This report contains detail for the following vulnerabilities:
CVE Issued by | Tag | CVE ID | CVE Title |
---|---|---|---|
Microsoft | .NET and Visual Studio | CVE-2023-36794 | Visual Studio Remote Code Execution Vulnerability |
Microsoft | .NET and Visual Studio | CVE-2023-36796 | Visual Studio Remote Code Execution Vulnerability |
Microsoft | .NET and Visual Studio | CVE-2023-36792 | Visual Studio Remote Code Execution Vulnerability |
Microsoft | .NET and Visual Studio | CVE-2023-36793 | Visual Studio Remote Code Execution Vulnerability |
Microsoft | .NET Core & Visual Studio | CVE-2023-36799 | .NET Core and Visual Studio Denial of Service Vulnerability |
Microsoft | .NET Framework | CVE-2023-36788 | .NET Framework Remote Code Execution Vulnerability |
Microsoft | 3D Builder | CVE-2023-36772 | 3D Builder Remote Code Execution Vulnerability |
Microsoft | 3D Builder | CVE-2023-36771 | 3D Builder Remote Code Execution Vulnerability |
Microsoft | 3D Builder | CVE-2023-36770 | 3D Builder Remote Code Execution Vulnerability |
Microsoft | 3D Builder | CVE-2023-36773 | 3D Builder Remote Code Execution Vulnerability |
Autodesk | 3D Viewer | CVE-2022-41303 | AutoDesk: CVE-2022-41303 use-after-free vulnerability in Autodesk® FBX® SDK 2020 or prior |
Microsoft | 3D Viewer | CVE-2023-36760 | 3D Viewer Remote Code Execution Vulnerability |
Microsoft | 3D Viewer | CVE-2023-36740 | 3D Viewer Remote Code Execution Vulnerability |
Microsoft | 3D Viewer | CVE-2023-36739 | 3D Viewer Remote Code Execution Vulnerability |
Microsoft | Azure DevOps | CVE-2023-33136 | Azure DevOps Server Remote Code Execution Vulnerability |
Microsoft | Azure DevOps | CVE-2023-38155 | Azure DevOps Server Remote Code Execution Vulnerability |
Microsoft | Azure HDInsights | CVE-2023-38156 | Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability |
Microsoft | Microsoft Azure Kubernetes Service | CVE-2023-29332 | Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability |
Microsoft | Microsoft Dynamics | CVE-2023-38164 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
Microsoft | Microsoft Dynamics | CVE-2023-36886 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
Microsoft | Microsoft Dynamics Finance & Operations | CVE-2023-36800 | Dynamics Finance and Operations Cross-site Scripting Vulnerability |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4863 | Chromium: CVE-2023-4863 Heap buffer overflow in WebP |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4763 | Chromium: CVE-2023-4763 Use after free in Networks |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4761 | Chromium: CVE-2023-4761 Out of bounds memory access in FedCM |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4764 | Chromium: CVE-2023-4764 Incorrect security UI in BFCache |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4762 | Chromium: CVE-2023-4762 Type Confusion in V8 |
Microsoft | Microsoft Exchange Server | CVE-2023-36744 | Microsoft Exchange Server Remote Code Execution Vulnerability |
Microsoft | Microsoft Exchange Server | CVE-2023-36756 | Microsoft Exchange Server Remote Code Execution Vulnerability |
Microsoft | Microsoft Exchange Server | CVE-2023-36745 | Microsoft Exchange Server Remote Code Execution Vulnerability |
Microsoft | Microsoft Exchange Server | CVE-2023-36777 | Microsoft Exchange Server Information Disclosure Vulnerability |
Microsoft | Microsoft Exchange Server | CVE-2023-36757 | Microsoft Exchange Server Spoofing Vulnerability |
Microsoft | Microsoft Identity Linux Broker | CVE-2023-36736 | Microsoft Identity Linux Broker Remote Code Execution Vulnerability |
Microsoft | Microsoft Office | CVE-2023-36767 | Microsoft Office Security Feature Bypass Vulnerability |
Microsoft | Microsoft Office | CVE-2023-36765 | Microsoft Office Elevation of Privilege Vulnerability |
Microsoft | Microsoft Office | CVE-2023-41764 | Microsoft Office Spoofing Vulnerability |
Microsoft | Microsoft Office Excel | CVE-2023-36766 | Microsoft Excel Information Disclosure Vulnerability |
Microsoft | Microsoft Office Outlook | CVE-2023-36763 | Microsoft Outlook Information Disclosure Vulnerability |
Microsoft | Microsoft Office SharePoint | CVE-2023-36764 | Microsoft SharePoint Server Elevation of Privilege Vulnerability |
Microsoft | Microsoft Office Word | CVE-2023-36761 | Microsoft Word Information Disclosure Vulnerability |
Microsoft | Microsoft Office Word | CVE-2023-36762 | Microsoft Word Remote Code Execution Vulnerability |
Microsoft | Microsoft Streaming Service | CVE-2023-36802 | Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability |
Microsoft | Microsoft Windows Codecs Library | CVE-2023-38147 | Windows Miracast Wireless Display Remote Code Execution Vulnerability |
Microsoft | Visual Studio | CVE-2023-36758 | Visual Studio Elevation of Privilege Vulnerability |
Microsoft | Visual Studio | CVE-2023-36759 | Visual Studio Elevation of Privilege Vulnerability |
Microsoft | Visual Studio Code | CVE-2023-36742 | Visual Studio Code Remote Code Execution Vulnerability |
Electron | Visual Studio Code | CVE-2023-39956 | Electron: CVE-2023-39956 -Visual Studio Code Remote Code Execution Vulnerability |
Microsoft | Windows Cloud Files Mini Filter Driver | CVE-2023-35355 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
Microsoft | Windows Common Log File System Driver | CVE-2023-38143 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Microsoft | Windows Common Log File System Driver | CVE-2023-38144 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Microsoft | Windows Defender | CVE-2023-38163 | Windows Defender Attack Surface Reduction Security Feature Bypass |
Microsoft | Windows DHCP Server | CVE-2023-38152 | DHCP Server Service Information Disclosure Vulnerability |
Microsoft | Windows DHCP Server | CVE-2023-38162 | DHCP Server Service Denial of Service Vulnerability |
Microsoft | Windows DHCP Server | CVE-2023-36801 | DHCP Server Service Information Disclosure Vulnerability |
Microsoft | Windows GDI | CVE-2023-36804 | Windows GDI Elevation of Privilege Vulnerability |
Microsoft | Windows GDI | CVE-2023-38161 | Windows GDI Elevation of Privilege Vulnerability |
Microsoft | Windows Internet Connection Sharing (ICS) | CVE-2023-38148 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability |
Microsoft | Windows Kernel | CVE-2023-38141 | Windows Kernel Elevation of Privilege Vulnerability |
Microsoft | Windows Kernel | CVE-2023-38142 | Windows Kernel Elevation of Privilege Vulnerability |
Microsoft | Windows Kernel | CVE-2023-38139 | Windows Kernel Elevation of Privilege Vulnerability |
Microsoft | Windows Kernel | CVE-2023-38140 | Windows Kernel Information Disclosure Vulnerability |
Microsoft | Windows Kernel | CVE-2023-38150 | Windows Kernel Elevation of Privilege Vulnerability |
Microsoft | Windows Kernel | CVE-2023-36803 | Windows Kernel Information Disclosure Vulnerability |
Microsoft | Windows Scripting | CVE-2023-36805 | Windows MSHTML Platform Security Feature Bypass Vulnerability |
Microsoft | Windows TCP/IP | CVE-2023-38160 | Windows TCP/IP Information Disclosure Vulnerability |
Microsoft | Windows TCP/IP | CVE-2023-38149 | Windows TCP/IP Denial of Service Vulnerability |
Microsoft | Windows Themes | CVE-2023-38146 | Windows Themes Remote Code Execution Vulnerability |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2023-4761
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2023-4761 Out of bounds memory access in FedCM
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    07-Sep-23     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-4761 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
116.0.1938.76 | No | None |
CVE ID | Acknowledgements |
CVE-2023-4761 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2023-4762
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2023-4762 Type Confusion in V8
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    07-Sep-23     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-4762 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
116.0.1938.76 | No | None |
CVE ID | Acknowledgements |
CVE-2023-4762 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2023-4763
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2023-4763 Use after free in Networks
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    07-Sep-23     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-4763 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
116.0.1938.76 | No | None |
CVE ID | Acknowledgements |
CVE-2023-4763 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2023-4764
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2023-4764 Incorrect security UI in BFCache
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    07-Sep-23     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-4764 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
116.0.1938.76 | No | None |
CVE ID | Acknowledgements |
CVE-2023-4764 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-35355
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    12-Sep-23     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-35355 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 22H2 for 32-bit Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for x64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 11 version 21H2 for ARM64-based Systems | 5030217 (Security Update) | Important | Elevation of Privilege | 5029253 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5030217 (Security Update) | Important | Elevation of Privilege | 5029253 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5030219 (Security Update) | Important | Elevation of Privilege | 5029263 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5030219 (Security Update) | Important | Elevation of Privilege | 5029263 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows Server 2019 | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2019 (Server Core installation) | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2022 | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Elevation of Privilege | 5029250 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
Windows Server 2022 (Server Core installation) | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Elevation of Privilege | 5029250 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
CVE ID | Acknowledgements |
CVE-2023-35355 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-38162
MITRE NVD Issuing CNA: Microsoft |
CVE Title: DHCP Server Service Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: The following mitigating factors might be helpful in your situation: Customers who have not configured their DHCP server as a failover are not affected by this vulnerability. Workarounds: None Revision: 1.0    12-Sep-23     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-38162 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2012 | 5030278 (Monthly Rollup) 5030279 (Security Only) |
Important | Denial of Service | 5029295 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24462 | Yes | None |
Windows Server 2012 (Server Core installation) | 5030278 (Monthly Rollup) 5030279 (Security Only) |
Important | Denial of Service | 5029295 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24462 | Yes | None |
Windows Server 2012 R2 | 5030269 (Monthly Rollup) 5030287 (Security Only) |
Important | Denial of Service | 5029312 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21563 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5030269 (Monthly Rollup) 5030287 (Security Only) |
Important | Denial of Service | 5029312 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21563 | Yes | None |
Windows Server 2016 | 5030213 (Security Update) | Important | Denial of Service | 5029242 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2016 (Server Core installation) | 5030213 (Security Update) | Important | Denial of Service | 5029242 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2019 | 5030214 (Security Update) | Important | Denial of Service | 5029247 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2019 (Server Core installation) | 5030214 (Security Update) | Important | Denial of Service | 5029247 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2022 | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Denial of Service | 5029250 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
Windows Server 2022 (Server Core installation) | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Denial of Service | 5029250 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
CVE ID | Acknowledgements |
CVE-2023-38162 | LIU An, WANG Zimeng State Grid Information & Telecommunication Co.,Ltd. |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-38161
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows GDI Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    12-Sep-23     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-38161 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5030220 (Security Update) | Important | Elevation of Privilege | 5029259 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20162 | Yes | None |
Windows 10 for x64-based Systems | 5030220 (Security Update) | Important | Elevation of Privilege | 5029259 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20162 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 22H2 for 32-bit Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for x64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 11 version 21H2 for ARM64-based Systems | 5030217 (Security Update) | Important | Elevation of Privilege | 5029253 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5030217 (Security Update) | Important | Elevation of Privilege | 5029253 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5030219 (Security Update) | Important | Elevation of Privilege | 5029263 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5030219 (Security Update) | Important | Elevation of Privilege | 5029263 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 |
Yes | 5030271 5030286 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 |
Yes | 5030271 5030286 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 6.0.6003.22262 |
Yes | 5030271 5030286 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 6.0.6003.22262 |
Yes | 5030271 5030286 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5030265 (Monthly Rollup) 5030261 (Security Only) |
Important | Elevation of Privilege | 5029296 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26713 |
Yes | 5030265 5030261 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5030265 (Monthly Rollup) 5030261 (Security Only) |
Important | Elevation of Privilege | 5029296 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26713 |
Yes | 5030265 5030261 |
Windows Server 2012 | 5030278 (Monthly Rollup) 5030279 (Security Only) |
Important | Elevation of Privilege | 5029295 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24462 | Yes | None |
Windows Server 2012 (Server Core installation) | 5030278 (Monthly Rollup) 5030279 (Security Only) |
Important | Elevation of Privilege | 5029295 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24462 | Yes | None |
Windows Server 2012 R2 | 5030269 (Monthly Rollup) 5030287 (Security Only) |
Important | Elevation of Privilege | 5029312 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21563 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5030269 (Monthly Rollup) 5030287 (Security Only) |
Important | Elevation of Privilege | 5029312 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21563 | Yes | None |
Windows Server 2016 | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2016 (Server Core installation) | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2019 | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2019 (Server Core installation) | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2022 | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Elevation of Privilege | 5029250 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
Windows Server 2022 (Server Core installation) | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Elevation of Privilege | 5029250 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
CVE ID | Acknowledgements |
CVE-2023-38161 | Marcin Wiazowski working with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-38156
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.2/TemporalScore:6.3
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain domain administrator privileges. How could an attacker exploit this vulnerability? An authenticated attacker with access to the target HDI cluster could send a specially crafted network request to create and assign themselves as a Cluster Administrator. Cluster Administrators can read/write/delete and perform all resource service management operations. Mitigations: None Workarounds: None Revision: 1.0    12-Sep-23     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-38156 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure HDInsights | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
2308221128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2023-38156 | Lidor B. with Orca Security |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-38152
MITRE NVD Issuing CNA: Microsoft |
CVE Title: DHCP Server Service Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.3/TemporalScore:4.6
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. While the attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability). Mitigations: The following mitigating factors might be helpful in your situation: Customers who have not installed the DHCP Server Role to their server are not affected by this vulnerability. Workarounds: None Revision: 1.0    12-Sep-23     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-38152 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Information Disclosure | 5029318 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22264 |
Yes | 5030271 5030286 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Information Disclosure | 5029318 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22264 |
Yes | 5030271 5030286 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Information Disclosure | 5029318 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22264 6.0.6003.22262 |
Yes | 5030271 5030286 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Information Disclosure | 5029318 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22264 6.0.6003.22262 |
Yes | 5030271 5030286 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5030265 (Monthly Rollup) 5030261 (Security Only) |
Important | Information Disclosure | 5029296 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26713 |
Yes | 5030265 5030261 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5030265 (Monthly Rollup) 5030261 (Security Only) |
Important | Information Disclosure | 5029296 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26713 |
Yes | 5030265 5030261 |
Windows Server 2012 | 5030278 (Monthly Rollup) 5030279 (Security Only) |
Important | Information Disclosure | 5029295 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24462 | Yes | None |
Windows Server 2012 (Server Core installation) | 5030278 (Monthly Rollup) 5030279 (Security Only) |
Important | Information Disclosure | 5029295 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24462 | Yes | None |
Windows Server 2012 R2 | 5030269 (Monthly Rollup) 5030287 (Security Only) |
Important | Information Disclosure | 5029312 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21563 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5030269 (Monthly Rollup) 5030287 (Security Only) |
Important | Information Disclosure | 5029312 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21563 | Yes | None |
Windows Server 2016 | 5030213 (Security Update) | Important | Information Disclosure | 5029242 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2016 (Server Core installation) | 5030213 (Security Update) | Important | Information Disclosure | 5029242 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2019 | 5030214 (Security Update) | Important | Information Disclosure | 5029247 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2019 (Server Core installation) | 5030214 (Security Update) | Important | Information Disclosure | 5029247 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2022 | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Information Disclosure | 5029250 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
Windows Server 2022 (Server Core installation) | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Information Disclosure | 5029250 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
CVE ID | Acknowledgements |
CVE-2023-38152 | YanZiShuang@BigCJTeam of cyberkl |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-38150
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.0
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    12-Sep-23     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-38150 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 11 version 21H2 for ARM64-based Systems | 5030217 (Security Update) | Important | Elevation of Privilege | 5029253 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5030217 (Security Update) | Important | Elevation of Privilege | 5029253 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5030219 (Security Update) | Important | Elevation of Privilege | 5029263 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5030219 (Security Update) | Important | Elevation of Privilege | 5029263 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
CVE ID | Acknowledgements |
CVE-2023-38150 | ziming zhang with Ant Security Light-Year Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-38149
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows TCP/IP Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:
Workarounds: The following workaround may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as they become available even if you plan to leave this workaround in place: Disable router discovery on IPv6 interface. You can disable router discovery on the IPv6 interface to prevent attackers from exploiting the vulnerability, with the following PowerShell command:
You can disable router discovery on the IPv6 interface to prevent attackers from exploiting the vulnerability, with the following Network Shell (netsh) command:
Please refer to the workaround section of this security bulletin for more information: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-006 Note: No reboot is needed after making the change. Revision: 1.0    12-Sep-23     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-38149 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5030220 (Security Update) | Important | Denial of Service | 5029259 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20162 | Yes | None |
Windows 10 for x64-based Systems | 5030220 (Security Update) | Important | Denial of Service | 5029259 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20162 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5030213 (Security Update) | Important | Denial of Service | 5029242 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5030213 (Security Update) | Important | Denial of Service | 5029242 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5030214 (Security Update) | Important | Denial of Service | 5029247 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5030214 (Security Update) | Important | Denial of Service | 5029247 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5030214 (Security Update) | Important | Denial of Service | 5029247 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5030211 (Security Update) | Important | Denial of Service | 5029244 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Denial of Service | 5029244 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5030211 (Security Update) | Important | Denial of Service | 5029244 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 22H2 for 32-bit Systems | 5030211 (Security Update) | Important | Denial of Service | 5029244 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Denial of Service | 5029244 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for x64-based Systems | 5030211 (Security Update) | Important | Denial of Service | 5029244 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 11 version 21H2 for ARM64-based Systems | 5030217 (Security Update) | Important | Denial of Service | 5029253 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5030217 (Security Update) | Important | Denial of Service | 5029253 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5030219 (Security Update) | Important | Denial of Service | 5029263 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5030219 (Security Update) | Important | Denial of Service | 5029263 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5030265 (Monthly Rollup) 5030261 (Security Only) |
Important | Denial of Service | 5029296 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26713 |
Yes | 5030265 5030261 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5030265 (Monthly Rollup) 5030261 (Security Only) |
Important | Denial of Service | 5029296 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26713 |
Yes | 5030265 5030261 |
Windows Server 2012 | 5030278 (Monthly Rollup) 5030279 (Security Only) |
Important | Denial of Service | 5029295 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24462 | Yes | None |
Windows Server 2012 (Server Core installation) | 5030278 (Monthly Rollup) 5030279 (Security Only) |
Important | Denial of Service | 5029295 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24462 | Yes | None |
Windows Server 2012 R2 | 5030269 (Monthly Rollup) 5030287 (Security Only) |
Important | Denial of Service | 5029312 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21563 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5030269 (Monthly Rollup) 5030287 (Security Only) |
Important | Denial of Service | 5029312 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21563 | Yes | None |
Windows Server 2016 | 5030213 (Security Update) | Important | Denial of Service | 5029242 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2016 (Server Core installation) | 5030213 (Security Update) | Important | Denial of Service | 5029242 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2019 | 5030214 (Security Update) | Important | Denial of Service | 5029247 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2019 (Server Core installation) | 5030214 (Security Update) | Important | Denial of Service | 5029247 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2022 | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Denial of Service | 5029250 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
Windows Server 2022 (Server Core installation) | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Denial of Service | 5029250 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
CVE ID | Acknowledgements |
CVE-2023-38149 | Wei in Kunlun Lab with Cyber KunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-38148
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability? This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network. How could an attacker exploit this vulnerability? An unauthorized attacker could exploit this Internet Connection Sharing (ICS) vulnerability by sending a specially crafted network packet to the Internet Connection Sharing (ICS) Service. Mitigations: The following mitigating factors might be helpful in your situation: Exploitation of this vulnerability requires that the Internet Connection Sharing (ICS) is enabled. Workarounds: None Revision: 1.0    12-Sep-23     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-38148 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 21H2 for 32-bit Systems | 5030211 (Security Update) | Critical | Remote Code Execution | 5029244 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for ARM64-based Systems | 5030211 (Security Update) | Critical | Remote Code Execution | 5029244 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5030211 (Security Update) | Critical | Remote Code Execution | 5029244 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 22H2 for 32-bit Systems | 5030211 (Security Update) | Critical | Remote Code Execution | 5029244 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for ARM64-based Systems | 5030211 (Security Update) | Critical | Remote Code Execution | 5029244 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for x64-based Systems | 5030211 (Security Update) | Critical | Remote Code Execution | 5029244 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 11 version 21H2 for ARM64-based Systems | 5030217 (Security Update) | Critical | Remote Code Execution | 5029253 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5030217 (Security Update) | Critical | Remote Code Execution | 5029253 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5030219 (Security Update) | Critical | Remote Code Execution | 5029263 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5030219 (Security Update) | Critical | Remote Code Execution | 5029263 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows Server 2022 | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Critical | Remote Code Execution | 5029250 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
Windows Server 2022 (Server Core installation) | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Critical | Remote Code Execution | 5029250 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
CVE ID | Acknowledgements |
CVE-2023-38148 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-38147
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Miracast Wireless Display Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system in order to send and receive radio transmissions. How could an attacker exploit this vulnerability? An unauthenticated attacker could project to a vulnerable system on the same wireless network that was configured to allow "Projecting to this PC" and marked as "Available Everywhere". This is not a default configuration. Mitigations: None Workarounds: None Revision: 1.0    12-Sep-23     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-38147 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5030220 (Security Update) | Important | Remote Code Execution | 5029259 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20162 | Yes | None |
Windows 10 for x64-based Systems | 5030220 (Security Update) | Important | Remote Code Execution | 5029259 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20162 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5030213 (Security Update) | Important | Remote Code Execution | 5029242 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5030213 (Security Update) | Important | Remote Code Execution | 5029242 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5030214 (Security Update) | Important | Remote Code Execution | 5029247 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5030214 (Security Update) | Important | Remote Code Execution | 5029247 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5030214 (Security Update) | Important | Remote Code Execution | 5029247 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5030211 (Security Update) | Important | Remote Code Execution | 5029244 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Remote Code Execution | 5029244 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5030211 (Security Update) | Important | Remote Code Execution | 5029244 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 22H2 for 32-bit Systems | 5030211 (Security Update) | Important | Remote Code Execution | 5029244 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Remote Code Execution | 5029244 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for x64-based Systems | 5030211 (Security Update) | Important | Remote Code Execution | 5029244 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 11 version 21H2 for ARM64-based Systems | 5030217 (Security Update) | Important | Remote Code Execution | 5029253 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5030217 (Security Update) | Important | Remote Code Execution | 5029253 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5030219 (Security Update) | Important | Remote Code Execution | 5029263 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5030219 (Security Update) | Important | Remote Code Execution | 5029263 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows Server 2016 | 5030213 (Security Update) | Important | Remote Code Execution | 5029242 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2016 (Server Core installation) | 5030213 (Security Update) | Important | Remote Code Execution | 5029242 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2019 | 5030214 (Security Update) | Important | Remote Code Execution | 5029247 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2019 (Server Core installation) | 5030214 (Security Update) | Important | Remote Code Execution | 5029247 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2022 | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Remote Code Execution | 5029250 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
Windows Server 2022 (Server Core installation) | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Remote Code Execution | 5029250 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
CVE ID | Acknowledgements |
CVE-2023-38147 | wkai with Codesafe Team of Legendsec at QI-ANXIN Group |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-38146
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Themes Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker would need to convince a targeted user to load a Windows Themes file on a vulnerable system with access to an attacker-controlled SMB share. Mitigations: None Workarounds: None Revision: 1.0    12-Sep-23     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-38146 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 11 version 21H2 for ARM64-based Systems | 5030217 (Security Update) | Important | Remote Code Execution | 5029253 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5030217 (Security Update) | Important | Remote Code Execution | 5029253 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5030219 (Security Update) | Important | Remote Code Execution | 5029263 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5030219 (Security Update) | Important | Remote Code Execution | 5029263 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
CVE ID | Acknowledgements |
CVE-2023-38146 | Gabe Kirkpatrick Thijs Alkemade, Khaled Nassar, and Daan Keuper with Computest Sector 7 |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-38144
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    12-Sep-23     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-38144 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5030220 (Security Update) | Important | Elevation of Privilege | 5029259 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20162 | Yes | None |
Windows 10 for x64-based Systems | 5030220 (Security Update) | Important | Elevation of Privilege | 5029259 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20162 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 22H2 for 32-bit Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for x64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 11 version 21H2 for ARM64-based Systems | 5030217 (Security Update) | Important | Elevation of Privilege | 5029253 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5030217 (Security Update) | Important | Elevation of Privilege | 5029253 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5030219 (Security Update) | Important | Elevation of Privilege | 5029263 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5030219 (Security Update) | Important | Elevation of Privilege | 5029263 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 |
Yes | 5030271 5030286 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 |
Yes | 5030271 5030286 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 6.0.6003.22262 |
Yes | 5030271 5030286 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 6.0.6003.22262 |
Yes | 5030271 5030286 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5030265 (Monthly Rollup) 5030261 (Security Only) |
Important | Elevation of Privilege | 5029296 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26713 |
Yes | 5030265 5030261 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5030265 (Monthly Rollup) 5030261 (Security Only) |
Important | Elevation of Privilege | 5029296 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26713 |
Yes | 5030265 5030261 |
Windows Server 2012 | 5030278 (Monthly Rollup) 5030279 (Security Only) |
Important | Elevation of Privilege | 5029295 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24462 | Yes | None |
Windows Server 2012 (Server Core installation) | 5030278 (Monthly Rollup) 5030279 (Security Only) |
Important | Elevation of Privilege | 5029295 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24462 | Yes | None |
Windows Server 2012 R2 | 5030269 (Monthly Rollup) 5030287 (Security Only) |
Important | Elevation of Privilege | 5029312 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21563 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5030269 (Monthly Rollup) 5030287 (Security Only) |
Important | Elevation of Privilege | 5029312 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21563 | Yes | None |
Windows Server 2016 | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2016 (Server Core installation) | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2019 | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2019 (Server Core installation) | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2022 | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Elevation of Privilege | 5029250 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
Windows Server 2022 (Server Core installation) | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Elevation of Privilege | 5029250 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
CVE ID | Acknowledgements |
CVE-2023-38144 | Anonymous working with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-38143
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. Mitigations: None Workarounds: None Revision: 1.0    12-Sep-23     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-38143 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5030220 (Security Update) | Important | Elevation of Privilege | 5029259 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20162 | Yes | None |
Windows 10 for x64-based Systems | 5030220 (Security Update) | Important | Elevation of Privilege | 5029259 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20162 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 22H2 for 32-bit Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for x64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 11 version 21H2 for ARM64-based Systems | 5030217 (Security Update) | Important | Elevation of Privilege | 5029253 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5030217 (Security Update) | Important | Elevation of Privilege | 5029253 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5030219 (Security Update) | Important | Elevation of Privilege | 5029263 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5030219 (Security Update) | Important | Elevation of Privilege | 5029263 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 |
Yes | 5030271 5030286 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 |
Yes | 5030271 5030286 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 6.0.6003.22262 |
Yes | 5030271 5030286 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 6.0.6003.22262 |
Yes | 5030271 5030286 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5030265 (Monthly Rollup) 5030261 (Security Only) |
Important | Elevation of Privilege | 5029296 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26713 |
Yes | 5030265 5030261 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5030265 (Monthly Rollup) 5030261 (Security Only) |
Important | Elevation of Privilege | 5029296 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26713 |
Yes | 5030265 5030261 |
Windows Server 2012 | 5030278 (Monthly Rollup) 5030279 (Security Only) |
Important | Elevation of Privilege | 5029295 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24462 | Yes | None |
Windows Server 2012 (Server Core installation) | 5030278 (Monthly Rollup) 5030279 (Security Only) |
Important | Elevation of Privilege | 5029295 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24462 | Yes | None |
Windows Server 2012 R2 | 5030269 (Monthly Rollup) 5030287 (Security Only) |
Important | Elevation of Privilege | 5029312 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21563 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5030269 (Monthly Rollup) 5030287 (Security Only) |
Important | Elevation of Privilege | 5029312 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21563 | Yes | None |
Windows Server 2016 | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2016 (Server Core installation) | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2019 | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2019 (Server Core installation) | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2022 | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Elevation of Privilege | 5029250 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
Windows Server 2022 (Server Core installation) | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Elevation of Privilege | 5029250 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
CVE ID | Acknowledgements |
CVE-2023-38143 | Anonymous Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-38142
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    12-Sep-23     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-38142 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5030220 (Security Update) | Important | Elevation of Privilege | 5029259 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20162 | Yes | None |
Windows 10 for x64-based Systems | 5030220 (Security Update) | Important | Elevation of Privilege | 5029259 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20162 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 22H2 for 32-bit Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for x64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 11 version 21H2 for ARM64-based Systems | 5030217 (Security Update) | Important | Elevation of Privilege | 5029253 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5030217 (Security Update) | Important | Elevation of Privilege | 5029253 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5030219 (Security Update) | Important | Elevation of Privilege | 5029263 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5030219 (Security Update) | Important | Elevation of Privilege | 5029263 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 |
Yes | 5030271 5030286 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 |
Yes | 5030271 5030286 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 6.0.6003.22262 |
Yes | 5030271 5030286 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 6.0.6003.22262 |
Yes | 5030271 5030286 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5030265 (Monthly Rollup) 5030261 (Security Only) |
Important | Elevation of Privilege | 5029296 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26713 |
Yes | 5030265 5030261 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5030265 (Monthly Rollup) 5030261 (Security Only) |
Important | Elevation of Privilege | 5029296 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26713 |
Yes | 5030265 5030261 |
Windows Server 2012 | 5030278 (Monthly Rollup) 5030279 (Security Only) |
Important | Elevation of Privilege | 5029295 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24462 | Yes | None |
Windows Server 2012 (Server Core installation) | 5030278 (Monthly Rollup) 5030279 (Security Only) |
Important | Elevation of Privilege | 5029295 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24462 | Yes | None |
Windows Server 2012 R2 | 5030269 (Monthly Rollup) 5030287 (Security Only) |
Important | Elevation of Privilege | 5029312 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21563 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5030269 (Monthly Rollup) 5030287 (Security Only) |
Important | Elevation of Privilege | 5029312 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21563 | Yes | None |
Windows Server 2016 | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2016 (Server Core installation) | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2019 | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2019 (Server Core installation) | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2022 | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Elevation of Privilege | 5029250 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
Windows Server 2022 (Server Core installation) | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Elevation of Privilege | 5029250 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
CVE ID | Acknowledgements |
CVE-2023-38142 | Zhang WangJunJie, He YiSheng, Li WenYue with Hillstone Network Security Research Institute |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-38141
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    12-Sep-23     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-38141 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5030220 (Security Update) | Important | Elevation of Privilege | 5029259 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20162 | Yes | None |
Windows 10 for x64-based Systems | 5030220 (Security Update) | Important | Elevation of Privilege | 5029259 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20162 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 22H2 for 32-bit Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for x64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 11 version 21H2 for ARM64-based Systems | 5030217 (Security Update) | Important | Elevation of Privilege | 5029253 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5030217 (Security Update) | Important | Elevation of Privilege | 5029253 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5030219 (Security Update) | Important | Elevation of Privilege | 5029263 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5030219 (Security Update) | Important | Elevation of Privilege | 5029263 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 |
Yes | 5030271 5030286 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 |
Yes | 5030271 5030286 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 6.0.6003.22262 |
Yes | 5030271 5030286 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 6.0.6003.22262 |
Yes | 5030271 5030286 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5030265 (Monthly Rollup) 5030261 (Security Only) |
Important | Elevation of Privilege | 5029296 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26713 |
Yes | 5030265 5030261 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5030265 (Monthly Rollup) 5030261 (Security Only) |
Important | Elevation of Privilege | 5029296 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26713 |
Yes | 5030265 5030261 |
Windows Server 2012 | 5030278 (Monthly Rollup) 5030279 (Security Only) |
Important | Elevation of Privilege | 5029295 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24462 | Yes | None |
Windows Server 2012 (Server Core installation) | 5030278 (Monthly Rollup) 5030279 (Security Only) |
Important | Elevation of Privilege | 5029295 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24462 | Yes | None |
Windows Server 2012 R2 | 5030269 (Monthly Rollup) 5030287 (Security Only) |
Important | Elevation of Privilege | 5029312 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21563 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5030269 (Monthly Rollup) 5030287 (Security Only) |
Important | Elevation of Privilege | 5029312 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21563 | Yes | None |
Windows Server 2016 | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2016 (Server Core installation) | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2019 | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2019 (Server Core installation) | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2022 | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Elevation of Privilege | 5029250 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
Windows Server 2022 (Server Core installation) | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Elevation of Privilege | 5029250 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
CVE ID | Acknowledgements |
CVE-2023-38141 | Mateusz Jurczyk of Google Project Zero |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-38140
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. Mitigations: None Workarounds: None Revision: 1.0    12-Sep-23     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-38140 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1607 for 32-bit Systems | 5030213 (Security Update) | Important | Information Disclosure | 5029242 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5030213 (Security Update) | Important | Information Disclosure | 5029242 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5030214 (Security Update) | Important | Information Disclosure | 5029247 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5030214 (Security Update) | Important | Information Disclosure | 5029247 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5030214 (Security Update) | Important | Information Disclosure | 5029247 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5030211 (Security Update) | Important | Information Disclosure | 5029244 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Information Disclosure | 5029244 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5030211 (Security Update) | Important | Information Disclosure | 5029244 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 22H2 for 32-bit Systems | 5030211 (Security Update) | Important | Information Disclosure | 5029244 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Information Disclosure | 5029244 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for x64-based Systems | 5030211 (Security Update) | Important | Information Disclosure | 5029244 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 11 version 21H2 for ARM64-based Systems | 5030217 (Security Update) | Important | Information Disclosure | 5029253 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5030217 (Security Update) | Important | Information Disclosure | 5029253 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows Server 2016 | 5030213 (Security Update) | Important | Information Disclosure | 5029242 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2016 (Server Core installation) | 5030213 (Security Update) | Important | Information Disclosure | 5029242 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2019 | 5030214 (Security Update) | Important | Information Disclosure | 5029247 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2019 (Server Core installation) | 5030214 (Security Update) | Important | Information Disclosure | 5029247 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2022 | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Information Disclosure | 5029250 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
Windows Server 2022 (Server Core installation) | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Information Disclosure | 5029250 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
CVE ID | Acknowledgements |
CVE-2023-38140 | Mateusz Jurczyk of Google Project Zero |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-38139
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    12-Sep-23     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-38139 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5030220 (Security Update) | Important | Elevation of Privilege | 5029259 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20162 | Yes | None |
Windows 10 for x64-based Systems | 5030220 (Security Update) | Important | Elevation of Privilege | 5029259 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20162 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 22H2 for 32-bit Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for x64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 11 version 21H2 for ARM64-based Systems | 5030217 (Security Update) | Important | Elevation of Privilege | 5029253 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5030217 (Security Update) | Important | Elevation of Privilege | 5029253 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5030219 (Security Update) | Important | Elevation of Privilege | 5029263 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5030219 (Security Update) | Important | Elevation of Privilege | 5029263 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 |
Yes | 5030271 5030286 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 |
Yes | 5030271 5030286 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 6.0.6003.22262 |
Yes | 5030271 5030286 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 6.0.6003.22262 |
Yes | 5030271 5030286 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5030265 (Monthly Rollup) 5030261 (Security Only) |
Important | Elevation of Privilege | 5029296 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26713 |
Yes | 5030265 5030261 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5030265 (Monthly Rollup) 5030261 (Security Only) |
Important | Elevation of Privilege | 5029296 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26713 |
Yes | 5030265 5030261 |
Windows Server 2012 | 5030278 (Monthly Rollup) 5030279 (Security Only) |
Important | Elevation of Privilege | 5029295 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24462 | Yes | None |
Windows Server 2012 (Server Core installation) | 5030278 (Monthly Rollup) 5030279 (Security Only) |
Important | Elevation of Privilege | 5029295 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24462 | Yes | None |
Windows Server 2012 R2 | 5030269 (Monthly Rollup) 5030287 (Security Only) |
Important | Elevation of Privilege | 5029312 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21563 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5030269 (Monthly Rollup) 5030287 (Security Only) |
Important | Elevation of Privilege | 5029312 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21563 | Yes | None |
Windows Server 2016 | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2016 (Server Core installation) | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2019 | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2019 (Server Core installation) | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2022 | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Elevation of Privilege | 5029250 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
Windows Server 2022 (Server Core installation) | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Elevation of Privilege | 5029250 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
CVE ID | Acknowledgements |
CVE-2023-38139 | Mateusz Jurczyk of Google Project Zero |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-36805
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows MSHTML Platform Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows except Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012. Why are IE Cumulative updates listed for Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could maintain high privileges, which include read, write, and delete functionality. Mitigations: None Workarounds: None Revision: 1.0    12-Sep-23     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-36805 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5030220 (Security Update) | Important | Security Feature Bypass | 5029259 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20162 | Yes | None |
Windows 10 for x64-based Systems | 5030220 (Security Update) | Important | Security Feature Bypass | 5029259 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20162 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5030213 (Security Update) | Important | Security Feature Bypass | 5029242 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5030213 (Security Update) | Important | Security Feature Bypass | 5029242 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5030214 (Security Update) | Important | Security Feature Bypass | 5029247 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5030214 (Security Update) | Important | Security Feature Bypass | 5029247 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5030214 (Security Update) | Important | Security Feature Bypass | 5029247 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5030211 (Security Update) | Important | Security Feature Bypass | 5029244 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Security Feature Bypass | 5029244 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5030211 (Security Update) | Important | Security Feature Bypass | 5029244 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 22H2 for 32-bit Systems | 5030211 (Security Update) | Important | Security Feature Bypass | 5029244 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Security Feature Bypass | 5029244 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for x64-based Systems | 5030211 (Security Update) | Important | Security Feature Bypass | 5029244 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 11 version 21H2 for ARM64-based Systems | 5030217 (Security Update) | Important | Security Feature Bypass | 5029253 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5030217 (Security Update) | Important | Security Feature Bypass | 5029253 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5030219 (Security Update) | Important | Security Feature Bypass | 5029263 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5030219 (Security Update) | Important | Security Feature Bypass | 5029263 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows Server 2012 R2 | 5030269 (Monthly Rollup) 5030287 (Security Only) 5030209 (IE Cumulative) |
Important | Security Feature Bypass | 5029312 5029243 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21563 1.001 |
Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5030269 (Monthly Rollup) 5030287 (Security Only) 5030209 (IE Cumulative) |
Important | Security Feature Bypass | 5029312 5029243 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21563 1.001 |
Yes | None |
Windows Server 2016 | 5030213 (Security Update) | Important | Security Feature Bypass | 5029242 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2016 (Server Core installation) | 5030213 (Security Update) | Important | Security Feature Bypass | 5029242 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2019 | 5030214 (Security Update) | Important | Security Feature Bypass | 5029247 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2019 (Server Core installation) | 5030214 (Security Update) | Important | Security Feature Bypass | 5029247 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2022 | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Security Feature Bypass | 5029250 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
Windows Server 2022 (Server Core installation) | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Security Feature Bypass | 5029250 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
CVE ID | Acknowledgements |
CVE-2023-36805 | Eduardo Braun Prado working with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-36804
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows GDI Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    12-Sep-23     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-36804 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5030220 (Security Update) | Important | Elevation of Privilege | 5029259 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20162 | Yes | None |
Windows 10 for x64-based Systems | 5030220 (Security Update) | Important | Elevation of Privilege | 5029259 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20162 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 22H2 for 32-bit Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for x64-based Systems | 5030211 (Security Update) | Important | Elevation of Privilege | 5029244 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 11 version 21H2 for ARM64-based Systems | 5030217 (Security Update) | Important | Elevation of Privilege | 5029253 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5030217 (Security Update) | Important | Elevation of Privilege | 5029253 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5030219 (Security Update) | Important | Elevation of Privilege | 5029263 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5030219 (Security Update) | Important | Elevation of Privilege | 5029263 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 |
Yes | 5030271 5030286 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 |
Yes | 5030271 5030286 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 6.0.6003.22262 |
Yes | 5030271 5030286 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5030271 (Monthly Rollup) 5030286 (Security Only) |
Important | Elevation of Privilege | 5029318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22264 6.0.6003.22262 |
Yes | 5030271 5030286 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5030265 (Monthly Rollup) 5030261 (Security Only) |
Important | Elevation of Privilege | 5029296 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26713 |
Yes | 5030265 5030261 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5030265 (Monthly Rollup) 5030261 (Security Only) |
Important | Elevation of Privilege | 5029296 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26713 |
Yes | 5030265 5030261 |
Windows Server 2012 | 5030278 (Monthly Rollup) 5030279 (Security Only) |
Important | Elevation of Privilege | 5029295 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24462 | Yes | None |
Windows Server 2012 (Server Core installation) | 5030278 (Monthly Rollup) 5030279 (Security Only) |
Important | Elevation of Privilege | 5029295 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24462 | Yes | None |
Windows Server 2012 R2 | 5030269 (Monthly Rollup) 5030287 (Security Only) |
Important | Elevation of Privilege | 5029312 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21563 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5030269 (Monthly Rollup) 5030287 (Security Only) |
Important | Elevation of Privilege | 5029312 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21563 | Yes | None |
Windows Server 2016 | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2016 (Server Core installation) | 5030213 (Security Update) | Important | Elevation of Privilege | 5029242 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2019 | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2019 (Server Core installation) | 5030214 (Security Update) | Important | Elevation of Privilege | 5029247 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2022 | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Elevation of Privilege | 5029250 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
Windows Server 2022 (Server Core installation) | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Elevation of Privilege | 5029250 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
CVE ID | Acknowledgements |
CVE-2023-36804 | Marcin Wiazowski working with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-36803
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. Mitigations: None Workarounds: None Revision: 1.0    12-Sep-23     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-36803 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1607 for 32-bit Systems | 5030213 (Security Update) | Important | Information Disclosure | 5029242 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5030213 (Security Update) | Important | Information Disclosure | 5029242 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5030214 (Security Update) | Important | Information Disclosure | 5029247 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5030214 (Security Update) | Important | Information Disclosure | 5029247 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5030214 (Security Update) | Important | Information Disclosure | 5029247 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5030211 (Security Update) | Important | Information Disclosure | 5029244 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Information Disclosure | 5029244 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5030211 (Security Update) | Important | Information Disclosure | 5029244 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3448 | Yes | None |
Windows 10 Version 22H2 for 32-bit Systems | 5030211 (Security Update) | Important | Information Disclosure | 5029244 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for ARM64-based Systems | 5030211 (Security Update) | Important | Information Disclosure | 5029244 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 10 Version 22H2 for x64-based Systems | 5030211 (Security Update) | Important | Information Disclosure | 5029244 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3448 | Yes | None |
Windows 11 version 21H2 for ARM64-based Systems | 5030217 (Security Update) | Important | Information Disclosure | 5029253 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5030217 (Security Update) | Important | Information Disclosure | 5029253 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2416 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5030219 (Security Update) | Important | Information Disclosure | 5029263 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5030219 (Security Update) | Important | Information Disclosure | 5029263 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.2275 | Yes | None |
Windows Server 2016 | 5030213 (Security Update) | Important | Information Disclosure | 5029242 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2016 (Server Core installation) | 5030213 (Security Update) | Important | Information Disclosure | 5029242 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6252 | Yes | None |
Windows Server 2019 | 5030214 (Security Update) | Important | Information Disclosure | 5029247 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2019 (Server Core installation) | 5030214 (Security Update) | Important | Information Disclosure | 5029247 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.4851 | Yes | None |
Windows Server 2022 | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Information Disclosure | 5029250 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
Windows Server 2022 (Server Core installation) | 5030216 (Security Update) 5030325 (AzureHotpatch) |
Important | Information Disclosure | 5029250 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.1960 |
Yes | 5030216 |
CVE ID | Acknowledgements |
CVE-2023-36803 |