Microsoft CVE Summary

This report contains detail for the following vulnerabilities:

CVE Issued by Tag CVE ID CVE Title
Microsoft.NET and Visual Studio CVE-2023-36794 Visual Studio Remote Code Execution Vulnerability
Microsoft.NET and Visual Studio CVE-2023-36796 Visual Studio Remote Code Execution Vulnerability
Microsoft.NET and Visual Studio CVE-2023-36792 Visual Studio Remote Code Execution Vulnerability
Microsoft.NET and Visual Studio CVE-2023-36793 Visual Studio Remote Code Execution Vulnerability
Microsoft.NET Core & Visual Studio CVE-2023-36799 .NET Core and Visual Studio Denial of Service Vulnerability
Microsoft.NET Framework CVE-2023-36788 .NET Framework Remote Code Execution Vulnerability
Microsoft3D Builder CVE-2023-36772 3D Builder Remote Code Execution Vulnerability
Microsoft3D Builder CVE-2023-36771 3D Builder Remote Code Execution Vulnerability
Microsoft3D Builder CVE-2023-36770 3D Builder Remote Code Execution Vulnerability
Microsoft3D Builder CVE-2023-36773 3D Builder Remote Code Execution Vulnerability
Autodesk3D Viewer CVE-2022-41303 AutoDesk: CVE-2022-41303 use-after-free vulnerability in Autodesk® FBX® SDK 2020 or prior
Microsoft3D Viewer CVE-2023-36760 3D Viewer Remote Code Execution Vulnerability
Microsoft3D Viewer CVE-2023-36740 3D Viewer Remote Code Execution Vulnerability
Microsoft3D Viewer CVE-2023-36739 3D Viewer Remote Code Execution Vulnerability
MicrosoftAzure DevOps CVE-2023-33136 Azure DevOps Server Remote Code Execution Vulnerability
MicrosoftAzure DevOps CVE-2023-38155 Azure DevOps Server Remote Code Execution Vulnerability
MicrosoftAzure HDInsights CVE-2023-38156 Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability
MicrosoftMicrosoft Azure Kubernetes Service CVE-2023-29332 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
MicrosoftMicrosoft Dynamics CVE-2023-38164 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
MicrosoftMicrosoft Dynamics CVE-2023-36886 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
MicrosoftMicrosoft Dynamics Finance & Operations CVE-2023-36800 Dynamics Finance and Operations Cross-site Scripting Vulnerability
ChromeMicrosoft Edge (Chromium-based) CVE-2023-4863 Chromium: CVE-2023-4863 Heap buffer overflow in WebP
ChromeMicrosoft Edge (Chromium-based) CVE-2023-4763 Chromium: CVE-2023-4763 Use after free in Networks
ChromeMicrosoft Edge (Chromium-based) CVE-2023-4761 Chromium: CVE-2023-4761 Out of bounds memory access in FedCM
ChromeMicrosoft Edge (Chromium-based) CVE-2023-4764 Chromium: CVE-2023-4764 Incorrect security UI in BFCache
ChromeMicrosoft Edge (Chromium-based) CVE-2023-4762 Chromium: CVE-2023-4762 Type Confusion in V8
MicrosoftMicrosoft Exchange Server CVE-2023-36744 Microsoft Exchange Server Remote Code Execution Vulnerability
MicrosoftMicrosoft Exchange Server CVE-2023-36756 Microsoft Exchange Server Remote Code Execution Vulnerability
MicrosoftMicrosoft Exchange Server CVE-2023-36745 Microsoft Exchange Server Remote Code Execution Vulnerability
MicrosoftMicrosoft Exchange Server CVE-2023-36777 Microsoft Exchange Server Information Disclosure Vulnerability
MicrosoftMicrosoft Exchange Server CVE-2023-36757 Microsoft Exchange Server Spoofing Vulnerability
MicrosoftMicrosoft Identity Linux Broker CVE-2023-36736 Microsoft Identity Linux Broker Remote Code Execution Vulnerability
MicrosoftMicrosoft Office CVE-2023-36767 Microsoft Office Security Feature Bypass Vulnerability
MicrosoftMicrosoft Office CVE-2023-36765 Microsoft Office Elevation of Privilege Vulnerability
MicrosoftMicrosoft Office CVE-2023-41764 Microsoft Office Spoofing Vulnerability
MicrosoftMicrosoft Office Excel CVE-2023-36766 Microsoft Excel Information Disclosure Vulnerability
MicrosoftMicrosoft Office Outlook CVE-2023-36763 Microsoft Outlook Information Disclosure Vulnerability
MicrosoftMicrosoft Office SharePoint CVE-2023-36764 Microsoft SharePoint Server Elevation of Privilege Vulnerability
MicrosoftMicrosoft Office Word CVE-2023-36761 Microsoft Word Information Disclosure Vulnerability
MicrosoftMicrosoft Office Word CVE-2023-36762 Microsoft Word Remote Code Execution Vulnerability
MicrosoftMicrosoft Streaming Service CVE-2023-36802 Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
MicrosoftMicrosoft Windows Codecs Library CVE-2023-38147 Windows Miracast Wireless Display Remote Code Execution Vulnerability
MicrosoftVisual Studio CVE-2023-36758 Visual Studio Elevation of Privilege Vulnerability
MicrosoftVisual Studio CVE-2023-36759 Visual Studio Elevation of Privilege Vulnerability
MicrosoftVisual Studio Code CVE-2023-36742 Visual Studio Code Remote Code Execution Vulnerability
ElectronVisual Studio Code CVE-2023-39956 Electron: CVE-2023-39956 -Visual Studio Code Remote Code Execution Vulnerability
MicrosoftWindows Cloud Files Mini Filter Driver CVE-2023-35355 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
MicrosoftWindows Common Log File System Driver CVE-2023-38143 Windows Common Log File System Driver Elevation of Privilege Vulnerability
MicrosoftWindows Common Log File System Driver CVE-2023-38144 Windows Common Log File System Driver Elevation of Privilege Vulnerability
MicrosoftWindows Defender CVE-2023-38163 Windows Defender Attack Surface Reduction Security Feature Bypass
MicrosoftWindows DHCP Server CVE-2023-38152 DHCP Server Service Information Disclosure Vulnerability
MicrosoftWindows DHCP Server CVE-2023-38162 DHCP Server Service Denial of Service Vulnerability
MicrosoftWindows DHCP Server CVE-2023-36801 DHCP Server Service Information Disclosure Vulnerability
MicrosoftWindows GDI CVE-2023-36804 Windows GDI Elevation of Privilege Vulnerability
MicrosoftWindows GDI CVE-2023-38161 Windows GDI Elevation of Privilege Vulnerability
MicrosoftWindows Internet Connection Sharing (ICS) CVE-2023-38148 Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
MicrosoftWindows Kernel CVE-2023-38141 Windows Kernel Elevation of Privilege Vulnerability
MicrosoftWindows Kernel CVE-2023-38142 Windows Kernel Elevation of Privilege Vulnerability
MicrosoftWindows Kernel CVE-2023-38139 Windows Kernel Elevation of Privilege Vulnerability
MicrosoftWindows Kernel CVE-2023-38140 Windows Kernel Information Disclosure Vulnerability
MicrosoftWindows Kernel CVE-2023-38150 Windows Kernel Elevation of Privilege Vulnerability
MicrosoftWindows Kernel CVE-2023-36803 Windows Kernel Information Disclosure Vulnerability
MicrosoftWindows Scripting CVE-2023-36805 Windows MSHTML Platform Security Feature Bypass Vulnerability
MicrosoftWindows TCP/IP CVE-2023-38160 Windows TCP/IP Information Disclosure Vulnerability
MicrosoftWindows TCP/IP CVE-2023-38149 Windows TCP/IP Denial of Service Vulnerability
MicrosoftWindows Themes CVE-2023-38146 Windows Themes Remote Code Execution Vulnerability

CVE-2023-4761 - Chromium: CVE-2023-4761 Out of bounds memory access in FedCM

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-4761
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2023-4761 Out of bounds memory access in FedCM
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
116.0.1938.xxx 9/7/2023 116.0.5845.179/.180

Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-23    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-4761
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
116.0.1938.76 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-4761 None

CVE-2023-4762 - Chromium: CVE-2023-4762 Type Confusion in V8

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-4762
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2023-4762 Type Confusion in V8
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
116.0.1938.xxx 9/7/2023 116.0.5845.179/.180

Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-23    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-4762
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
116.0.1938.76 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-4762 None

CVE-2023-4763 - Chromium: CVE-2023-4763 Use after free in Networks

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-4763
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2023-4763 Use after free in Networks
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
116.0.1938.xxx 9/7/2023 116.0.5845.179/.180

Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-23    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-4763
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
116.0.1938.76 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-4763 None

CVE-2023-4764 - Chromium: CVE-2023-4764 Incorrect security UI in BFCache

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-4764
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2023-4764 Incorrect security UI in BFCache
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
116.0.1938.xxx 9/7/2023 116.0.5845.179/.180

Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-23    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-4764
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
116.0.1938.76 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-4764 None

CVE-2023-35355 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-35355
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Sep-23    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-35355
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 1809 for 32-bit Systems 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for x64-based Systems 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for x64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for x64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 11 version 21H2 for ARM64-based Systems 5030217 (Security Update) Important Elevation of Privilege 5029253 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 version 21H2 for x64-based Systems 5030217 (Security Update) Important Elevation of Privilege 5029253 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5030219 (Security Update) Important Elevation of Privilege 5029263 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows 11 Version 22H2 for x64-based Systems 5030219 (Security Update) Important Elevation of Privilege 5029263 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows Server 2019 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2019 (Server Core installation) 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2022 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Elevation of Privilege 5029250
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216
Windows Server 2022 (Server Core installation) 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Elevation of Privilege 5029250
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216

Acknowledgements

CVE ID Acknowledgements
CVE-2023-35355 Anonymous


CVE-2023-38162 - DHCP Server Service Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-38162
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: DHCP Server Service Denial of Service Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:
None
Mitigations:

The following mitigating factors might be helpful in your situation:

Customers who have not configured their DHCP server as a failover are not affected by this vulnerability.


Workarounds:
None
Revision:
1.0    12-Sep-23    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-38162
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows Server 2012 5030278 (Monthly Rollup)
5030279 (Security Only)
Important Denial of Service 5029295
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.2.9200.24462 Yes None
Windows Server 2012 (Server Core installation) 5030278 (Monthly Rollup)
5030279 (Security Only)
Important Denial of Service 5029295
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.2.9200.24462 Yes None
Windows Server 2012 R2 5030269 (Monthly Rollup)
5030287 (Security Only)
Important Denial of Service 5029312
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.3.9600.21563 Yes None
Windows Server 2012 R2 (Server Core installation) 5030269 (Monthly Rollup)
5030287 (Security Only)
Important Denial of Service 5029312
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.3.9600.21563 Yes None
Windows Server 2016 5030213 (Security Update) Important Denial of Service 5029242 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2016 (Server Core installation) 5030213 (Security Update) Important Denial of Service 5029242 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2019 5030214 (Security Update) Important Denial of Service 5029247 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2019 (Server Core installation) 5030214 (Security Update) Important Denial of Service 5029247 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2022 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Denial of Service 5029250
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216
Windows Server 2022 (Server Core installation) 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Denial of Service 5029250
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216

Acknowledgements

CVE ID Acknowledgements
CVE-2023-38162 LIU An, WANG Zimeng State Grid Information & Telecommunication Co.,Ltd.


CVE-2023-38161 - Windows GDI Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-38161
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows GDI Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Sep-23    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-38161
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5030220 (Security Update) Important Elevation of Privilege 5029259 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20162 Yes None
Windows 10 for x64-based Systems 5030220 (Security Update) Important Elevation of Privilege 5029259 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20162 Yes None
Windows 10 Version 1607 for 32-bit Systems 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows 10 Version 1607 for x64-based Systems 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows 10 Version 1809 for 32-bit Systems 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for x64-based Systems 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for x64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for x64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 11 version 21H2 for ARM64-based Systems 5030217 (Security Update) Important Elevation of Privilege 5029253 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 version 21H2 for x64-based Systems 5030217 (Security Update) Important Elevation of Privilege 5029253 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5030219 (Security Update) Important Elevation of Privilege 5029263 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows 11 Version 22H2 for x64-based Systems 5030219 (Security Update) Important Elevation of Privilege 5029263 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264
Yes 5030271
5030286
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264
Yes 5030271
5030286
Windows Server 2008 for x64-based Systems Service Pack 2 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264

6.0.6003.22262
Yes 5030271
5030286
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264

6.0.6003.22262
Yes 5030271
5030286
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5030265 (Monthly Rollup)
5030261 (Security Only)
Important Elevation of Privilege 5029296
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26713
Yes 5030265
5030261
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5030265 (Monthly Rollup)
5030261 (Security Only)
Important Elevation of Privilege 5029296
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26713
Yes 5030265
5030261
Windows Server 2012 5030278 (Monthly Rollup)
5030279 (Security Only)
Important Elevation of Privilege 5029295
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24462 Yes None
Windows Server 2012 (Server Core installation) 5030278 (Monthly Rollup)
5030279 (Security Only)
Important Elevation of Privilege 5029295
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24462 Yes None
Windows Server 2012 R2 5030269 (Monthly Rollup)
5030287 (Security Only)
Important Elevation of Privilege 5029312
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21563 Yes None
Windows Server 2012 R2 (Server Core installation) 5030269 (Monthly Rollup)
5030287 (Security Only)
Important Elevation of Privilege 5029312
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21563 Yes None
Windows Server 2016 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2016 (Server Core installation) 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2019 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2019 (Server Core installation) 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2022 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Elevation of Privilege 5029250
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216
Windows Server 2022 (Server Core installation) 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Elevation of Privilege 5029250
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216

Acknowledgements

CVE ID Acknowledgements
CVE-2023-38161 Marcin Wiazowski working with Trend Micro Zero Day Initiative


CVE-2023-38156 - Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-38156
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.2/TemporalScore:6.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could gain domain administrator privileges.


How could an attacker exploit this vulnerability?

An authenticated attacker with access to the target HDI cluster could send a specially crafted network request to create and assign themselves as a Cluster Administrator. Cluster Administrators can read/write/delete and perform all resource service management operations.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Sep-23    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-38156
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure HDInsights Release Notes (Security Update) Important Elevation of Privilege None Base: 7.2
Temporal: 6.3
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
2308221128 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-38156 Lidor B. with Orca Security


CVE-2023-38152 - DHCP Server Service Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-38152
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: DHCP Server Service Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:5.3/TemporalScore:4.6
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What type of information could be disclosed by this vulnerability?

Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.


According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. While the attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).


Mitigations:

The following mitigating factors might be helpful in your situation:

Customers who have not installed the DHCP Server Role to their server are not affected by this vulnerability.


Workarounds:
None
Revision:
1.0    12-Sep-23    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-38152
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows Server 2008 for 32-bit Systems Service Pack 2 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Information Disclosure 5029318
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
6.0.6003.22264
Yes 5030271
5030286
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Information Disclosure 5029318
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
6.0.6003.22264
Yes 5030271
5030286
Windows Server 2008 for x64-based Systems Service Pack 2 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Information Disclosure 5029318
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
6.0.6003.22264

6.0.6003.22262
Yes 5030271
5030286
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Information Disclosure 5029318
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
6.0.6003.22264

6.0.6003.22262
Yes 5030271
5030286
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5030265 (Monthly Rollup)
5030261 (Security Only)
Important Information Disclosure 5029296
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
6.1.7601.26713
Yes 5030265
5030261
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5030265 (Monthly Rollup)
5030261 (Security Only)
Important Information Disclosure 5029296
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
6.1.7601.26713
Yes 5030265
5030261
Windows Server 2012 5030278 (Monthly Rollup)
5030279 (Security Only)
Important Information Disclosure 5029295
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
6.2.9200.24462 Yes None
Windows Server 2012 (Server Core installation) 5030278 (Monthly Rollup)
5030279 (Security Only)
Important Information Disclosure 5029295
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
6.2.9200.24462 Yes None
Windows Server 2012 R2 5030269 (Monthly Rollup)
5030287 (Security Only)
Important Information Disclosure 5029312
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
6.3.9600.21563 Yes None
Windows Server 2012 R2 (Server Core installation) 5030269 (Monthly Rollup)
5030287 (Security Only)
Important Information Disclosure 5029312
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
6.3.9600.21563 Yes None
Windows Server 2016 5030213 (Security Update) Important Information Disclosure 5029242 Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2016 (Server Core installation) 5030213 (Security Update) Important Information Disclosure 5029242 Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2019 5030214 (Security Update) Important Information Disclosure 5029247 Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2019 (Server Core installation) 5030214 (Security Update) Important Information Disclosure 5029247 Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2022 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Information Disclosure 5029250
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216
Windows Server 2022 (Server Core installation) 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Information Disclosure 5029250
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216

Acknowledgements

CVE ID Acknowledgements
CVE-2023-38152 YanZiShuang@BigCJTeam of cyberkl


CVE-2023-38150 - Windows Kernel Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-38150
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.0
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityProof-of-Concept
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Sep-23    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-38150
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 11 version 21H2 for ARM64-based Systems 5030217 (Security Update) Important Elevation of Privilege 5029253 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 version 21H2 for x64-based Systems 5030217 (Security Update) Important Elevation of Privilege 5029253 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5030219 (Security Update) Important Elevation of Privilege 5029263 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22621.2275 Yes None
Windows 11 Version 22H2 for x64-based Systems 5030219 (Security Update) Important Elevation of Privilege 5029263 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22621.2275 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-38150 ziming zhang with Ant Security Light-Year Lab


CVE-2023-38149 - Windows TCP/IP Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-38149
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows TCP/IP Denial of Service Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:
None
Mitigations:

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:

  • Systems are not affected if IPv6 is disabled on the target machine.

Workarounds:

The following workaround may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as they become available even if you plan to leave this workaround in place:

Disable router discovery on IPv6 interface.

You can disable router discovery on the IPv6 interface to prevent attackers from exploiting the vulnerability, with the following PowerShell command:

  • Set-NetIPInterface -InterfaceIndex [interface_index] -RouterDiscovery Disabled

You can disable router discovery on the IPv6 interface to prevent attackers from exploiting the vulnerability, with the following Network Shell (netsh) command:

  • netsh interface ipv6 set interface [interface_name] routerdiscovery=disabled

Please refer to the workaround section of this security bulletin for more information: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-006

Note:

No reboot is needed after making the change.


Revision:
1.0    12-Sep-23    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-38149
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5030220 (Security Update) Important Denial of Service 5029259 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.10240.20162 Yes None
Windows 10 for x64-based Systems 5030220 (Security Update) Important Denial of Service 5029259 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.10240.20162 Yes None
Windows 10 Version 1607 for 32-bit Systems 5030213 (Security Update) Important Denial of Service 5029242 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows 10 Version 1607 for x64-based Systems 5030213 (Security Update) Important Denial of Service 5029242 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows 10 Version 1809 for 32-bit Systems 5030214 (Security Update) Important Denial of Service 5029247 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5030214 (Security Update) Important Denial of Service 5029247 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for x64-based Systems 5030214 (Security Update) Important Denial of Service 5029247 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5030211 (Security Update) Important Denial of Service 5029244 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5030211 (Security Update) Important Denial of Service 5029244 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for x64-based Systems 5030211 (Security Update) Important Denial of Service 5029244 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5030211 (Security Update) Important Denial of Service 5029244 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5030211 (Security Update) Important Denial of Service 5029244 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for x64-based Systems 5030211 (Security Update) Important Denial of Service 5029244 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 11 version 21H2 for ARM64-based Systems 5030217 (Security Update) Important Denial of Service 5029253 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 version 21H2 for x64-based Systems 5030217 (Security Update) Important Denial of Service 5029253 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5030219 (Security Update) Important Denial of Service 5029263 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows 11 Version 22H2 for x64-based Systems 5030219 (Security Update) Important Denial of Service 5029263 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5030265 (Monthly Rollup)
5030261 (Security Only)
Important Denial of Service 5029296
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.1.7601.26713
Yes 5030265
5030261
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5030265 (Monthly Rollup)
5030261 (Security Only)
Important Denial of Service 5029296
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.1.7601.26713
Yes 5030265
5030261
Windows Server 2012 5030278 (Monthly Rollup)
5030279 (Security Only)
Important Denial of Service 5029295
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.2.9200.24462 Yes None
Windows Server 2012 (Server Core installation) 5030278 (Monthly Rollup)
5030279 (Security Only)
Important Denial of Service 5029295
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.2.9200.24462 Yes None
Windows Server 2012 R2 5030269 (Monthly Rollup)
5030287 (Security Only)
Important Denial of Service 5029312
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.3.9600.21563 Yes None
Windows Server 2012 R2 (Server Core installation) 5030269 (Monthly Rollup)
5030287 (Security Only)
Important Denial of Service 5029312
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.3.9600.21563 Yes None
Windows Server 2016 5030213 (Security Update) Important Denial of Service 5029242 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2016 (Server Core installation) 5030213 (Security Update) Important Denial of Service 5029242 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2019 5030214 (Security Update) Important Denial of Service 5029247 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2019 (Server Core installation) 5030214 (Security Update) Important Denial of Service 5029247 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2022 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Denial of Service 5029250
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216
Windows Server 2022 (Server Core installation) 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Denial of Service 5029250
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216

Acknowledgements

CVE ID Acknowledgements
CVE-2023-38149 Wei in Kunlun Lab with Cyber KunLun


CVE-2023-38148 - Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-38148
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?

This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.


How could an attacker exploit this vulnerability?

An unauthorized attacker could exploit this Internet Connection Sharing (ICS) vulnerability by sending a specially crafted network packet to the Internet Connection Sharing (ICS) Service.


Mitigations:

The following mitigating factors might be helpful in your situation:

Exploitation of this vulnerability requires that the Internet Connection Sharing (ICS) is enabled.


Workarounds:
None
Revision:
1.0    12-Sep-23    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-38148
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 21H2 for 32-bit Systems 5030211 (Security Update) Critical Remote Code Execution 5029244 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5030211 (Security Update) Critical Remote Code Execution 5029244 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for x64-based Systems 5030211 (Security Update) Critical Remote Code Execution 5029244 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5030211 (Security Update) Critical Remote Code Execution 5029244 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5030211 (Security Update) Critical Remote Code Execution 5029244 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for x64-based Systems 5030211 (Security Update) Critical Remote Code Execution 5029244 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 11 version 21H2 for ARM64-based Systems 5030217 (Security Update) Critical Remote Code Execution 5029253 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 version 21H2 for x64-based Systems 5030217 (Security Update) Critical Remote Code Execution 5029253 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5030219 (Security Update) Critical Remote Code Execution 5029263 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows 11 Version 22H2 for x64-based Systems 5030219 (Security Update) Critical Remote Code Execution 5029263 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows Server 2022 5030216 (Security Update)
5030325 (AzureHotpatch)
Critical Remote Code Execution 5029250
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216
Windows Server 2022 (Server Core installation) 5030216 (Security Update)
5030325 (AzureHotpatch)
Critical Remote Code Execution 5029250
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216

Acknowledgements

CVE ID Acknowledgements
CVE-2023-38148 Anonymous


CVE-2023-38147 - Windows Miracast Wireless Display Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-38147
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Miracast Wireless Display Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?

Exploiting this vulnerability requires an attacker to be within proximity of the target system in order to send and receive radio transmissions.


How could an attacker exploit this vulnerability?

An unauthenticated attacker could project to a vulnerable system on the same wireless network that was configured to allow "Projecting to this PC" and marked as "Available Everywhere". This is not a default configuration.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Sep-23    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-38147
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5030220 (Security Update) Important Remote Code Execution 5029259 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20162 Yes None
Windows 10 for x64-based Systems 5030220 (Security Update) Important Remote Code Execution 5029259 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20162 Yes None
Windows 10 Version 1607 for 32-bit Systems 5030213 (Security Update) Important Remote Code Execution 5029242 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows 10 Version 1607 for x64-based Systems 5030213 (Security Update) Important Remote Code Execution 5029242 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows 10 Version 1809 for 32-bit Systems 5030214 (Security Update) Important Remote Code Execution 5029247 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5030214 (Security Update) Important Remote Code Execution 5029247 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for x64-based Systems 5030214 (Security Update) Important Remote Code Execution 5029247 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5030211 (Security Update) Important Remote Code Execution 5029244 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5030211 (Security Update) Important Remote Code Execution 5029244 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for x64-based Systems 5030211 (Security Update) Important Remote Code Execution 5029244 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5030211 (Security Update) Important Remote Code Execution 5029244 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5030211 (Security Update) Important Remote Code Execution 5029244 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for x64-based Systems 5030211 (Security Update) Important Remote Code Execution 5029244 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 11 version 21H2 for ARM64-based Systems 5030217 (Security Update) Important Remote Code Execution 5029253 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 version 21H2 for x64-based Systems 5030217 (Security Update) Important Remote Code Execution 5029253 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5030219 (Security Update) Important Remote Code Execution 5029263 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows 11 Version 22H2 for x64-based Systems 5030219 (Security Update) Important Remote Code Execution 5029263 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows Server 2016 5030213 (Security Update) Important Remote Code Execution 5029242 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2016 (Server Core installation) 5030213 (Security Update) Important Remote Code Execution 5029242 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2019 5030214 (Security Update) Important Remote Code Execution 5029247 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2019 (Server Core installation) 5030214 (Security Update) Important Remote Code Execution 5029247 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2022 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Remote Code Execution 5029250
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216
Windows Server 2022 (Server Core installation) 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Remote Code Execution 5029250
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216

Acknowledgements

CVE ID Acknowledgements
CVE-2023-38147 wkai with Codesafe Team of Legendsec at QI-ANXIN Group


CVE-2023-38146 - Windows Themes Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-38146
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Themes Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

How could an attacker exploit this vulnerability?

An attacker would need to convince a targeted user to load a Windows Themes file on a vulnerable system with access to an attacker-controlled SMB share.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Sep-23    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-38146
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 11 version 21H2 for ARM64-based Systems 5030217 (Security Update) Important Remote Code Execution 5029253 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 version 21H2 for x64-based Systems 5030217 (Security Update) Important Remote Code Execution 5029253 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5030219 (Security Update) Important Remote Code Execution 5029263 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows 11 Version 22H2 for x64-based Systems 5030219 (Security Update) Important Remote Code Execution 5029263 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-38146 Gabe Kirkpatrick


Thijs Alkemade, Khaled Nassar, and Daan Keuper with Computest Sector 7


CVE-2023-38144 - Windows Common Log File System Driver Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-38144
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Sep-23    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-38144
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5030220 (Security Update) Important Elevation of Privilege 5029259 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20162 Yes None
Windows 10 for x64-based Systems 5030220 (Security Update) Important Elevation of Privilege 5029259 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20162 Yes None
Windows 10 Version 1607 for 32-bit Systems 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows 10 Version 1607 for x64-based Systems 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows 10 Version 1809 for 32-bit Systems 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for x64-based Systems 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for x64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for x64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 11 version 21H2 for ARM64-based Systems 5030217 (Security Update) Important Elevation of Privilege 5029253 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 version 21H2 for x64-based Systems 5030217 (Security Update) Important Elevation of Privilege 5029253 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5030219 (Security Update) Important Elevation of Privilege 5029263 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows 11 Version 22H2 for x64-based Systems 5030219 (Security Update) Important Elevation of Privilege 5029263 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264
Yes 5030271
5030286
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264
Yes 5030271
5030286
Windows Server 2008 for x64-based Systems Service Pack 2 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264

6.0.6003.22262
Yes 5030271
5030286
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264

6.0.6003.22262
Yes 5030271
5030286
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5030265 (Monthly Rollup)
5030261 (Security Only)
Important Elevation of Privilege 5029296
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26713
Yes 5030265
5030261
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5030265 (Monthly Rollup)
5030261 (Security Only)
Important Elevation of Privilege 5029296
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26713
Yes 5030265
5030261
Windows Server 2012 5030278 (Monthly Rollup)
5030279 (Security Only)
Important Elevation of Privilege 5029295
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24462 Yes None
Windows Server 2012 (Server Core installation) 5030278 (Monthly Rollup)
5030279 (Security Only)
Important Elevation of Privilege 5029295
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24462 Yes None
Windows Server 2012 R2 5030269 (Monthly Rollup)
5030287 (Security Only)
Important Elevation of Privilege 5029312
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21563 Yes None
Windows Server 2012 R2 (Server Core installation) 5030269 (Monthly Rollup)
5030287 (Security Only)
Important Elevation of Privilege 5029312
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21563 Yes None
Windows Server 2016 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2016 (Server Core installation) 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2019 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2019 (Server Core installation) 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2022 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Elevation of Privilege 5029250
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216
Windows Server 2022 (Server Core installation) 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Elevation of Privilege 5029250
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216

Acknowledgements

CVE ID Acknowledgements
CVE-2023-38144 Anonymous working with Trend Micro Zero Day Initiative


CVE-2023-38143 - Windows Common Log File System Driver Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-38143
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Sep-23    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-38143
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5030220 (Security Update) Important Elevation of Privilege 5029259 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20162 Yes None
Windows 10 for x64-based Systems 5030220 (Security Update) Important Elevation of Privilege 5029259 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20162 Yes None
Windows 10 Version 1607 for 32-bit Systems 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows 10 Version 1607 for x64-based Systems 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows 10 Version 1809 for 32-bit Systems 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for x64-based Systems 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for x64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for x64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 11 version 21H2 for ARM64-based Systems 5030217 (Security Update) Important Elevation of Privilege 5029253 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 version 21H2 for x64-based Systems 5030217 (Security Update) Important Elevation of Privilege 5029253 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5030219 (Security Update) Important Elevation of Privilege 5029263 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows 11 Version 22H2 for x64-based Systems 5030219 (Security Update) Important Elevation of Privilege 5029263 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264
Yes 5030271
5030286
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264
Yes 5030271
5030286
Windows Server 2008 for x64-based Systems Service Pack 2 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264

6.0.6003.22262
Yes 5030271
5030286
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264

6.0.6003.22262
Yes 5030271
5030286
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5030265 (Monthly Rollup)
5030261 (Security Only)
Important Elevation of Privilege 5029296
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26713
Yes 5030265
5030261
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5030265 (Monthly Rollup)
5030261 (Security Only)
Important Elevation of Privilege 5029296
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26713
Yes 5030265
5030261
Windows Server 2012 5030278 (Monthly Rollup)
5030279 (Security Only)
Important Elevation of Privilege 5029295
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24462 Yes None
Windows Server 2012 (Server Core installation) 5030278 (Monthly Rollup)
5030279 (Security Only)
Important Elevation of Privilege 5029295
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24462 Yes None
Windows Server 2012 R2 5030269 (Monthly Rollup)
5030287 (Security Only)
Important Elevation of Privilege 5029312
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21563 Yes None
Windows Server 2012 R2 (Server Core installation) 5030269 (Monthly Rollup)
5030287 (Security Only)
Important Elevation of Privilege 5029312
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21563 Yes None
Windows Server 2016 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2016 (Server Core installation) 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2019 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2019 (Server Core installation) 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2022 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Elevation of Privilege 5029250
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216
Windows Server 2022 (Server Core installation) 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Elevation of Privilege 5029250
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216

Acknowledgements

CVE ID Acknowledgements
CVE-2023-38143 Anonymous Trend Micro Zero Day Initiative


CVE-2023-38142 - Windows Kernel Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-38142
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Sep-23    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-38142
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5030220 (Security Update) Important Elevation of Privilege 5029259 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20162 Yes None
Windows 10 for x64-based Systems 5030220 (Security Update) Important Elevation of Privilege 5029259 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20162 Yes None
Windows 10 Version 1607 for 32-bit Systems 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows 10 Version 1607 for x64-based Systems 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows 10 Version 1809 for 32-bit Systems 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for x64-based Systems 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for x64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for x64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 11 version 21H2 for ARM64-based Systems 5030217 (Security Update) Important Elevation of Privilege 5029253 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 version 21H2 for x64-based Systems 5030217 (Security Update) Important Elevation of Privilege 5029253 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5030219 (Security Update) Important Elevation of Privilege 5029263 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows 11 Version 22H2 for x64-based Systems 5030219 (Security Update) Important Elevation of Privilege 5029263 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264
Yes 5030271
5030286
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264
Yes 5030271
5030286
Windows Server 2008 for x64-based Systems Service Pack 2 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264

6.0.6003.22262
Yes 5030271
5030286
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264

6.0.6003.22262
Yes 5030271
5030286
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5030265 (Monthly Rollup)
5030261 (Security Only)
Important Elevation of Privilege 5029296
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26713
Yes 5030265
5030261
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5030265 (Monthly Rollup)
5030261 (Security Only)
Important Elevation of Privilege 5029296
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26713
Yes 5030265
5030261
Windows Server 2012 5030278 (Monthly Rollup)
5030279 (Security Only)
Important Elevation of Privilege 5029295
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24462 Yes None
Windows Server 2012 (Server Core installation) 5030278 (Monthly Rollup)
5030279 (Security Only)
Important Elevation of Privilege 5029295
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24462 Yes None
Windows Server 2012 R2 5030269 (Monthly Rollup)
5030287 (Security Only)
Important Elevation of Privilege 5029312
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21563 Yes None
Windows Server 2012 R2 (Server Core installation) 5030269 (Monthly Rollup)
5030287 (Security Only)
Important Elevation of Privilege 5029312
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21563 Yes None
Windows Server 2016 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2016 (Server Core installation) 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2019 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2019 (Server Core installation) 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2022 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Elevation of Privilege 5029250
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216
Windows Server 2022 (Server Core installation) 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Elevation of Privilege 5029250
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216

Acknowledgements

CVE ID Acknowledgements
CVE-2023-38142 Zhang WangJunJie, He YiSheng, Li WenYue with Hillstone Network Security Research Institute


CVE-2023-38141 - Windows Kernel Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-38141
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Sep-23    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-38141
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5030220 (Security Update) Important Elevation of Privilege 5029259 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20162 Yes None
Windows 10 for x64-based Systems 5030220 (Security Update) Important Elevation of Privilege 5029259 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20162 Yes None
Windows 10 Version 1607 for 32-bit Systems 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows 10 Version 1607 for x64-based Systems 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows 10 Version 1809 for 32-bit Systems 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for x64-based Systems 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for x64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for x64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 11 version 21H2 for ARM64-based Systems 5030217 (Security Update) Important Elevation of Privilege 5029253 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 version 21H2 for x64-based Systems 5030217 (Security Update) Important Elevation of Privilege 5029253 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5030219 (Security Update) Important Elevation of Privilege 5029263 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows 11 Version 22H2 for x64-based Systems 5030219 (Security Update) Important Elevation of Privilege 5029263 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264
Yes 5030271
5030286
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264
Yes 5030271
5030286
Windows Server 2008 for x64-based Systems Service Pack 2 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264

6.0.6003.22262
Yes 5030271
5030286
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264

6.0.6003.22262
Yes 5030271
5030286
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5030265 (Monthly Rollup)
5030261 (Security Only)
Important Elevation of Privilege 5029296
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26713
Yes 5030265
5030261
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5030265 (Monthly Rollup)
5030261 (Security Only)
Important Elevation of Privilege 5029296
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26713
Yes 5030265
5030261
Windows Server 2012 5030278 (Monthly Rollup)
5030279 (Security Only)
Important Elevation of Privilege 5029295
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24462 Yes None
Windows Server 2012 (Server Core installation) 5030278 (Monthly Rollup)
5030279 (Security Only)
Important Elevation of Privilege 5029295
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24462 Yes None
Windows Server 2012 R2 5030269 (Monthly Rollup)
5030287 (Security Only)
Important Elevation of Privilege 5029312
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21563 Yes None
Windows Server 2012 R2 (Server Core installation) 5030269 (Monthly Rollup)
5030287 (Security Only)
Important Elevation of Privilege 5029312
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21563 Yes None
Windows Server 2016 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2016 (Server Core installation) 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2019 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2019 (Server Core installation) 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2022 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Elevation of Privilege 5029250
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216
Windows Server 2022 (Server Core installation) 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Elevation of Privilege 5029250
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216

Acknowledgements

CVE ID Acknowledgements
CVE-2023-38141 Mateusz Jurczyk of Google Project Zero


CVE-2023-38140 - Windows Kernel Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-38140
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Kernel Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.


According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Sep-23    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-38140
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 1607 for 32-bit Systems 5030213 (Security Update) Important Information Disclosure 5029242 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows 10 Version 1607 for x64-based Systems 5030213 (Security Update) Important Information Disclosure 5029242 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows 10 Version 1809 for 32-bit Systems 5030214 (Security Update) Important Information Disclosure 5029247 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5030214 (Security Update) Important Information Disclosure 5029247 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for x64-based Systems 5030214 (Security Update) Important Information Disclosure 5029247 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5030211 (Security Update) Important Information Disclosure 5029244 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5030211 (Security Update) Important Information Disclosure 5029244 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for x64-based Systems 5030211 (Security Update) Important Information Disclosure 5029244 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5030211 (Security Update) Important Information Disclosure 5029244 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5030211 (Security Update) Important Information Disclosure 5029244 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for x64-based Systems 5030211 (Security Update) Important Information Disclosure 5029244 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 11 version 21H2 for ARM64-based Systems 5030217 (Security Update) Important Information Disclosure 5029253 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 version 21H2 for x64-based Systems 5030217 (Security Update) Important Information Disclosure 5029253 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows Server 2016 5030213 (Security Update) Important Information Disclosure 5029242 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2016 (Server Core installation) 5030213 (Security Update) Important Information Disclosure 5029242 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2019 5030214 (Security Update) Important Information Disclosure 5029247 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2019 (Server Core installation) 5030214 (Security Update) Important Information Disclosure 5029247 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2022 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Information Disclosure 5029250
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216
Windows Server 2022 (Server Core installation) 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Information Disclosure 5029250
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216

Acknowledgements

CVE ID Acknowledgements
CVE-2023-38140 Mateusz Jurczyk of Google Project Zero


CVE-2023-38139 - Windows Kernel Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-38139
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Sep-23    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-38139
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5030220 (Security Update) Important Elevation of Privilege 5029259 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20162 Yes None
Windows 10 for x64-based Systems 5030220 (Security Update) Important Elevation of Privilege 5029259 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20162 Yes None
Windows 10 Version 1607 for 32-bit Systems 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows 10 Version 1607 for x64-based Systems 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows 10 Version 1809 for 32-bit Systems 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for x64-based Systems 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for x64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for x64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 11 version 21H2 for ARM64-based Systems 5030217 (Security Update) Important Elevation of Privilege 5029253 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 version 21H2 for x64-based Systems 5030217 (Security Update) Important Elevation of Privilege 5029253 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5030219 (Security Update) Important Elevation of Privilege 5029263 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows 11 Version 22H2 for x64-based Systems 5030219 (Security Update) Important Elevation of Privilege 5029263 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264
Yes 5030271
5030286
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264
Yes 5030271
5030286
Windows Server 2008 for x64-based Systems Service Pack 2 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264

6.0.6003.22262
Yes 5030271
5030286
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264

6.0.6003.22262
Yes 5030271
5030286
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5030265 (Monthly Rollup)
5030261 (Security Only)
Important Elevation of Privilege 5029296
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26713
Yes 5030265
5030261
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5030265 (Monthly Rollup)
5030261 (Security Only)
Important Elevation of Privilege 5029296
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26713
Yes 5030265
5030261
Windows Server 2012 5030278 (Monthly Rollup)
5030279 (Security Only)
Important Elevation of Privilege 5029295
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24462 Yes None
Windows Server 2012 (Server Core installation) 5030278 (Monthly Rollup)
5030279 (Security Only)
Important Elevation of Privilege 5029295
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24462 Yes None
Windows Server 2012 R2 5030269 (Monthly Rollup)
5030287 (Security Only)
Important Elevation of Privilege 5029312
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21563 Yes None
Windows Server 2012 R2 (Server Core installation) 5030269 (Monthly Rollup)
5030287 (Security Only)
Important Elevation of Privilege 5029312
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21563 Yes None
Windows Server 2016 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2016 (Server Core installation) 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2019 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2019 (Server Core installation) 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2022 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Elevation of Privilege 5029250
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216
Windows Server 2022 (Server Core installation) 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Elevation of Privilege 5029250
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216

Acknowledgements

CVE ID Acknowledgements
CVE-2023-38139 Mateusz Jurczyk of Google Project Zero


CVE-2023-36805 - Windows MSHTML Platform Security Feature Bypass Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-36805
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows MSHTML Platform Security Feature Bypass Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.


The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows except Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012. Why are IE Cumulative updates listed for Windows Server 2012 R2?

While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.

To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.


According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?

An attacker who successfully exploited this vulnerability could maintain high privileges, which include read, write, and delete functionality.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Sep-23    

Information published.


Important Security Feature Bypass

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-36805
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5030220 (Security Update) Important Security Feature Bypass 5029259 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20162 Yes None
Windows 10 for x64-based Systems 5030220 (Security Update) Important Security Feature Bypass 5029259 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20162 Yes None
Windows 10 Version 1607 for 32-bit Systems 5030213 (Security Update) Important Security Feature Bypass 5029242 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows 10 Version 1607 for x64-based Systems 5030213 (Security Update) Important Security Feature Bypass 5029242 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows 10 Version 1809 for 32-bit Systems 5030214 (Security Update) Important Security Feature Bypass 5029247 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5030214 (Security Update) Important Security Feature Bypass 5029247 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for x64-based Systems 5030214 (Security Update) Important Security Feature Bypass 5029247 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5030211 (Security Update) Important Security Feature Bypass 5029244 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5030211 (Security Update) Important Security Feature Bypass 5029244 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for x64-based Systems 5030211 (Security Update) Important Security Feature Bypass 5029244 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5030211 (Security Update) Important Security Feature Bypass 5029244 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5030211 (Security Update) Important Security Feature Bypass 5029244 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for x64-based Systems 5030211 (Security Update) Important Security Feature Bypass 5029244 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 11 version 21H2 for ARM64-based Systems 5030217 (Security Update) Important Security Feature Bypass 5029253 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 version 21H2 for x64-based Systems 5030217 (Security Update) Important Security Feature Bypass 5029253 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5030219 (Security Update) Important Security Feature Bypass 5029263 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows 11 Version 22H2 for x64-based Systems 5030219 (Security Update) Important Security Feature Bypass 5029263 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows Server 2012 R2 5030269 (Monthly Rollup)
5030287 (Security Only)
5030209 (IE Cumulative)
Important Security Feature Bypass 5029312

5029243
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21563
1.001
Yes None
Windows Server 2012 R2 (Server Core installation) 5030269 (Monthly Rollup)
5030287 (Security Only)
5030209 (IE Cumulative)
Important Security Feature Bypass 5029312

5029243
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21563
1.001
Yes None
Windows Server 2016 5030213 (Security Update) Important Security Feature Bypass 5029242 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2016 (Server Core installation) 5030213 (Security Update) Important Security Feature Bypass 5029242 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2019 5030214 (Security Update) Important Security Feature Bypass 5029247 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2019 (Server Core installation) 5030214 (Security Update) Important Security Feature Bypass 5029247 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2022 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Security Feature Bypass 5029250
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216
Windows Server 2022 (Server Core installation) 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Security Feature Bypass 5029250
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216

Acknowledgements

CVE ID Acknowledgements
CVE-2023-36805 Eduardo Braun Prado working with Trend Micro Zero Day Initiative


CVE-2023-36804 - Windows GDI Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-36804
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows GDI Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Sep-23    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-36804
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5030220 (Security Update) Important Elevation of Privilege 5029259 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20162 Yes None
Windows 10 for x64-based Systems 5030220 (Security Update) Important Elevation of Privilege 5029259 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20162 Yes None
Windows 10 Version 1607 for 32-bit Systems 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows 10 Version 1607 for x64-based Systems 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows 10 Version 1809 for 32-bit Systems 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for x64-based Systems 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for x64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for x64-based Systems 5030211 (Security Update) Important Elevation of Privilege 5029244 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 11 version 21H2 for ARM64-based Systems 5030217 (Security Update) Important Elevation of Privilege 5029253 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 version 21H2 for x64-based Systems 5030217 (Security Update) Important Elevation of Privilege 5029253 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5030219 (Security Update) Important Elevation of Privilege 5029263 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows 11 Version 22H2 for x64-based Systems 5030219 (Security Update) Important Elevation of Privilege 5029263 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264
Yes 5030271
5030286
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264
Yes 5030271
5030286
Windows Server 2008 for x64-based Systems Service Pack 2 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264

6.0.6003.22262
Yes 5030271
5030286
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5030271 (Monthly Rollup)
5030286 (Security Only)
Important Elevation of Privilege 5029318
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22264

6.0.6003.22262
Yes 5030271
5030286
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5030265 (Monthly Rollup)
5030261 (Security Only)
Important Elevation of Privilege 5029296
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26713
Yes 5030265
5030261
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5030265 (Monthly Rollup)
5030261 (Security Only)
Important Elevation of Privilege 5029296
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26713
Yes 5030265
5030261
Windows Server 2012 5030278 (Monthly Rollup)
5030279 (Security Only)
Important Elevation of Privilege 5029295
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24462 Yes None
Windows Server 2012 (Server Core installation) 5030278 (Monthly Rollup)
5030279 (Security Only)
Important Elevation of Privilege 5029295
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24462 Yes None
Windows Server 2012 R2 5030269 (Monthly Rollup)
5030287 (Security Only)
Important Elevation of Privilege 5029312
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21563 Yes None
Windows Server 2012 R2 (Server Core installation) 5030269 (Monthly Rollup)
5030287 (Security Only)
Important Elevation of Privilege 5029312
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21563 Yes None
Windows Server 2016 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2016 (Server Core installation) 5030213 (Security Update) Important Elevation of Privilege 5029242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2019 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2019 (Server Core installation) 5030214 (Security Update) Important Elevation of Privilege 5029247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2022 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Elevation of Privilege 5029250
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216
Windows Server 2022 (Server Core installation) 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Elevation of Privilege 5029250
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216

Acknowledgements

CVE ID Acknowledgements
CVE-2023-36804 Marcin Wiazowski working with Trend Micro Zero Day Initiative


CVE-2023-36803 - Windows Kernel Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-36803
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Kernel Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.


According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Sep-23    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-36803
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 1607 for 32-bit Systems 5030213 (Security Update) Important Information Disclosure 5029242 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows 10 Version 1607 for x64-based Systems 5030213 (Security Update) Important Information Disclosure 5029242 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows 10 Version 1809 for 32-bit Systems 5030214 (Security Update) Important Information Disclosure 5029247 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5030214 (Security Update) Important Information Disclosure 5029247 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 1809 for x64-based Systems 5030214 (Security Update) Important Information Disclosure 5029247 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5030211 (Security Update) Important Information Disclosure 5029244 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5030211 (Security Update) Important Information Disclosure 5029244 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 21H2 for x64-based Systems 5030211 (Security Update) Important Information Disclosure 5029244 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19044.3448 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5030211 (Security Update) Important Information Disclosure 5029244 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5030211 (Security Update) Important Information Disclosure 5029244 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 10 Version 22H2 for x64-based Systems 5030211 (Security Update) Important Information Disclosure 5029244 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19045.3448 Yes None
Windows 11 version 21H2 for ARM64-based Systems 5030217 (Security Update) Important Information Disclosure 5029253 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 version 21H2 for x64-based Systems 5030217 (Security Update) Important Information Disclosure 5029253 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22000.2416 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5030219 (Security Update) Important Information Disclosure 5029263 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows 11 Version 22H2 for x64-based Systems 5030219 (Security Update) Important Information Disclosure 5029263 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22621.2275 Yes None
Windows Server 2016 5030213 (Security Update) Important Information Disclosure 5029242 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2016 (Server Core installation) 5030213 (Security Update) Important Information Disclosure 5029242 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.6252 Yes None
Windows Server 2019 5030214 (Security Update) Important Information Disclosure 5029247 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2019 (Server Core installation) 5030214 (Security Update) Important Information Disclosure 5029247 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.4851 Yes None
Windows Server 2022 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Information Disclosure 5029250
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216
Windows Server 2022 (Server Core installation) 5030216 (Security Update)
5030325 (AzureHotpatch)
Important Information Disclosure 5029250
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.20348.1960
Yes 5030216

Acknowledgements

CVE ID Acknowledgements
CVE-2023-36803</