Issuing CNA: Chrome

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2. Click on Help and Feedback
3. Click on About Microsoft Edge

What is the version information for this release?

Information published.

Issuing CNA: Chrome

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2. Click on Help and Feedback
3. Click on About Microsoft Edge

What is the version information for this release?

Information published.

Issuing CNA: Chrome

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2. Click on Help and Feedback
3. Click on About Microsoft Edge

What is the version information for this release?

Information published.

Issuing CNA: Chrome

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2. Click on Help and Feedback
3. Click on About Microsoft Edge

What is the version information for this release?

Information published.

Issuing CNA: Chrome

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2. Click on Help and Feedback
3. Click on About Microsoft Edge

What is the version information for this release?

Information published.

Issuing CNA: Chrome

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2. Click on Help and Feedback
3. Click on About Microsoft Edge

What is the version information for this release?

Information published.

Issuing CNA: Chrome

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2. Click on Help and Feedback
3. Click on About Microsoft Edge

What is the version information for this release?

Information published.

Issuing CNA: Chrome

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2. Click on Help and Feedback
3. Click on About Microsoft Edge

What is the version information for this release?

Information published.

Issuing CNA: Chrome

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2. Click on Help and Feedback
3. Click on About Microsoft Edge

What is the version information for this release?

Information published.

Issuing CNA: Chrome

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2. Click on Help and Feedback
3. Click on About Microsoft Edge

What is the version information for this release?

Information published.

Issuing CNA: Chrome

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2. Click on Help and Feedback
3. Click on About Microsoft Edge

What is the version information for this release?

Information published.

Issuing CNA: Microsoft

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

A user would need to join a malicious Microsoft Teams meeting set up by the attacker.

According to the CVSS metric, the attack vector is network (AV:N) and privilege required is none (PR:N). What is the target used in the context of the remote code execution?

An attacker would be required to trick the victim into joining a Teams meeting which would enable them to perform remote code execution in the context of the victim user. The attacker does not need privileges to attempt to exploit this vulnerability.

According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?

An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the client machine.

Information published.

Issuing CNA: Microsoft

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

A user would need to join a malicious Microsoft Teams meeting set up by the attacker.

According to the CVSS metric, the attack vector is network (AV:N) and privilege required is none (PR:N). What is the target used in the context of the remote code execution?

An attacker would be required to trick the victim into joining a Teams meeting which would enable them to perform remote code execution in the context of the victim user. The attacker does not need privileges to attempt to exploit this vulnerability.

According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?

An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the client machine.

Information published.

Issuing CNA: Microsoft

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

According to the CVSS metrics, the attack vector is local (AV:L) and privilege required is low (PR:L). What does that mean for this vulnerability?

An attacker must have local access to the targeted machine and must be able to create folders and performance traces on the machine, with restricted privileges that normal users have by default.

Information published.

Issuing CNA: Microsoft

According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H) and availability (A:H). What does that mean for this vulnerability?

An attacker who successfully exploited this vulnerability could access a user's Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user.

According to the CVSS metric, the attack vector is adjacent (AV:A), and privilege required is none (PR:N). What does that mean for this vulnerability?

The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution and attempt to trigger malicious code in the context of the server's account through a network call. The attacker needs no privileges to perform this attack.

How could an attacker exploit this vulnerability?

Successful exploitation of this vulnerability could allow an attacker the ability to gain remote code execution via an in-network attacker calling arbitrary endpoints.

Information published.

Issuing CNA: Microsoft

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?

An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the targeted environment.

Information published.

Issuing CNA: Microsoft

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?

An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the targeted environment.

Information published.

Issuing CNA: Microsoft

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

An attacker would have to send the victim a malicious link that the victim would have to click for a successful attack.

According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?

While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. The impact to Confidentiality and Integrity is limited to a single Azure DevOps organization or project, depending on the victim's credentials. Impact to Availability is limited to the victim only.

Information published.

Issuing CNA: Microsoft

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to create a crafted certificate in order to validate themselves as a trusted source.

Information published.

Issuing CNA: Microsoft

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could create or delete files in the security context of the “NT AUTHORITY\ LOCAL SERVICE” account.

According to the CVSS metrics, successful exploitation of this vulnerability does not impact confidentiality (C:N) but has major impact on integrity (I:H) and availability (A:H). What does that mean for this vulnerability?

An attacker who successfully exploits this vulnerability cannot access existing files (C:N) but can write or overwrite file contents (I:H), which potentially may cause the system to become unavailable (A:H).

Information published.

Issuing CNA: Microsoft

According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?

An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable).

The following mitigating factors might be helpful in your situation:

Exploitation of this vulnerability requires an attacker to trick or convince the victim into connecting to their malicious server. If your environment only connects to known, trusted servers and there is no ability to reconfigure existing connections to point to another location (for example you use TLS encryption with certificate validation), the vulnerability cannot be exploited.

Information published.

Issuing CNA: Microsoft

Microsoft has released an update for Microsoft Office that provides enhanced security as a defense in depth measure.

Is this advisory related to the vulnerability that is documented by CVE-2023-36884 that was issued in July 2023?

Yes, this defense in depth update is not a vulnerability, but installing this update stops the attack chain leading to the Windows Search security feature bypass vulnerability (CVE-2023-36884). Microsoft recommends installing the Office updates discussed in this advisory as well as installing the Windows updates from August 2023.

Information published.

Issuing CNA: Microsoft

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

An authenticated attacker who successfully exploited this vulnerability could read specific Group Policy configuration settings.

Information published.

Issuing CNA: Microsoft

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

Information published.

Issuing CNA: Microsoft