (Security Update) |
Important | Elevation of Privilege | 5022836 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5023706 (Security Update) 5023706 (Security Update) |
Important | Elevation of Privilege | 5022845 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5023706 (Security Update) 5023706 (Security Update) |
Important | Elevation of Privilege | 5022845 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5023755 (Monthly Rollup) 5023754 (Security Only) 5023755 (Monthly Rollup) 5023754 (Security Only) 5023755 (Monthly Rollup) 5023754 (Security Only) 5023755 (Monthly Rollup) 5023754 (Security Only) |
Important | Elevation of Privilege | 5022890 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5023755 (Monthly Rollup) 5023754 (Security Only) 5023755 (Monthly Rollup) 5023754 (Security Only) 5023755 (Monthly Rollup) 5023754 (Security Only) 5023755 (Monthly Rollup) 5023754 (Security Only) |
Important | Elevation of Privilege | 5022890 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5023755 (Monthly Rollup) 5023754 (Security Only) 5023755 (Monthly Rollup) 5023754 (Security Only) 5023755 (Monthly Rollup) 5023754 (Security Only) 5023755 (Monthly Rollup) 5023754 (Security Only) |
Important | Elevation of Privilege | 5022890 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5023755 (Monthly Rollup) 5023754 (Security Only) 5023755 (Monthly Rollup) 5023754 (Security Only) 5023755 (Monthly Rollup) 5023754 (Security Only) 5023755 (Monthly Rollup) 5023754 (Security Only) |
Important | Elevation of Privilege | 5022890 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5023769 (Monthly Rollup) 5023759 (Security Only) 5023769 (Monthly Rollup) 5023759 (Security Only) |
Important | Elevation of Privilege | 5022874 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5023769 (Monthly Rollup) 5023759 (Security Only) 5023769 (Monthly Rollup) 5023759 (Security Only) |
Important | Elevation of Privilege | 5022874 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5023756 (Monthly Rollup) 5023752 (Security Only) 5023756 (Monthly Rollup) 5023752 (Security Only) |
Important | Elevation of Privilege | 5022903 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5023756 (Monthly Rollup) 5023752 (Security Only) 5023756 (Monthly Rollup) 5023752 (Security Only) |
Important | Elevation of Privilege | 5022903 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5023765 (Monthly Rollup) 5023764 (Security Only) 5023765 (Monthly Rollup) 5023764 (Security Only) |
Important | Elevation of Privilege | 5022899 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5023765 (Monthly Rollup) 5023764 (Security Only) 5023765 (Monthly Rollup) 5023764 (Security Only) |
Important | Elevation of Privilege | 5022899 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) |
Important | Elevation of Privilege | 5022838 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) |
Important | Elevation of Privilege | 5022838 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Elevation of Privilege | 5022840 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Elevation of Privilege | 5022840 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5023705 (Security Update) 5023786 (AzureHotpatch) 5023705 (Security Update) 5023786 (AzureHotpatch) |
Important | Elevation of Privilege | 5022842 5022921 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes No |
Windows Server 2022 (Server Core installation) | 5023705 (Security Update) 5023786 (AzureHotpatch) 5023705 (Security Update) 5023786 (AzureHotpatch) |
Important | Elevation of Privilege | 5022842 5022921 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes No |
CVE ID | Acknowledgements |
CVE-2023-23385 | Yuki Chen with Cyber KunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-23388 MITRE NVD |
CVE Title: Windows Bluetooth Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 8.8/7.7
FAQ: How could an attacker exploit this vulnerability? An authorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to elevation of privilege on the Bluetooth component. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    2023-03-14T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-23388 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1607 for 32-bit Systems | 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) |
Important | Elevation of Privilege | 5022838 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) |
Important | Elevation of Privilege | 5022838 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Elevation of Privilege | 5022840 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Elevation of Privilege | 5022840 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Elevation of Privilege | 5022840 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5023698 (Security Update) 5023698 (Security Update) |
Important | Elevation of Privilege | 5022836 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5023698 (Security Update) 5023698 (Security Update) |
Important | Elevation of Privilege | 5022836 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5023706 (Security Update) 5023706 (Security Update) |
Important | Elevation of Privilege | 5022845 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5023706 (Security Update) 5023706 (Security Update) |
Important | Elevation of Privilege | 5022845 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) |
Important | Elevation of Privilege | 5022838 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) |
Important | Elevation of Privilege | 5022838 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Elevation of Privilege | 5022840 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Elevation of Privilege | 5022840 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5023705 (Security Update) 5023786 (AzureHotpatch) 5023705 (Security Update) 5023786 (AzureHotpatch) |
Important | Elevation of Privilege | 5022842 5022921 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes No |
Windows Server 2022 (Server Core installation) | 5023705 (Security Update) 5023786 (AzureHotpatch) 5023705 (Security Update) 5023786 (AzureHotpatch) |
Important | Elevation of Privilege | 5022842 5022921 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes No |
CVE ID | Acknowledgements |
CVE-2023-23388 | goodbyeselene |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||
CVE-2023-23389 MITRE NVD |
CVE Title: Microsoft Defender Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 6.3/5.5
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition.
See Manage Updates Baselines Microsoft Defender Antivirus for more information. Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue? Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state. Why is no action required to install this update? In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner. For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Engine are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating. Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Engine updates and malware definitions, is working as expected in their environment. How often are the Microsoft Malware Protection Engine and malware definitions updated? Microsoft typically releases an update for the Microsoft Malware Protection Engine once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed. Depending on which Microsoft antimalware software is used and how it is configured, the software may search for engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time. What is the Microsoft Malware Protection Engine? The Microsoft Malware Protection Engine, mpengine.dll, provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software. Windows Defender uses the Microsoft Malware Protection Engine. On which products is Defender installed and active by default? Defender runs on all supported version of Windows. Are there other products that use the Microsoft Malware Protection Engine? Yes, Microsoft System Center Endpoint Protection, Microsoft System Center 2012 R2 Endpoint Protection, Microsoft System Center 2012 Endpoint Protection and Microsoft Security Essentials. Does this update contain any additional security-related changes to functionality? Yes. In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features. Suggested ActionsVerify that the update is installed Customers should verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded and installed for their Microsoft antimalware products.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability? This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable. Mitigations: None Workarounds: None Revision: 1.0    2023-03-14T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-23389 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Malware Protection Engine | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 6.3 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
No |
CVE ID | Acknowledgements |
CVE-2023-23389 | Abdelhamid Naceri |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-23391 MITRE NVD |
CVE Title: Office for Android Spoofing Vulnerability
CVSS: CVSS:3.1 5.5/4.8
FAQ: According to the CVSS metric, the attack vector is local (AV:L) and user interaction is required (UI:R), what does that mean for this vulnerability? The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to click on a local file path link or download and run a malicious application or file. What is the nature of the spoofing? An attacker could manipulate a malicious link, application, or file to disguise it as a legitimate link or file to trick the victim. Mitigations: None Workarounds: None Revision: 1.0    2023-03-14T07:00:00     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-23391 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Office for Android | Release Notes (Security Update) | Important | Spoofing | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2023-23391 | Dimitrios Valsamaras with Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-23392 MITRE NVD |
CVE Title: HTTP Protocol Stack Remote Code Execution Vulnerability
CVSS: CVSS:3.1 9.8/8.5
FAQ: How could an attacker exploit this vulnerability? In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets. Mitigations: Workarounds: None Revision: 1.0    2023-03-14T07:00:00     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-23392 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 11 version 21H2 for ARM64-based Systems | 5023698 (Security Update) 5023698 (Security Update) |
Critical | Remote Code Execution | 5022836 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5023698 (Security Update) 5023698 (Security Update) |
Critical | Remote Code Execution | 5022836 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5023706 (Security Update) 5023706 (Security Update) |
Critical | Remote Code Execution | 5022845 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5023706 (Security Update) 5023706 (Security Update) |
Critical | Remote Code Execution | 5022845 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5023705 (Security Update) 5023786 (AzureHotpatch) 5023705 (Security Update) 5023786 (AzureHotpatch) |
Critical | Remote Code Execution | 5022842 5022921 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes No |
Windows Server 2022 (Server Core installation) | 5023705 (Security Update) 5023786 (AzureHotpatch) 5023705 (Security Update) 5023786 (AzureHotpatch) |
Critical | Remote Code Execution | 5022842 5022921 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes No |
CVE ID | Acknowledgements |
CVE-2023-23392 |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-23393 MITRE NVD |
CVE Title: Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    2023-03-14T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-23393 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Elevation of Privilege | 5022840 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Elevation of Privilege | 5022840 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Elevation of Privilege | 5022840 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Elevation of Privilege | 5022834 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5023698 (Security Update) 5023698 (Security Update) |
Important | Elevation of Privilege | 5022836 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5023698 (Security Update) 5023698 (Security Update) |
Important | Elevation of Privilege | 5022836 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5023706 (Security Update) 5023706 (Security Update) |
Important | Elevation of Privilege | 5022845 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5023706 (Security Update) 5023706 (Security Update) |
Important | Elevation of Privilege | 5022845 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Elevation of Privilege | 5022840 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Elevation of Privilege | 5022840 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5023705 (Security Update) 5023786 (AzureHotpatch) 5023705 (Security Update) 5023786 (AzureHotpatch) |
Important | Elevation of Privilege | 5022842 5022921 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes No |
Windows Server 2022 (Server Core installation) | 5023705 (Security Update) 5023786 (AzureHotpatch) 5023705 (Security Update) 5023786 (AzureHotpatch) |
Important | Elevation of Privilege | 5022842 5022921 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes No |
CVE ID | Acknowledgements |
CVE-2023-23393 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-23394 MITRE NVD |
CVE Title: Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability
CVSS: CVSS:3.1 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. Mitigations: None Workarounds: None Revision: 1.0    2023-03-14T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-23394 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5023713 (Security Update) | Important | Information Disclosure | 5022858 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5023713 (Security Update) | Important | Information Disclosure | 5022921 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) |
Important | Information Disclosure | 5022838 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) |
Important | Information Disclosure | 5022838 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Information Disclosure | 5022840 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Information Disclosure | 5022840 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Information Disclosure | 5022840 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Information Disclosure | 5022834 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Information Disclosure | 5022834 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Information Disclosure | 5022834 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Information Disclosure | 5022834 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Information Disclosure | 5022834 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Information Disclosure | 5022834 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Information Disclosure | 5022834 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Information Disclosure | 5022834 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Information Disclosure | 5022834 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5023698 (Security Update) 5023698 (Security Update) |
Important | Information Disclosure | 5022836 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5023698 (Security Update) 5023698 (Security Update) |
Important | Information Disclosure | 5022836 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5023706 (Security Update) 5023706 (Security Update) |
Important | Information Disclosure | 5022845 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5023706 (Security Update) 5023706 (Security Update) |
Important | Information Disclosure | 5022845 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5023755 (Monthly Rollup) 5023754 (Security Only) 5023755 (Monthly Rollup) 5023754 (Security Only) 5023755 (Monthly Rollup) 5023754 (Security Only) 5023755 (Monthly Rollup) 5023754 (Security Only) |
Important | Information Disclosure | 5022890 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5023755 (Monthly Rollup) 5023754 (Security Only) 5023755 (Monthly Rollup) 5023754 (Security Only) 5023755 (Monthly Rollup) 5023754 (Security Only) 5023755 (Monthly Rollup) 5023754 (Security Only) |
Important | Information Disclosure | 5022890 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5023755 (Monthly Rollup) 5023754 (Security Only) 5023755 (Monthly Rollup) 5023754 (Security Only) 5023755 (Monthly Rollup) 5023754 (Security Only) 5023755 (Monthly Rollup) 5023754 (Security Only) |
Important | Information Disclosure | 5022890 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5023755 (Monthly Rollup) 5023754 (Security Only) 5023755 (Monthly Rollup) 5023754 (Security Only) 5023755 (Monthly Rollup) 5023754 (Security Only) 5023755 (Monthly Rollup) 5023754 (Security Only) |
Important | Information Disclosure | 5022890 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5023769 (Monthly Rollup) 5023759 (Security Only) 5023769 (Monthly Rollup) 5023759 (Security Only) |
Important | Information Disclosure | 5022874 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5023769 (Monthly Rollup) 5023759 (Security Only) 5023769 (Monthly Rollup) 5023759 (Security Only) |
Important | Information Disclosure | 5022874 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5023756 (Monthly Rollup) 5023752 (Security Only) 5023756 (Monthly Rollup) 5023752 (Security Only) |
Important | Information Disclosure | 5022903 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5023756 (Monthly Rollup) 5023752 (Security Only) 5023756 (Monthly Rollup) 5023752 (Security Only) |
Important | Information Disclosure | 5022903 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5023765 (Monthly Rollup) 5023764 (Security Only) 5023765 (Monthly Rollup) 5023764 (Security Only) |
Important | Information Disclosure | 5022899 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5023765 (Monthly Rollup) 5023764 (Security Only) 5023765 (Monthly Rollup) 5023764 (Security Only) |
Important | Information Disclosure | 5022899 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) |
Important | Information Disclosure | 5022838 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) |
Important | Information Disclosure | 5022838 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Information Disclosure | 5022840 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Information Disclosure | 5022840 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5023705 (Security Update) 5023786 (AzureHotpatch) 5023705 (Security Update) 5023786 (AzureHotpatch) |
Important | Information Disclosure | 5022842 5022921 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes No |
Windows Server 2022 (Server Core installation) | 5023705 (Security Update) 5023786 (AzureHotpatch) 5023705 (Security Update) 5023786 (AzureHotpatch) |
Important | Information Disclosure | 5022842 5022921 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes No |
CVE ID | Acknowledgements |
CVE-2023-23394 | lm0963, l1nk3d, and renyimen with TianGong Team of Legendsec at Qi'anxin Group |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-23395 MITRE NVD |
CVE Title: Microsoft SharePoint Server Spoofing Vulnerability
CVSS: CVSS:3.1 3.1/2.7
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The user would need to access the URL of the malicious website, which could spoof the content of a legitimate website, and then click a popup displayed on that site. I am running SharePoint Enterprise Server 2013 Service Pack 1. Do I need to install all the updates that are listed for SharePoint Enterprise Server 2013 Service Pack 1? No. Customers running SharePoint Enterprise Server 2013 Service Pack 1 should install either of the following:
Please note that this is a clarification of the existing servicing model for SharePoint Server 2013 and applies for all previous updates. I am running SharePoint Foundation 2013 Service Pack 1. Do I need to install all the updates that are listed for SharePoint Foundation 2013 Service Pack 1 ? Yes, customers running SharePoint Foundation 2013 Service Pack 1 should install both of the security updates. The updates can be installed in any order. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. Mitigations: None Workarounds: None Revision: 1.0    2023-03-14T07:00:00     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-23395 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 5002366 (Cumulative Update) 5002367 (Security Update) 5002168 (Security Update) 5002367 (Security Update) 5002168 (Security Update) |
Important | Spoofing | 5002347 5002147 |
Base: 3.1 Temporal: 2.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Enterprise Server 2016 | 5002368 (Security Update) | Important | Spoofing | 5002350 | Base: 3.1 Temporal: 2.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Foundation 2013 Service Pack 1 | 5002367 (Security Update) 5002168 (Security Update) 5002367 (Security Update) 5002168 (Security Update) |
Important | Spoofing | 5002347 5002147 |
Base: 3.1 Temporal: 2.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Server 2019 | 5002358 (Security Update) | Important | Spoofing | 5002342 | Base: 3.1 Temporal: 2.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Server Subscription Edition | 5002355 (Security Update) | Important | Spoofing | 5002353 |
Base: 3.1 Temporal: 2.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2023-23395 |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-23396 MITRE NVD |
CVE Title: Microsoft Excel Denial of Service Vulnerability
CVSS: CVSS:3.1 6.5/5.7
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. How could an attacker exploit this vulnerability? The attacker could exploit this vulnerability by convincing a victim to open a specially crafted XLSX file which when opened would cause a denial-of-service condition for other processes running on that machine. Mitigations: None Workarounds: None Revision: 1.0    2023-03-14T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-23396 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Office Online Server | 5002356 (Security Update) | Important | Denial of Service | 5002309 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office Web Apps Server 2013 Service Pack 1 | 5002362 (Security Update) | Important | Denial of Service | 5002313 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2023-23396 | Luca Barile |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-23397 MITRE NVD |
CVE Title: Microsoft Outlook Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 9.8/9.1
FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H) and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could access a user's Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user. Is the Preview Pane an attack vector for this vulnerability? The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the email server. This could lead to exploitation BEFORE the email is viewed in the Preview Pane. How could an attacker exploit this vulnerability? External attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers' control. This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim. Where can I find more information about NTLM relay attacks? Download Mitigating Pass the Hash (PtH) Attacks and Other Credential Theft, Version 1 and 2. This document discusses Pass-the-Hash (PtH) attacks against the Windows operating systems and provides holistic planning strategies that, when combined with the Windows security features, will provide a more effective defense against pass-the-hash attacks. Mitigations: Workarounds: None Revision: 1.0    2023-03-14T07:00:00     Information published. |
Critical | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
CVE-2023-23397 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) |
Critical | Elevation of Privilege | Base: 9.8 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
No | |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) |
Critical | Elevation of Privilege | Base: 9.8 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
No | |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) |
Critical | Elevation of Privilege | Base: 9.8 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
No | |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) |
Critical | Elevation of Privilege | Base: 9.8 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
No | |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) |
Critical | Elevation of Privilege | Base: 9.8 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
No | |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) |
Critical | Elevation of Privilege | Base: 9.8 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
No | |
Microsoft Outlook 2013 RT Service Pack 1 | 5002265 (Security Update) 5002265 (Security Update) |
Critical | Elevation of Privilege | 5001990 | Base: 9.8 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
Microsoft Outlook 2013 Service Pack 1 (32-bit editions) | 5002265 (Security Update) | Critical | Elevation of Privilege | 5001990 | Base: 9.8 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
Microsoft Outlook 2013 Service Pack 1 (64-bit editions) | 5002265 (Security Update) 5002265 (Security Update) |
Critical | Elevation of Privilege | 5001990 | Base: 9.8 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
Microsoft Outlook 2016 (32-bit edition) | 5002254 (Security Update) | Critical | Elevation of Privilege | 5002051 | Base: 9.8 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
Microsoft Outlook 2016 (64-bit edition) | 5002254 (Security Update) | Critical | Elevation of Privilege | 5002051 | Base: 9.8 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2023-23397 | CERT-UA, Microsoft Incident, Microsoft Threat Intelligence (MSTI) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-23398 MITRE NVD |
CVE Title: Microsoft Excel Spoofing Vulnerability
CVSS: CVSS:3.1 7.1/6.2
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel and click the security warning prompt to "Enable Content".
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) and major loss of integrity (I:H) but have no effect on availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could trick a user into enabling content that they are unable to inspect. However, this vulnerability would not allow an attacker to deny any function. According to the CVSS metric, the attack vector is local (AV:L) but no privileges are required (PR:N) and user interaction is required (UI:R). How could an attacker exploit this spoofing vulnerability? The attack itself is carried out locally by a user with authentication to the targeted system. An attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer. Mitigations: None Workarounds: None Revision: 1.0    2023-03-14T07:00:00     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-23398 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) |
Important | Spoofing | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
No | |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) |
Important | Spoofing | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
No | |
Microsoft Excel 2013 RT Service Pack 1 | 5002348 (Security Update) | Important | Spoofing | 5002320 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 5002348 (Security Update) 5002348 (Security Update) |
Important | Spoofing | 5002320 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 5002348 (Security Update) 5002348 (Security Update) |
Important | Spoofing | 5002320 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft Excel 2016 (32-bit edition) | 5002351 (Security Update) | Important | Spoofing | 5002322 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft Excel 2016 (64-bit edition) | 5002351 (Security Update) | Important | Spoofing | 5002322 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) |
Important | Spoofing | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
No | |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) |
Important | Spoofing | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
No | |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) |
Important | Spoofing | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
No | |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) |
Important | Spoofing | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
No |
CVE ID | Acknowledgements |
CVE-2023-23398 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-23399 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0    2023-03-14T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-23399 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) |
Important | Remote Code Execution | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No | |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) |
Important | Remote Code Execution | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No | |
Microsoft Excel 2013 RT Service Pack 1 | 5002348 (Security Update) | Important | Remote Code Execution | 5002320 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 5002348 (Security Update) 5002348 (Security Update) |
Important | Remote Code Execution | 5002320 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 5002348 (Security Update) 5002348 (Security Update) |
Important | Remote Code Execution | 5002320 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Excel 2016 (32-bit edition) | 5002351 (Security Update) | Important | Remote Code Execution | 5002322 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Excel 2016 (64-bit edition) | 5002351 (Security Update) | Important | Remote Code Execution | 5002322 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2013 RT Service Pack 1 | 5002198 (Security Update) 5002198 (Security Update) |
Important | Remote Code Execution | 5002148 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2013 Service Pack 1 (32-bit editions) | 5002198 (Security Update) | Important | Remote Code Execution | 5002148 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2013 Service Pack 1 (64-bit editions) | 5002198 (Security Update) 5002198 (Security Update) |
Important | Remote Code Execution | 5002148 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2016 (32-bit edition) | 5002197 (Security Update) | Important | Remote Code Execution | 5002143 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2016 (64-bit edition) | 5002197 (Security Update) | Important | Remote Code Execution | 5002143 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) |
Important | Remote Code Execution | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No | |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) |
Important | Remote Code Execution | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No | |
Microsoft Office 2019 for Mac | Release Notes (Security Update) Release Notes (Security Update) |
Important | Remote Code Execution | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe | |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) |
Important | Remote Code Execution | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No | |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) Click to Run (Security Update) |
Important | Remote Code Execution | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No | |
Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) Release Notes (Security Update) |
Important | Remote Code Execution | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe | |
Microsoft Office Online Server | 5002356 (Security Update) | Important | Remote Code Execution | 5002309 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office Web Apps Server 2013 Service Pack 1 | 5002362 (Security Update) | Important | Remote Code Execution | 5002313 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2023-23399 | Rocco Calvi (@TecR0c) with TecSecurity |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-23403 MITRE NVD |
CVE Title: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 8.8/7.7
FAQ: How could an attacker exploit this vulnerability? An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. Mitigations: None Workarounds: None Revision: 1.0    2023-03-14T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-23403 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5023713 (Security Update) | Important | Remote Code Execution | 5022858 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5023713 (Security Update) | Important | Remote Code Execution | 5022921 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) |
Important | Remote Code Execution | 5022838 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) |
Important | Remote Code Execution | 5022838 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Remote Code Execution | 5022840 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Remote Code Execution | 5022840 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Remote Code Execution | 5022840 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Remote Code Execution | 5022834 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Remote Code Execution | 5022834 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Remote Code Execution | 5022834 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Remote Code Execution | 5022834 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Remote Code Execution | 5022834 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Remote Code Execution | 5022834 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Remote Code Execution | 5022834 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Remote Code Execution | 5022834 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Remote Code Execution | 5022834 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5023698 (Security Update) 5023698 (Security Update) |
Important | Remote Code Execution | 5022836 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5023698 (Security Update) 5023698 (Security Update) |
Important | Remote Code Execution | 5022836 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5023706 (Security Update) 5023706 (Security Update) |
Important | Remote Code Execution | 5022845 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5023706 (Security Update) 5023706 (Security Update) |
Important | Remote Code Execution | 5022845 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5023756 (Monthly Rollup) 5023752 (Security Only) 5023756 (Monthly Rollup) 5023752 (Security Only) |
Important | Remote Code Execution | 5022903 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5023756 (Monthly Rollup) 5023752 (Security Only) 5023756 (Monthly Rollup) 5023752 (Security Only) |
Important | Remote Code Execution | 5022903 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5023765 (Monthly Rollup) 5023764 (Security Only) 5023765 (Monthly Rollup) 5023764 (Security Only) |
Important | Remote Code Execution | 5022899 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5023765 (Monthly Rollup) 5023764 (Security Only) 5023765 (Monthly Rollup) 5023764 (Security Only) |
Important | Remote Code Execution | 5022899 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) |
Important | Remote Code Execution | 5022838 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) |
Important | Remote Code Execution | 5022838 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Remote Code Execution | 5022840 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Remote Code Execution | 5022840 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5023705 (Security Update) 5023786 (AzureHotpatch) 5023705 (Security Update) 5023786 (AzureHotpatch) |
Important | Remote Code Execution | 5022842 5022921 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes No |
Windows Server 2022 (Server Core installation) | 5023705 (Security Update) 5023786 (AzureHotpatch) 5023705 (Security Update) 5023786 (AzureHotpatch) |
Important | Remote Code Execution | 5022842 5022921 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes No |
CVE ID | Acknowledgements |
CVE-2023-23403 | kap0k kap0k kap0k Zhiniang Peng (@edwardzpeng) & kap0k kap0k kap0k kap0k |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-24856 MITRE NVD |
CVE Title: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVSS: CVSS:3.1 6.5/5.7
FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0    2023-03-14T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-24856 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5023713 (Security Update) | Important | Information Disclosure | 5022858 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5023713 (Security Update) | Important | Information Disclosure | 5022921 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) |
Important | Information Disclosure | 5022838 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) |
Important | Information Disclosure | 5022838 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Information Disclosure | 5022840 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Information Disclosure | 5022840 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Information Disclosure | 5022840 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Information Disclosure | 5022834 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Information Disclosure | 5022834 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Information Disclosure | 5022834 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Information Disclosure | 5022834 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Information Disclosure | 5022834 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Information Disclosure | 5022834 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Information Disclosure | 5022834 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Information Disclosure | 5022834 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5023696 (Security Update) 5023696 (Security Update) 5023696 (Security Update) |
Important | Information Disclosure | 5022834 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5023698 (Security Update) 5023698 (Security Update) |
Important | Information Disclosure | 5022836 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5023698 (Security Update) 5023698 (Security Update) |
Important | Information Disclosure | 5022836 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5023706 (Security Update) 5023706 (Security Update) |
Important | Information Disclosure | 5022845 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5023706 (Security Update) 5023706 (Security Update) |
Important | Information Disclosure | 5022845 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5023756 (Monthly Rollup) 5023752 (Security Only) 5023756 (Monthly Rollup) 5023752 (Security Only) |
Important | Information Disclosure | 5022903 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5023756 (Monthly Rollup) 5023752 (Security Only) 5023756 (Monthly Rollup) 5023752 (Security Only) |
Important | Information Disclosure | 5022903 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5023765 (Monthly Rollup) 5023764 (Security Only) 5023765 (Monthly Rollup) 5023764 (Security Only) |
Important | Information Disclosure | 5022899 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5023765 (Monthly Rollup) 5023764 (Security Only) 5023765 (Monthly Rollup) 5023764 (Security Only) |
Important | Information Disclosure | 5022899 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) |
Important | Information Disclosure | 5022838 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) 5023697 (Security Update) |
Important | Information Disclosure | 5022838 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Information Disclosure | 5022840 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) 5023702 (Security Update) |
Important | Information Disclosure | 5022840 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5023705 (Security Update) 5023786 (AzureHotpatch) 5023705 (Security Update) 5023786 (AzureHotpatch) |
Important | Information Disclosure | 5022842 5022921 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes No |
Windows Server 2022 (Server Core installation) | 5023705 (Security Update) 5023786 (AzureHotpatch) 5023705 (Security Update) 5023786 (AzureHotpatch) |
Important | Information Disclosure | 5022842 5022921 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes No |
CVE ID | Acknowledgements |
CVE-2023-24856 | kap0k |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-24919 MITRE NVD |
CVE Title: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS: CVSS:3.1 5.4/4.7
FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would need to click on a specially crafted URL that could present a popup box requesting additional user input. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability? Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. Mitigations: None Workarounds: None Revision: 1.0    2023-03-14T07:00:00     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-24919 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Dynamics 365 (on-premises) version 9.0 | 5023506 (Security Update) | Important | Spoofing | None | Base: 5.4 Temporal: 4.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft Dynamics 365 (on-premises) version 9.1 | 5023505 (Security Update) | Important | Spoofing | None | Base: 5.4 Temporal: 4.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2023-24919 | batram |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-24879 MITRE NVD |
CVE Title: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS: CVSS:3.1 5.4/4.7
FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would need to click on a specially crafted URL that could present a popup box requesting additional user input. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability? Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. Mitigations: None Workarounds: None Revision: 1.0    2023-03-14T07:00:00     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-24879 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Dynamics 365 (on-premises) version 9.0 | 5023506 (Security Update) | Important | Spoofing | None | Base: 5.4 Temporal: 4.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft Dynamics 365 (on-premises) version 9.1 | 5023505 (Security Update) | Important | Spoofing | None | Base: 5.4 Temporal: 4.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2023-24879 | batram |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-24920 MITRE NVD |
CVE Title: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS: CVSS:3.1 5.4/4.7
FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability? Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. Mitigations: None Workarounds: None Revision: 1.0    2023-03-14T07:00:00     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-24920 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Dynamics 365 (on-premises) version 9.0 | 5023506 (Security Update) | Important | Spoofing | None | Base: 5.4 Temporal: 4.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft Dynamics 365 (on-premises) version 9.1 | 5023505 (Security Update) | Important | Spoofing | None |