This report contains detail for the following vulnerabilities:
CVE Issued by | Tag | CVE ID | CVE Title |
---|---|---|---|
Microsoft | Microsoft Bluetooth Driver | CVE-2023-24947 | Windows Bluetooth Driver Remote Code Execution Vulnerability |
Microsoft | Microsoft Bluetooth Driver | CVE-2023-24948 | Windows Bluetooth Driver Elevation of Privilege Vulnerability |
Microsoft | Microsoft Bluetooth Driver | CVE-2023-24944 | Windows Bluetooth Driver Information Disclosure Vulnerability |
Microsoft | Microsoft Edge (Chromium-based) | CVE-2023-29354 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-2468 | Chromium: CVE-2023-2468 Inappropriate implementation in PictureInPicture |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-2459 | Chromium: CVE-2023-2459 Inappropriate implementation in Prompts |
Microsoft | Microsoft Edge (Chromium-based) | CVE-2023-29350 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-2467 | Chromium: CVE-2023-2467 Inappropriate implementation in Prompts |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-2463 | Chromium: CVE-2023-2463 Inappropriate implementation in Full Screen Mode |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-2462 | Chromium: CVE-2023-2462 Inappropriate implementation in Prompts |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-2460 | Chromium: CVE-2023-2460 Insufficient validation of untrusted input in Extensions |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-2465 | Chromium: CVE-2023-2465 Inappropriate implementation in CORS |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-2466 | Chromium: CVE-2023-2466 Inappropriate implementation in Prompts |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-2464 | Chromium: CVE-2023-2464 Inappropriate implementation in PictureInPicture |
Microsoft | Microsoft Graphics Component | CVE-2023-24899 | Windows Graphics Component Elevation of Privilege Vulnerability |
Microsoft | Microsoft Office | CVE-2023-29344 | Microsoft Office Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Access | CVE-2023-29333 | Microsoft Access Denial of Service Vulnerability |
Microsoft | Microsoft Office Excel | CVE-2023-24953 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft | Microsoft Office SharePoint | CVE-2023-24955 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
Microsoft | Microsoft Office SharePoint | CVE-2023-24954 | Microsoft SharePoint Server Information Disclosure Vulnerability |
Microsoft | Microsoft Office SharePoint | CVE-2023-24950 | Microsoft SharePoint Server Spoofing Vulnerability |
Microsoft | Microsoft Office Word | CVE-2023-29335 | Microsoft Word Security Feature Bypass Vulnerability |
Microsoft | Microsoft Teams | CVE-2023-24881 | Microsoft Teams Information Disclosure Vulnerability |
Microsoft | Microsoft Windows Codecs Library | CVE-2023-29340 | AV1 Video Extension Remote Code Execution Vulnerability |
Microsoft | Microsoft Windows Codecs Library | CVE-2023-29341 | AV1 Video Extension Remote Code Execution Vulnerability |
Microsoft | Remote Desktop Client | CVE-2023-24905 | Remote Desktop Client Remote Code Execution Vulnerability |
Microsoft | SysInternals | CVE-2023-29343 | SysInternals Sysmon for Windows Elevation of Privilege Vulnerability |
Microsoft | Visual Studio Code | CVE-2023-29338 | Visual Studio Code Information Disclosure Vulnerability |
Microsoft | Windows Backup Engine | CVE-2023-24946 | Windows Backup Service Elevation of Privilege Vulnerability |
Microsoft | Windows Installer | CVE-2023-24904 | Windows Installer Elevation of Privilege Vulnerability |
Microsoft | Windows iSCSI Target Service | CVE-2023-24945 | Windows iSCSI Target Service Information Disclosure Vulnerability |
Microsoft | Windows Kernel | CVE-2023-24949 | Windows Kernel Elevation of Privilege Vulnerability |
Microsoft | Windows LDAP - Lightweight Directory Access Protocol | CVE-2023-28283 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
Microsoft | Windows MSHTML Platform | CVE-2023-29324 | Windows MSHTML Platform Security Feature Bypass Vulnerability |
Microsoft | Windows Network File System | CVE-2023-24941 | Windows Network File System Remote Code Execution Vulnerability |
Microsoft | Windows NFS Portmapper | CVE-2023-24901 | Windows NFS Portmapper Information Disclosure Vulnerability |
Microsoft | Windows NFS Portmapper | CVE-2023-24939 | Server for NFS Denial of Service Vulnerability |
Microsoft | Windows NTLM | CVE-2023-24900 | Windows NTLM Security Support Provider Information Disclosure Vulnerability |
Microsoft | Windows OLE | CVE-2023-29325 | Windows OLE Remote Code Execution Vulnerability |
Microsoft | Windows PGM | CVE-2023-24940 | Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability |
Microsoft | Windows PGM | CVE-2023-24943 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability |
Microsoft | Windows RDP Client | CVE-2023-28290 | Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability |
Microsoft | Windows Remote Procedure Call Runtime | CVE-2023-24942 | Remote Procedure Call Runtime Denial of Service Vulnerability |
Microsoft | Windows Secure Boot | CVE-2023-28251 | Windows Driver Revocation List Security Feature Bypass Vulnerability |
Microsoft | Windows Secure Boot | CVE-2023-24932 | Secure Boot Security Feature Bypass Vulnerability |
Microsoft | Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2023-24903 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
Microsoft | Windows SMB | CVE-2023-24898 | Windows SMB Denial of Service Vulnerability |
Microsoft | Windows Win32K | CVE-2023-29336 | Win32k Elevation of Privilege Vulnerability |
Microsoft | Windows Win32K | CVE-2023-24902 | Win32k Elevation of Privilege Vulnerability |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-2459
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2023-2459 Inappropriate implementation in Prompts
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    05-May-23     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-2459 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
113.0.1774.35 | No | None |
CVE ID | Acknowledgements |
CVE-2023-2459 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-2460
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2023-2460 Insufficient validation of untrusted input in Extensions
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    05-May-23     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-2460 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
113.0.1774.35 | No | None |
CVE ID | Acknowledgements |
CVE-2023-2460 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-2462
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2023-2462 Inappropriate implementation in Prompts
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    05-May-23     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-2462 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
113.0.1774.35 | No | None |
CVE ID | Acknowledgements |
CVE-2023-2462 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-2463
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2023-2463 Inappropriate implementation in Full Screen Mode
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    05-May-23     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-2463 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
113.0.1774.35 | No | None |
CVE ID | Acknowledgements |
CVE-2023-2463 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-2464
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2023-2464 Inappropriate implementation in PictureInPicture
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    05-May-23     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-2464 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
113.0.1774.35 | No | None |
CVE ID | Acknowledgements |
CVE-2023-2464 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-2465
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2023-2465 Inappropriate implementation in CORS
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    05-May-23     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-2465 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
113.0.1774.35 | No | None |
CVE ID | Acknowledgements |
CVE-2023-2465 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-2466
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2023-2466 Inappropriate implementation in Prompts
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    05-May-23     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-2466 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
113.0.1774.35 | No | None |
CVE ID | Acknowledgements |
CVE-2023-2466 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-2467
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2023-2467 Inappropriate implementation in Prompts
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    05-May-23     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-2467 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
113.0.1774.35 | No | None |
CVE ID | Acknowledgements |
CVE-2023-2467 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-2468
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2023-2468 Inappropriate implementation in PictureInPicture
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    05-May-23     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-2468 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
113.0.1774.35 | No | None |
CVE ID | Acknowledgements |
CVE-2023-2468 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-24881
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Teams Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? This vulnerability could disclose sensitive information, which might include a user's full trust token. How could an attacker exploit the vulnerability? In a network-based attack, an attacker could host a site containing malicious code. When a target accesses that site, it could force open a full trust application and potentially obtain a user's full trust token. Are there additional steps that I need to take to be protected from this vulnerability? Yes. You must upgrade to the latest Teams Javascript SDK library. Additionally, do not refer to any domain that is outside of your control and avoid any wildcard domains. The following steps are required:
Resources: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user navigate to a malicious site hosted on *.sharepoint.com. Mitigations: None Workarounds: None Revision: 1.0    09-May-23     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-24881 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Teams | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
2.10.1 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2023-24881 | Dan Saunders with Microsoft Trevor Harris with Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-28283
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit this vulnerability? An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through a specially crafted set of LDAP calls to execute arbitrary code within the context of the LDAP service. Mitigations: None Workarounds: None Revision: 1.0    09-May-23     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-28283 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5026382 (Security Update) | Critical | Remote Code Execution | 5025234 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.19926 | Yes | None |
Windows 10 for x64-based Systems | 5026382 (Security Update) | Critical | Remote Code Execution | 5025234 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.19926 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5026363 (Security Update) | Critical | Remote Code Execution | 5025228 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5026363 (Security Update) | Critical | Remote Code Execution | 5025228 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5026362 (Security Update) | Critical | Remote Code Execution | 5025229 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 1809 for ARM64-based Systems | 5026362 (Security Update) | Critical | Remote Code Execution | 5025229 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 1809 for x64-based Systems | 5026362 (Security Update) | Critical | Remote Code Execution | 5025229 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 20H2 for 32-bit Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 20H2 for ARM64-based Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 20H2 for x64-based Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for 32-bit Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for ARM64-based Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for x64-based Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for 32-bit Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for ARM64-based Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for x64-based Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 11 version 21H2 for ARM64-based Systems | 5026368 (Security Update) | Critical | Remote Code Execution | 5025224 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 version 21H2 for x64-based Systems | 5026368 (Security Update) | Critical | Remote Code Execution | 5025224 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 Version 22H2 for ARM64-based Systems | 5026372 (Security Update) | Critical | Remote Code Execution | 5025239 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows 11 Version 22H2 for x64-based Systems | 5026372 (Security Update) | Critical | Remote Code Execution | 5025239 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Critical | Remote Code Execution | 5025271 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Critical | Remote Code Execution | 5025271 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Critical | Remote Code Execution | 5025271 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Critical | Remote Code Execution | 5025271 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5026413 (Monthly Rollup) 5026426 (Security Only) |
Critical | Remote Code Execution | 5025279 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26519 |
Yes | 5026413 5026426 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5026413 (Monthly Rollup) 5026426 (Security Only) |
Critical | Remote Code Execution | 5025279 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26519 |
Yes | 5026413 5026426 |
Windows Server 2012 | 5026419 (Monthly Rollup) 5026411 (Security Only) |
Critical | Remote Code Execution | 5025287 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24266 | Yes | None |
Windows Server 2012 (Server Core installation) | 5026419 (Monthly Rollup) 5026411 (Security Only) |
Critical | Remote Code Execution | 5025287 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24266 | Yes | None |
Windows Server 2012 R2 | 5026415 (Monthly Rollup) 5026409 (Security Only) |
Critical | Remote Code Execution | 5025285 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.20969 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5026415 (Monthly Rollup) 5026409 (Security Only) |
Critical | Remote Code Execution | 5025285 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.20969 | Yes | None |
Windows Server 2016 | 5026363 (Security Update) | Critical | Remote Code Execution | 5025228 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows Server 2016 (Server Core installation) | 5026363 (Security Update) | Critical | Remote Code Execution | 5025228 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows Server 2019 | 5026362 (Security Update) | Critical | Remote Code Execution | 5025229 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows Server 2019 (Server Core installation) | 5026362 (Security Update) | Critical | Remote Code Execution | 5025229 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows Server 2022 | 5026370 (Security Update) 5026456 (Security Hotpatch Update) |
Critical | Remote Code Execution | 5025230 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1726 10.0.20348.1724 |
Yes | 5026370 |
Windows Server 2022 (Server Core installation) | 5026370 (Security Update) 5026456 (Security Hotpatch Update) |
Critical | Remote Code Execution | 5025230 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1726 10.0.20348.1724 |
Yes | 5026370 |
CVE ID | Acknowledgements |
CVE-2023-28283 | Yuki Chen with Cyber KunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-24898
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows SMB Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: What version of Windows Server 2022 is affected by this vulnerability? This vulnerability only affects the hotpatch version of Windows Server 2022. If you are not running this version of the operating system, no action is required for this vulnerability. What is SMB over QUIC? SMB over QUIC introduces an alternative to the TCP network transport, providing secure, reliable connectivity to edge file servers over untrusted networks like the Internet. QUIC is an IETF-standardized protocol with many benefits when compared to TCP. For more information, please visit: SMB over QUIC. Mitigations: None Workarounds: None Revision: 1.0    09-May-23     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-24898 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2022 | 5026456 (Security Hotpatch Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1724 | Yes | None |
Windows Server 2022 (Server Core installation) | 5026456 (Security Hotpatch Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1724 | Yes | None |
CVE ID | Acknowledgements |
CVE-2023-24898 | Ben Barnea with Akamai Technologies |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-24899
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Graphics Component Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    09-May-23     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-24899 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 11 version 21H2 for ARM64-based Systems | 5026368 (Security Update) | Important | Elevation of Privilege | 5025224 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 version 21H2 for x64-based Systems | 5026368 (Security Update) | Important | Elevation of Privilege | 5025224 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 Version 22H2 for ARM64-based Systems | 5026372 (Security Update) | Important | Elevation of Privilege | 5025239 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows 11 Version 22H2 for x64-based Systems | 5026372 (Security Update) | Important | Elevation of Privilege | 5025239 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows Server 2022 | 5026370 (Security Update) 5026456 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5025230 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1726 10.0.20348.1724 |
Yes | 5026370 |
Windows Server 2022 (Server Core installation) | 5026370 (Security Update) 5026456 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5025230 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1726 10.0.20348.1724 |
Yes | 5026370 |
CVE ID | Acknowledgements |
CVE-2023-24899 | Zhang WangJunJie, He YiSheng, Li WenYue, QinFu Xu with Hillstone Network Security Research Institute |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-24939
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Server for NFS Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    09-May-23     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-24939 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5026382 (Security Update) | Important | Denial of Service | 5025234 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.19926 | Yes | None |
Windows 10 for x64-based Systems | 5026382 (Security Update) | Important | Denial of Service | 5025234 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.19926 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5026363 (Security Update) | Important | Denial of Service | 5025228 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5026363 (Security Update) | Important | Denial of Service | 5025228 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5026362 (Security Update) | Important | Denial of Service | 5025229 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 1809 for ARM64-based Systems | 5026362 (Security Update) | Important | Denial of Service | 5025229 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 1809 for x64-based Systems | 5026362 (Security Update) | Important | Denial of Service | 5025229 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 20H2 for 32-bit Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 20H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 20H2 for x64-based Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for 32-bit Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for x64-based Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for 32-bit Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for x64-based Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 11 version 21H2 for ARM64-based Systems | 5026368 (Security Update) | Important | Denial of Service | 5025224 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 version 21H2 for x64-based Systems | 5026368 (Security Update) | Important | Denial of Service | 5025224 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 Version 22H2 for ARM64-based Systems | 5026372 (Security Update) | Important | Denial of Service | 5025239 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows 11 Version 22H2 for x64-based Systems | 5026372 (Security Update) | Important | Denial of Service | 5025239 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows Server 2012 | 5026419 (Monthly Rollup) 5026411 (Security Only) |
Important | Denial of Service | 5025287 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24266 | Yes | None |
Windows Server 2012 (Server Core installation) | 5026419 (Monthly Rollup) 5026411 (Security Only) |
Important | Denial of Service | 5025287 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24266 | Yes | None |
Windows Server 2012 R2 | 5026415 (Monthly Rollup) 5026409 (Security Only) |
Important | Denial of Service | 5025285 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.20969 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5026415 (Monthly Rollup) 5026409 (Security Only) |
Important | Denial of Service | 5025285 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.20969 | Yes | None |
Windows Server 2016 | 5026363 (Security Update) | Important | Denial of Service | 5025228 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows Server 2016 (Server Core installation) | 5026363 (Security Update) | Important | Denial of Service | 5025228 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows Server 2019 | 5026362 (Security Update) | Important | Denial of Service | 5025229 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows Server 2019 (Server Core installation) | 5026362 (Security Update) | Important | Denial of Service | 5025229 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows Server 2022 | 5026370 (Security Update) 5026456 (Security Hotpatch Update) |
Important | Denial of Service | 5025230 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1726 10.0.20348.1724 |
Yes | 5026370 |
Windows Server 2022 (Server Core installation) | 5026370 (Security Update) 5026456 (Security Hotpatch Update) |
Important | Denial of Service | 5025230 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1726 10.0.20348.1724 |
Yes | 5026370 |
CVE ID | Acknowledgements |
CVE-2023-24939 | Wei in Kunlun Lab with Cyber KunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-24900
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows NTLM Security Support Provider Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.2
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. Mitigations: None Workarounds: None Revision: 1.0    09-May-23     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-24900 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5026382 (Security Update) | Important | Information Disclosure | 5025234 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.19926 | Yes | None |
Windows 10 for x64-based Systems | 5026382 (Security Update) | Important | Information Disclosure | 5025234 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.19926 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5026363 (Security Update) | Important | Information Disclosure | 5025228 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5026363 (Security Update) | Important | Information Disclosure | 5025228 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5026362 (Security Update) | Important | Information Disclosure | 5025229 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 1809 for ARM64-based Systems | 5026362 (Security Update) | Important | Information Disclosure | 5025229 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 1809 for x64-based Systems | 5026362 (Security Update) | Important | Information Disclosure | 5025229 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 20H2 for 32-bit Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 20H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 20H2 for x64-based Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for 32-bit Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for x64-based Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for 32-bit Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for x64-based Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 11 version 21H2 for ARM64-based Systems | 5026368 (Security Update) | Important | Information Disclosure | 5025224 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 version 21H2 for x64-based Systems | 5026368 (Security Update) | Important | Information Disclosure | 5025224 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 Version 22H2 for ARM64-based Systems | 5026372 (Security Update) | Important | Information Disclosure | 5025239 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows 11 Version 22H2 for x64-based Systems | 5026372 (Security Update) | Important | Information Disclosure | 5025239 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Important | Information Disclosure | 5025271 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Important | Information Disclosure | 5025271 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Important | Information Disclosure | 5025271 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Important | Information Disclosure | 5025271 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5026413 (Monthly Rollup) 5026426 (Security Only) |
Important | Information Disclosure | 5025279 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26519 |
Yes | 5026413 5026426 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5026413 (Monthly Rollup) 5026426 (Security Only) |
Important | Information Disclosure | 5025279 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26519 |
Yes | 5026413 5026426 |
Windows Server 2012 | 5026419 (Monthly Rollup) 5026411 (Security Only) |
Important | Information Disclosure | 5025287 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24266 | Yes | None |
Windows Server 2012 (Server Core installation) | 5026419 (Monthly Rollup) 5026411 (Security Only) |
Important | Information Disclosure | 5025287 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24266 | Yes | None |
Windows Server 2012 R2 | 5026415 (Monthly Rollup) 5026409 (Security Only) |
Important | Information Disclosure | 5025285 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.20969 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5026415 (Monthly Rollup) 5026409 (Security Only) |
Important | Information Disclosure | 5025285 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.20969 | Yes | None |
Windows Server 2016 | 5026363 (Security Update) | Important | Information Disclosure | 5025228 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows Server 2016 (Server Core installation) | 5026363 (Security Update) | Important | Information Disclosure | 5025228 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows Server 2019 | 5026362 (Security Update) | Important | Information Disclosure | 5025229 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows Server 2019 (Server Core installation) | 5026362 (Security Update) | Important | Information Disclosure | 5025229 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows Server 2022 | 5026370 (Security Update) 5026456 (Security Hotpatch Update) |
Important | Information Disclosure | 5025230 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1726 10.0.20348.1724 |
Yes | 5026370 |
Windows Server 2022 (Server Core installation) | 5026370 (Security Update) 5026456 (Security Hotpatch Update) |
Important | Information Disclosure | 5025230 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1726 10.0.20348.1724 |
Yes | 5026370 |
CVE ID | Acknowledgements |
CVE-2023-24900 | JeongOh Kyea with THEORI |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-24940
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    09-May-23     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-24940 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5026382 (Security Update) | Important | Denial of Service | 5025234 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.19926 | Yes | None |
Windows 10 for x64-based Systems | 5026382 (Security Update) | Important | Denial of Service | 5025234 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.19926 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5026363 (Security Update) | Important | Denial of Service | 5025228 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5026363 (Security Update) | Important | Denial of Service | 5025228 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5026362 (Security Update) | Important | Denial of Service | 5025229 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 1809 for ARM64-based Systems | 5026362 (Security Update) | Important | Denial of Service | 5025229 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 1809 for x64-based Systems | 5026362 (Security Update) | Important | Denial of Service | 5025229 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 20H2 for 32-bit Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 20H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 20H2 for x64-based Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for 32-bit Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for x64-based Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for 32-bit Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for x64-based Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 11 version 21H2 for ARM64-based Systems | 5026368 (Security Update) | Important | Denial of Service | 5025224 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 version 21H2 for x64-based Systems | 5026368 (Security Update) | Important | Denial of Service | 5025224 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 Version 22H2 for ARM64-based Systems | 5026372 (Security Update) | Important | Denial of Service | 5025239 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows 11 Version 22H2 for x64-based Systems | 5026372 (Security Update) | Important | Denial of Service | 5025239 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Important | Denial of Service | 5025271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Important | Denial of Service | 5025271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Important | Denial of Service | 5025271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Important | Denial of Service | 5025271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5026413 (Monthly Rollup) 5026426 (Security Only) |
Important | Denial of Service | 5025279 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26519 |
Yes | 5026413 5026426 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5026413 (Monthly Rollup) 5026426 (Security Only) |
Important | Denial of Service | 5025279 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26519 |
Yes | 5026413 5026426 |
Windows Server 2012 | 5026419 (Monthly Rollup) 5026411 (Security Only) |
Important | Denial of Service | 5025287 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24266 | Yes | None |
Windows Server 2012 (Server Core installation) | 5026419 (Monthly Rollup) 5026411 (Security Only) |
Important | Denial of Service | 5025287 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24266 | Yes | None |
Windows Server 2012 R2 | 5026415 (Monthly Rollup) 5026409 (Security Only) |
Important | Denial of Service | 5025285 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.20969 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5026415 (Monthly Rollup) 5026409 (Security Only) |
Important | Denial of Service | 5025285 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.20969 | Yes | None |
Windows Server 2016 | 5026363 (Security Update) | Important | Denial of Service | 5025228 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows Server 2016 (Server Core installation) | 5026363 (Security Update) | Important | Denial of Service | 5025228 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows Server 2019 | 5026362 (Security Update) | Important | Denial of Service | 5025229 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows Server 2019 (Server Core installation) | 5026362 (Security Update) | Important | Denial of Service | 5025229 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows Server 2022 | 5026370 (Security Update) 5026456 (Security Hotpatch Update) |
Important | Denial of Service | 5025230 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1726 10.0.20348.1724 |
Yes | 5026370 |
Windows Server 2022 (Server Core installation) | 5026370 (Security Update) 5026456 (Security Hotpatch Update) |
Important | Denial of Service | 5025230 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1726 10.0.20348.1724 |
Yes | 5026370 |
CVE ID | Acknowledgements |
CVE-2023-24940 | Jarvis_1oop of vulnerability research institute |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-24901
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows NFS Portmapper Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0    09-May-23     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-24901 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5026382 (Security Update) | Important | Information Disclosure | 5025234 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.19926 | Yes | None |
Windows 10 for x64-based Systems | 5026382 (Security Update) | Important | Information Disclosure | 5025234 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.19926 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5026363 (Security Update) | Important | Information Disclosure | 5025228 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5026363 (Security Update) | Important | Information Disclosure | 5025228 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5026362 (Security Update) | Important | Information Disclosure | 5025229 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 1809 for ARM64-based Systems | 5026362 (Security Update) | Important | Information Disclosure | 5025229 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 1809 for x64-based Systems | 5026362 (Security Update) | Important | Information Disclosure | 5025229 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 20H2 for 32-bit Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 20H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 20H2 for x64-based Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for 32-bit Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for x64-based Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for 32-bit Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for x64-based Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 11 version 21H2 for ARM64-based Systems | 5026368 (Security Update) | Important | Information Disclosure | 5025224 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 version 21H2 for x64-based Systems | 5026368 (Security Update) | Important | Information Disclosure | 5025224 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 Version 22H2 for ARM64-based Systems | 5026372 (Security Update) | Important | Information Disclosure | 5025239 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows 11 Version 22H2 for x64-based Systems | 5026372 (Security Update) | Important | Information Disclosure | 5025239 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows Server 2012 | 5026419 (Monthly Rollup) 5026411 (Security Only) |
Important | Information Disclosure | 5025287 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24266 | Yes | None |
Windows Server 2012 (Server Core installation) | 5026419 (Monthly Rollup) 5026411 (Security Only) |
Important | Information Disclosure | 5025287 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24266 | Yes | None |
Windows Server 2012 R2 | 5026415 (Monthly Rollup) 5026409 (Security Only) |
Important | Information Disclosure | 5025285 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.20969 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5026415 (Monthly Rollup) 5026409 (Security Only) |
Important | Information Disclosure | 5025285 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.20969 | Yes | None |
Windows Server 2016 | 5026363 (Security Update) | Important | Information Disclosure | 5025228 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows Server 2016 (Server Core installation) | 5026363 (Security Update) | Important | Information Disclosure | 5025228 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows Server 2019 | 5026362 (Security Update) | Important | Information Disclosure | 5025229 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows Server 2019 (Server Core installation) | 5026362 (Security Update) | Important | Information Disclosure | 5025229 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows Server 2022 | 5026370 (Security Update) 5026456 (Security Hotpatch Update) |
Important | Information Disclosure | 5025230 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1726 10.0.20348.1724 |
Yes | 5026370 |
Windows Server 2022 (Server Core installation) | 5026370 (Security Update) 5026456 (Security Hotpatch Update) |
Important | Information Disclosure | 5025230 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1726 10.0.20348.1724 |
Yes | 5026370 |
CVE ID | Acknowledgements |
CVE-2023-24901 | Wei in Kunlun Lab with Cyber KunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-24941
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Network File System Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.8/TemporalScore:8.5
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE). Mitigations: Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation: This vulnerability is not exploitable in NFSV2.0 or NFSV3.0. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV4.1. This could adversely affect your ecosystem and should only be used as a temporary mitigation. Warning You should NOT apply this mitigation unless you have installed the May 2022 Windows security updates. Those updates address CVE-2022-26937 which is a Critical vulnerability in NFSV2.0 and NFSV3.0. The following PowerShell command will disable those versions:
After running the command, you will need to restart NFS server or reboot the machine. To restart NFS server, start a cmd window with Run as Administrator, enter the following commands:
To confirm that NFSv4.1 has been turned off, run the following command in a Powershell window:
Here is the sample output. Notice the EnableNFSv4.1 is "False" now:
To re-enable NFSv4.1 after you have installed the security update, enter the following command:
Again, after running the command you will need to restart NFS server or reboot the machine. Workarounds: None Revision: 1.0    09-May-23     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-24941 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2012 | 5026419 (Monthly Rollup) 5026411 (Security Only) |
Critical | Remote Code Execution | 5025287 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24266 | Yes | None |
Windows Server 2012 (Server Core installation) | 5026419 (Monthly Rollup) 5026411 (Security Only) |
Critical | Remote Code Execution | 5025287 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24266 | Yes | None |
Windows Server 2012 R2 | 5026415 (Monthly Rollup) 5026409 (Security Only) |
Critical | Remote Code Execution | 5025285 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.20969 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5026415 (Monthly Rollup) 5026409 (Security Only) |
Critical | Remote Code Execution | 5025285 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.20969 | Yes | None |
Windows Server 2016 | 5026363 (Security Update) | Critical | Remote Code Execution | 5025228 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows Server 2016 (Server Core installation) | 5026363 (Security Update) | Critical | Remote Code Execution | 5025228 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows Server 2019 | 5026362 (Security Update) | Critical | Remote Code Execution | 5025229 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows Server 2019 (Server Core installation) | 5026362 (Security Update) | Critical | Remote Code Execution | 5025229 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows Server 2022 | 5026370 (Security Update) 5026456 (Security Hotpatch Update) |
Critical | Remote Code Execution | 5025230 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1726 10.0.20348.1724 |
Yes | 5026370 |
Windows Server 2022 (Server Core installation) | 5026370 (Security Update) 5026456 (Security Hotpatch Update) |
Critical | Remote Code Execution | 5025230 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1726 10.0.20348.1724 |
Yes | 5026370 |
CVE ID | Acknowledgements |
CVE-2023-24941 | Wei in Kunlun Lab with Cyber KunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-24902
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    09-May-23     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-24902 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 11 version 21H2 for ARM64-based Systems | 5026368 (Security Update) | Important | Elevation of Privilege | 5025224 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 version 21H2 for x64-based Systems | 5026368 (Security Update) | Important | Elevation of Privilege | 5025224 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 Version 22H2 for ARM64-based Systems | 5026372 (Security Update) | Important | Elevation of Privilege | 5025239 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows 11 Version 22H2 for x64-based Systems | 5026372 (Security Update) | Important | Elevation of Privilege | 5025239 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
CVE ID | Acknowledgements |
CVE-2023-24902 | Hou Xiantong(Bl1nnnk) with Wuheng Lab of ByteDance |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-24942
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Remote Procedure Call Runtime Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    09-May-23     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-24942 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5026382 (Security Update) | Important | Denial of Service | 5025234 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.19926 | Yes | None |
Windows 10 for x64-based Systems | 5026382 (Security Update) | Important | Denial of Service | 5025234 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.19926 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5026363 (Security Update) | Important | Denial of Service | 5025228 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5026363 (Security Update) | Important | Denial of Service | 5025228 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5026362 (Security Update) | Important | Denial of Service | 5025229 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 1809 for ARM64-based Systems | 5026362 (Security Update) | Important | Denial of Service | 5025229 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 1809 for x64-based Systems | 5026362 (Security Update) | Important | Denial of Service | 5025229 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 20H2 for 32-bit Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 20H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 20H2 for x64-based Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for 32-bit Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for x64-based Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for 32-bit Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for x64-based Systems | 5026361 (Security Update) | Important | Denial of Service | 5025221 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 11 version 21H2 for ARM64-based Systems | 5026368 (Security Update) | Important | Denial of Service | 5025224 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 version 21H2 for x64-based Systems | 5026368 (Security Update) | Important | Denial of Service | 5025224 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 Version 22H2 for ARM64-based Systems | 5026372 (Security Update) | Important | Denial of Service | 5025239 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows 11 Version 22H2 for x64-based Systems | 5026372 (Security Update) | Important | Denial of Service | 5025239 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Important | Denial of Service | 5025271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Important | Denial of Service | 5025271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Important | Denial of Service | 5025271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Important | Denial of Service | 5025271 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5026413 (Monthly Rollup) 5026426 (Security Only) |
Important | Denial of Service | 5025279 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26519 |
Yes | 5026413 5026426 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5026413 (Monthly Rollup) 5026426 (Security Only) |
Important | Denial of Service | 5025279 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26519 |
Yes | 5026413 5026426 |
Windows Server 2012 | 5026419 (Monthly Rollup) 5026411 (Security Only) |
Important | Denial of Service | 5025287 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24266 | Yes | None |
Windows Server 2012 (Server Core installation) | 5026419 (Monthly Rollup) 5026411 (Security Only) |
Important | Denial of Service | 5025287 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24266 | Yes | None |
Windows Server 2012 R2 | 5026415 (Monthly Rollup) 5026409 (Security Only) |
Important | Denial of Service | 5025285 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.20969 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5026415 (Monthly Rollup) 5026409 (Security Only) |
Important | Denial of Service | 5025285 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.20969 | Yes | None |
Windows Server 2016 | 5026363 (Security Update) | Important | Denial of Service | 5025228 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows Server 2016 (Server Core installation) | 5026363 (Security Update) | Important | Denial of Service | 5025228 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows Server 2019 | 5026362 (Security Update) | Important | Denial of Service | 5025229 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows Server 2019 (Server Core installation) | 5026362 (Security Update) | Important | Denial of Service | 5025229 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows Server 2022 | 5026370 (Security Update) 5026456 (Security Hotpatch Update) |
Important | Denial of Service | 5025230 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1726 10.0.20348.1724 |
Yes | 5026370 |
Windows Server 2022 (Server Core installation) | 5026370 (Security Update) 5026456 (Security Hotpatch Update) |
Important | Denial of Service | 5025230 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1726 10.0.20348.1724 |
Yes | 5026370 |
CVE ID | Acknowledgements |
CVE-2023-24942 | Microsoft Offensive Research & Security Engineering |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-24903
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker would need to send a specially crafted malicious SSTP packet to a SSTP server. This could result in remote code execution on the server side. Mitigations: None Workarounds: None Revision: 1.0    09-May-23     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-24903 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5026382 (Security Update) | Critical | Remote Code Execution | 5025234 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.19926 | Yes | None |
Windows 10 for x64-based Systems | 5026382 (Security Update) | Critical | Remote Code Execution | 5025234 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.19926 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5026363 (Security Update) | Critical | Remote Code Execution | 5025228 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5026363 (Security Update) | Critical | Remote Code Execution | 5025228 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5026362 (Security Update) | Critical | Remote Code Execution | 5025229 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 1809 for ARM64-based Systems | 5026362 (Security Update) | Critical | Remote Code Execution | 5025229 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 1809 for x64-based Systems | 5026362 (Security Update) | Critical | Remote Code Execution | 5025229 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 20H2 for 32-bit Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 20H2 for ARM64-based Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 20H2 for x64-based Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for 32-bit Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for ARM64-based Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for x64-based Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for 32-bit Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for ARM64-based Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for x64-based Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 11 version 21H2 for ARM64-based Systems | 5026368 (Security Update) | Critical | Remote Code Execution | 5025224 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 version 21H2 for x64-based Systems | 5026368 (Security Update) | Critical | Remote Code Execution | 5025224 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 Version 22H2 for ARM64-based Systems | 5026372 (Security Update) | Critical | Remote Code Execution | 5025239 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows 11 Version 22H2 for x64-based Systems | 5026372 (Security Update) | Critical | Remote Code Execution | 5025239 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Critical | Remote Code Execution | 5025271 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Critical | Remote Code Execution | 5025271 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Critical | Remote Code Execution | 5025271 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Critical | Remote Code Execution | 5025271 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5026413 (Monthly Rollup) 5026426 (Security Only) |
Critical | Remote Code Execution | 5025279 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26519 |
Yes | 5026413 5026426 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5026413 (Monthly Rollup) 5026426 (Security Only) |
Critical | Remote Code Execution | 5025279 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26519 |
Yes | 5026413 5026426 |
Windows Server 2012 | 5026419 (Monthly Rollup) 5026411 (Security Only) |
Critical | Remote Code Execution | 5025287 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24266 | Yes | None |
Windows Server 2012 (Server Core installation) | 5026419 (Monthly Rollup) 5026411 (Security Only) |
Critical | Remote Code Execution | 5025287 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24266 | Yes | None |
Windows Server 2012 R2 | 5026415 (Monthly Rollup) 5026409 (Security Only) |
Critical | Remote Code Execution | 5025285 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.20969 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5026415 (Monthly Rollup) 5026409 (Security Only) |
Critical | Remote Code Execution | 5025285 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.20969 | Yes | None |
Windows Server 2016 | 5026363 (Security Update) | Critical | Remote Code Execution | 5025228 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows Server 2016 (Server Core installation) | 5026363 (Security Update) | Critical | Remote Code Execution | 5025228 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows Server 2019 | 5026362 (Security Update) | Critical | Remote Code Execution | 5025229 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows Server 2019 (Server Core installation) | 5026362 (Security Update) | Critical | Remote Code Execution | 5025229 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows Server 2022 | 5026370 (Security Update) 5026456 (Security Hotpatch Update) |
Critical | Remote Code Execution | 5025230 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1726 10.0.20348.1724 |
Yes | 5026370 |
Windows Server 2022 (Server Core installation) | 5026370 (Security Update) 5026456 (Security Hotpatch Update) |
Critical | Remote Code Execution | 5025230 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1726 10.0.20348.1724 |
Yes | 5026370 |
CVE ID | Acknowledgements |
CVE-2023-24903 | Yuki Chen with Cyber KunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-24943
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.8/TemporalScore:8.5
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? When Windows Message Queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. Mitigations: Only PGM Server is vulnerable to this vulnerability. To mitigate risk, Microsoft recommends customers deploy newer technologies such as Unicast or Multicast server. Workarounds: None Revision: 1.0    09-May-23     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-24943 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5026382 (Security Update) | Critical | Remote Code Execution | 5025234 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.19926 | Yes | None |
Windows 10 for x64-based Systems | 5026382 (Security Update) | Critical | Remote Code Execution | 5025234 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.19926 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5026363 (Security Update) | Critical | Remote Code Execution | 5025228 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5026363 (Security Update) | Critical | Remote Code Execution | 5025228 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5026362 (Security Update) | Critical | Remote Code Execution | 5025229 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 1809 for ARM64-based Systems | 5026362 (Security Update) | Critical | Remote Code Execution | 5025229 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 1809 for x64-based Systems | 5026362 (Security Update) | Critical | Remote Code Execution | 5025229 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 20H2 for 32-bit Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 20H2 for ARM64-based Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 20H2 for x64-based Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for 32-bit Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for ARM64-based Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for x64-based Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for 32-bit Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for ARM64-based Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for x64-based Systems | 5026361 (Security Update) | Critical | Remote Code Execution | 5025221 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 11 version 21H2 for ARM64-based Systems | 5026368 (Security Update) | Critical | Remote Code Execution | 5025224 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 version 21H2 for x64-based Systems | 5026368 (Security Update) | Critical | Remote Code Execution | 5025224 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 Version 22H2 for ARM64-based Systems | 5026372 (Security Update) | Critical | Remote Code Execution | 5025239 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows 11 Version 22H2 for x64-based Systems | 5026372 (Security Update) | Critical | Remote Code Execution | 5025239 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Critical | Remote Code Execution | 5025271 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Critical | Remote Code Execution | 5025271 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Critical | Remote Code Execution | 5025271 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Critical | Remote Code Execution | 5025271 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5026413 (Monthly Rollup) 5026426 (Security Only) |
Critical | Remote Code Execution | 5025279 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26519 |
Yes | 5026413 5026426 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5026413 (Monthly Rollup) 5026426 (Security Only) |
Critical | Remote Code Execution | 5025279 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26519 |
Yes | 5026413 5026426 |
Windows Server 2012 | 5026419 (Monthly Rollup) 5026411 (Security Only) |
Critical | Remote Code Execution | 5025287 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24266 | Yes | None |
Windows Server 2012 (Server Core installation) | 5026419 (Monthly Rollup) 5026411 (Security Only) |
Critical | Remote Code Execution | 5025287 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24266 | Yes | None |
Windows Server 2012 R2 | 5026415 (Monthly Rollup) 5026409 (Security Only) |
Critical | Remote Code Execution | 5025285 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.20969 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5026415 (Monthly Rollup) 5026409 (Security Only) |
Critical | Remote Code Execution | 5025285 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.20969 | Yes | None |
Windows Server 2016 | 5026363 (Security Update) | Critical | Remote Code Execution | 5025228 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows Server 2016 (Server Core installation) | 5026363 (Security Update) | Critical | Remote Code Execution | 5025228 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows Server 2019 | 5026362 (Security Update) | Critical | Remote Code Execution | 5025229 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows Server 2019 (Server Core installation) | 5026362 (Security Update) | Critical | Remote Code Execution | 5025229 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows Server 2022 | 5026370 (Security Update) 5026456 (Security Hotpatch Update) |
Critical | Remote Code Execution | 5025230 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1726 10.0.20348.1724 |
Yes | 5026370 |
Windows Server 2022 (Server Core installation) | 5026370 (Security Update) 5026456 (Security Hotpatch Update) |
Critical | Remote Code Execution | 5025230 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1726 10.0.20348.1724 |
Yes | 5026370 |
CVE ID | Acknowledgements |
CVE-2023-24943 | Jarvis_1oop of vulnerability research institute |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-24905
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Remote Desktop Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince the user to open said file. How could an attacker exploit this vulnerability? An attacker could host the malicious .rdp file on a file share, a user accessing the .rdp file from the share would be vulnerable to remote code execution. Mitigations: None Workarounds: None Revision: 1.0    09-May-23     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-24905 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 20H2 for 32-bit Systems | 5026361 (Security Update) | Important | Remote Code Execution | 5025221 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 20H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Remote Code Execution | 5025221 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 20H2 for x64-based Systems | 5026361 (Security Update) | Important | Remote Code Execution | 5025221 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for 32-bit Systems | 5026361 (Security Update) | Important | Remote Code Execution | 5025221 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Remote Code Execution | 5025221 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for x64-based Systems | 5026361 (Security Update) | Important | Remote Code Execution | 5025221 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for 32-bit Systems | 5026361 (Security Update) | Important | Remote Code Execution | 5025221 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Remote Code Execution | 5025221 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for x64-based Systems | 5026361 (Security Update) | Important | Remote Code Execution | 5025221 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 11 version 21H2 for ARM64-based Systems | 5026368 (Security Update) | Important | Remote Code Execution | 5025224 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 version 21H2 for x64-based Systems | 5026368 (Security Update) | Important | Remote Code Execution | 5025224 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 Version 22H2 for ARM64-based Systems | 5026372 (Security Update) | Important | Remote Code Execution | 5025239 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows 11 Version 22H2 for x64-based Systems | 5026372 (Security Update) | Important | Remote Code Execution | 5025239 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
CVE ID | Acknowledgements |
CVE-2023-24905 | Dor Dali with Cyolo |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-24944
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Bluetooth Driver Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system in order to send and receive radio transmissions. What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is one byte of kernel memory could be leaked back to the attacker. Mitigations: None Workarounds: None Revision: 1.0    09-May-23     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-24944 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5026362 (Security Update) | Important | Information Disclosure | 5025229 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 1809 for ARM64-based Systems | 5026362 (Security Update) | Important | Information Disclosure | 5025229 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 1809 for x64-based Systems | 5026362 (Security Update) | Important | Information Disclosure | 5025229 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 20H2 for 32-bit Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 20H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 20H2 for x64-based Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for 32-bit Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for x64-based Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for 32-bit Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for x64-based Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 11 version 21H2 for ARM64-based Systems | 5026368 (Security Update) | Important | Information Disclosure | 5025224 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 version 21H2 for x64-based Systems | 5026368 (Security Update) | Important | Information Disclosure | 5025224 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 Version 22H2 for ARM64-based Systems | 5026372 (Security Update) | Important | Information Disclosure | 5025239 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows 11 Version 22H2 for x64-based Systems | 5026372 (Security Update) | Important | Information Disclosure | 5025239 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows Server 2019 | 5026362 (Security Update) | Important | Information Disclosure | 5025229 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows Server 2019 (Server Core installation) | 5026362 (Security Update) | Important | Information Disclosure | 5025229 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows Server 2022 | 5026370 (Security Update) 5026456 (Security Hotpatch Update) |
Important | Information Disclosure | 5025230 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1726 10.0.20348.1724 |
Yes | 5026370 |
Windows Server 2022 (Server Core installation) | 5026370 (Security Update) 5026456 (Security Hotpatch Update) |
Important | Information Disclosure | 5025230 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1726 10.0.20348.1724 |
Yes | 5026370 |
CVE ID | Acknowledgements |
CVE-2023-24944 | Keqi Hu |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-24945
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows iSCSI Target Service Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Mitigations: None Workarounds: None Revision: 1.0    09-May-23     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-24945 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5026382 (Security Update) | Important | Information Disclosure | 5025234 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.19926 | Yes | None |
Windows 10 for x64-based Systems | 5026382 (Security Update) | Important | Information Disclosure | 5025234 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.19926 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5026363 (Security Update) | Important | Information Disclosure | 5025228 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5026363 (Security Update) | Important | Information Disclosure | 5025228 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5026362 (Security Update) | Important | Information Disclosure | 5025229 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 1809 for ARM64-based Systems | 5026362 (Security Update) | Important | Information Disclosure | 5025229 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 1809 for x64-based Systems | 5026362 (Security Update) | Important | Information Disclosure | 5025229 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 20H2 for 32-bit Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 20H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 20H2 for x64-based Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for 32-bit Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for x64-based Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for 32-bit Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for x64-based Systems | 5026361 (Security Update) | Important | Information Disclosure | 5025221 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 11 version 21H2 for ARM64-based Systems | 5026368 (Security Update) | Important | Information Disclosure | 5025224 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 version 21H2 for x64-based Systems | 5026368 (Security Update) | Important | Information Disclosure | 5025224 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 Version 22H2 for ARM64-based Systems | 5026372 (Security Update) | Important | Information Disclosure | 5025239 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows 11 Version 22H2 for x64-based Systems | 5026372 (Security Update) | Important | Information Disclosure | 5025239 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Important | Information Disclosure | 5025271 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Important | Information Disclosure | 5025271 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Important | Information Disclosure | 5025271 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5026408 (Monthly Rollup) 5026427 (Security Only) |
Important | Information Disclosure | 5025271 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22070 |
Yes | 5026408 5026427 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5026413 (Monthly Rollup) 5026426 (Security Only) |
Important | Information Disclosure | 5025279 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26519 |
Yes | 5026413 5026426 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5026413 (Monthly Rollup) 5026426 (Security Only) |
Important | Information Disclosure | 5025279 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26519 |
Yes | 5026413 5026426 |
Windows Server 2012 | 5026419 (Monthly Rollup) 5026411 (Security Only) |
Important | Information Disclosure | 5025287 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24266 | Yes | None |
Windows Server 2012 (Server Core installation) | 5026419 (Monthly Rollup) 5026411 (Security Only) |
Important | Information Disclosure | 5025287 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24266 | Yes | None |
Windows Server 2012 R2 | 5026415 (Monthly Rollup) 5026409 (Security Only) |
Important | Information Disclosure | 5025285 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.20969 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5026415 (Monthly Rollup) 5026409 (Security Only) |
Important | Information Disclosure | 5025285 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.20969 | Yes | None |
Windows Server 2016 | 5026363 (Security Update) | Important | Information Disclosure | 5025228 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows Server 2016 (Server Core installation) | 5026363 (Security Update) | Important | Information Disclosure | 5025228 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows Server 2019 | 5026362 (Security Update) | Important | Information Disclosure | 5025229 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows Server 2019 (Server Core installation) | 5026362 (Security Update) | Important | Information Disclosure | 5025229 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows Server 2022 | 5026370 (Security Update) 5026456 (Security Hotpatch Update) |
Important | Information Disclosure | 5025230 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1726 10.0.20348.1724 |
Yes | 5026370 |
Windows Server 2022 (Server Core installation) | 5026370 (Security Update) 5026456 (Security Hotpatch Update) |
Important | Information Disclosure | 5025230 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1726 10.0.20348.1724 |
Yes | 5026370 |
CVE ID | Acknowledgements |
CVE-2023-24945 | B1aN |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-24946
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Backup Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    09-May-23     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-24946 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5026382 (Security Update) | Important | Elevation of Privilege | 5025234 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.19926 | Yes | None |
Windows 10 for x64-based Systems | 5026382 (Security Update) | Important | Elevation of Privilege | 5025234 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.19926 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5026363 (Security Update) | Important | Elevation of Privilege | 5025228 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5026363 (Security Update) | Important | Elevation of Privilege | 5025228 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5026362 (Security Update) | Important | Elevation of Privilege | 5025229 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 1809 for ARM64-based Systems | 5026362 (Security Update) | Important | Elevation of Privilege | 5025229 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 1809 for x64-based Systems | 5026362 (Security Update) | Important | Elevation of Privilege | 5025229 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows 10 Version 20H2 for 32-bit Systems | 5026361 (Security Update) | Important | Elevation of Privilege | 5025221 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 20H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Elevation of Privilege | 5025221 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 20H2 for x64-based Systems | 5026361 (Security Update) | Important | Elevation of Privilege | 5025221 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19042.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for 32-bit Systems | 5026361 (Security Update) | Important | Elevation of Privilege | 5025221 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Elevation of Privilege | 5025221 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 21H2 for x64-based Systems | 5026361 (Security Update) | Important | Elevation of Privilege | 5025221 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for 32-bit Systems | 5026361 (Security Update) | Important | Elevation of Privilege | 5025221 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for ARM64-based Systems | 5026361 (Security Update) | Important | Elevation of Privilege | 5025221 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 10 Version 22H2 for x64-based Systems | 5026361 (Security Update) | Important | Elevation of Privilege | 5025221 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.2965 |
Yes | 5026361 |
Windows 11 version 21H2 for ARM64-based Systems | 5026368 (Security Update) | Important | Elevation of Privilege | 5025224 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 version 21H2 for x64-based Systems | 5026368 (Security Update) | Important | Elevation of Privilege | 5025224 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1936 |
Yes | 5026368 |
Windows 11 Version 22H2 for ARM64-based Systems | 5026372 (Security Update) | Important | Elevation of Privilege | 5025239 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows 11 Version 22H2 for x64-based Systems | 5026372 (Security Update) | Important | Elevation of Privilege | 5025239 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.1702 |
Yes | 5026372 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5026413 (Monthly Rollup) 5026426 (Security Only) |
Important | Elevation of Privilege | 5025279 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26519 |
Yes | 5026413 5026426 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5026413 (Monthly Rollup) 5026426 (Security Only) |
Important | Elevation of Privilege | 5025279 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26519 |
Yes | 5026413 5026426 |
Windows Server 2016 | 5026363 (Security Update) | Important | Elevation of Privilege | 5025228 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows Server 2016 (Server Core installation) | 5026363 (Security Update) | Important | Elevation of Privilege | 5025228 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.5921 | Yes | None |
Windows Server 2019 | 5026362 (Security Update) | Important | Elevation of Privilege | 5025229 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
Windows Server 2019 (Server Core installation) | 5026362 (Security Update) | Important | Elevation of Privilege | 5025229 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4377 |
Yes | 5026362 |
CVE ID | Acknowledgements |
CVE-2023-24946 | k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2023-24947
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Bluetooth Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7 |