Microsoft CVE Summary

This report contains detail for the following vulnerabilities:

Tag CVE ID CVE Title
.NET and Visual Studio CVE-2023-21808 .NET and Visual Studio Remote Code Execution Vulnerability
.NET Framework CVE-2023-21722 .NET Framework Denial of Service Vulnerability
3D Builder CVE-2023-23390 3D Builder Remote Code Execution Vulnerability
3D Builder CVE-2023-23377 3D Builder Remote Code Execution Vulnerability
3D Builder CVE-2023-23378 Print 3D Remote Code Execution Vulnerability
Azure App Service CVE-2023-21777 Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability
Azure Data Box Gateway CVE-2023-21703 Azure Data Box Gateway Remote Code Execution Vulnerability
Azure DevOps CVE-2023-21564 Azure DevOps Server Cross-Site Scripting Vulnerability
Azure DevOps CVE-2023-21553 Azure DevOps Server Remote Code Execution Vulnerability
Azure Machine Learning CVE-2023-23382 Azure Machine Learning Compute Instance Information Disclosure Vulnerability
HoloLens CVE-2019-15126 MITRE: CVE-2019-15126 Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device
Internet Storage Name Service CVE-2023-21699 Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability
Internet Storage Name Service CVE-2023-21697 Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability
Mariner CVE-2022-43552 Unknown
Microsoft Defender for Endpoint CVE-2023-21809 Microsoft Defender for Endpoint Security Feature Bypass Vulnerability
Microsoft Defender for IoT CVE-2023-23379 Microsoft Defender for IoT Elevation of Privilege Vulnerability
Microsoft Dynamics CVE-2023-21807 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Microsoft Dynamics CVE-2023-21573 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Microsoft Dynamics CVE-2023-21571 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Microsoft Dynamics CVE-2023-21572 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Microsoft Dynamics CVE-2023-21778 Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability
Microsoft Dynamics CVE-2023-21570 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Microsoft Edge (Chromium-based) CVE-2023-23374 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) CVE-2023-21794 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) CVE-2023-21720 Microsoft Edge (Chromium-based) Tampering Vulnerability
Microsoft Exchange Server CVE-2023-21710 Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server CVE-2023-21707 Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server CVE-2023-21706 Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server CVE-2023-21529 Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2023-21804 Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2023-21823 Windows Graphics Component Remote Code Execution Vulnerability
Microsoft Office CVE-2023-21714 Microsoft Office Information Disclosure Vulnerability
Microsoft Office OneNote CVE-2023-21721 Microsoft OneNote Spoofing Vulnerability
Microsoft Office Publisher CVE-2023-21715 Microsoft Publisher Security Features Bypass Vulnerability
Microsoft Office SharePoint CVE-2023-21717 Microsoft SharePoint Server Elevation of Privilege Vulnerability
Microsoft Office Word CVE-2023-21716 Microsoft Word Remote Code Execution Vulnerability
Microsoft PostScript Printer Driver CVE-2023-21693 Microsoft PostScript Printer Driver Information Disclosure Vulnerability
Microsoft PostScript Printer Driver CVE-2023-21801 Microsoft PostScript Printer Driver Remote Code Execution Vulnerability
Microsoft PostScript Printer Driver CVE-2023-21684 Microsoft PostScript Printer Driver Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL CVE-2023-21686 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL CVE-2023-21685 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL CVE-2023-21799 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2023-21802 Windows Media Remote Code Execution Vulnerability
Power BI CVE-2023-21806 Power BI Report Server Spoofing Vulnerability
SQL Server CVE-2023-21713 Microsoft SQL Server Remote Code Execution Vulnerability
SQL Server CVE-2023-21718 Microsoft SQL ODBC Driver Remote Code Execution Vulnerability
SQL Server CVE-2023-21528 Microsoft SQL Server Remote Code Execution Vulnerability
SQL Server CVE-2023-21705 Microsoft SQL Server Remote Code Execution Vulnerability
SQL Server CVE-2023-21568 Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability
SQL Server CVE-2023-21704 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Visual Studio CVE-2023-21566 Visual Studio Elevation of Privilege Vulnerability
Visual Studio CVE-2023-21815 Visual Studio Remote Code Execution Vulnerability
Visual Studio CVE-2023-23381 Visual Studio Remote Code Execution Vulnerability
Visual Studio CVE-2023-21567 Visual Studio Denial of Service Vulnerability
Windows Active Directory CVE-2023-21816 Windows Active Directory Domain Services API Denial of Service Vulnerability
Windows ALPC CVE-2023-21688 NT OS Kernel Elevation of Privilege Vulnerability
Windows Common Log File System Driver CVE-2023-23376 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Common Log File System Driver CVE-2023-21812 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Cryptographic Services CVE-2023-21813 Windows Secure Channel Denial of Service Vulnerability
Windows Cryptographic Services CVE-2023-21819 Windows Secure Channel Denial of Service Vulnerability
Windows Distributed File System (DFS) CVE-2023-21820 Windows Distributed File System (DFS) Remote Code Execution Vulnerability
Windows Fax and Scan Service CVE-2023-21694 Windows Fax Service Remote Code Execution Vulnerability
Windows HTTP.sys CVE-2023-21687 HTTP.sys Information Disclosure Vulnerability
Windows Installer CVE-2023-21800 Windows Installer Elevation of Privilege Vulnerability
Windows iSCSI CVE-2023-21803 Windows iSCSI Discovery Service Remote Code Execution Vulnerability
Windows iSCSI CVE-2023-21700 Windows iSCSI Discovery Service Denial of Service Vulnerability
Windows iSCSI CVE-2023-21702 Windows iSCSI Service Denial of Service Vulnerability
Windows iSCSI CVE-2023-21811 Windows iSCSI Service Denial of Service Vulnerability
Windows Kerberos CVE-2023-21817 Windows Kerberos Elevation of Privilege Vulnerability
Windows MSHTML Platform CVE-2023-21805 Windows MSHTML Platform Remote Code Execution Vulnerability
Windows ODBC Driver CVE-2023-21797 Microsoft ODBC Driver Remote Code Execution Vulnerability
Windows ODBC Driver CVE-2023-21798 Microsoft ODBC Driver Remote Code Execution Vulnerability
Windows Protected EAP (PEAP) CVE-2023-21695 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
Windows Protected EAP (PEAP) CVE-2023-21701 Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability
Windows Protected EAP (PEAP) CVE-2023-21692 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
Windows Protected EAP (PEAP) CVE-2023-21691 Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability
Windows Protected EAP (PEAP) CVE-2023-21690 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
Windows Protected EAP (PEAP) CVE-2023-21689 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
Windows SChannel CVE-2023-21818 Windows Secure Channel Denial of Service Vulnerability
Windows Win32K CVE-2023-21822 Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2023-21528 - Microsoft SQL Server Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21528
MITRE
NVD
CVE Title: Microsoft SQL Server Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?

  • First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185 - How to determine the version, edition, and update level of SQL Server and its components.
  • Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.

Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.

Update number Title Apply if current product version is… This security update also includes servicing releases up through…
5021522 Security update for SQL Server 2022 RTM+GDR (Feb 2023) 16.0.1000.6 N/A
5021124 Security update for SQL Server 2019 CU18+GDR (Feb 2023) 15.0.4003.23 - 15.0.4261.1 KB 5017593 – SQL2019 RTM CU18
5021125 Security update for SQL Server 2019 RTM+GDR (Feb 2023) 15.0.2000.5 - 15.0.2095.3 KB 5014356 - Previous SQL2019 RTM GDR
5021126 Security update for SQL Server 2017 CU31+GDR (Feb 2023) 14.0.3006.16 - 14.0.3456.2 KB 5016884 – SQL2017 RTM CU31
5021127 Security update forSQL Server 2017 RTM+GDR (Feb 2023) 14.0.1000.169 - 14.0.2042.3 KB 5014354 - Previous SQL2017 RTM GDR
5021128 Security update for SQL Server 2016 SP3 Azure Connect Feature Pack+GDR (Feb 2023) 13.0.7000.253 - 13.0.7016.1 KB 5015371 - Previous Azure Connect Feature Pack GDR
5021129 Security update for SQL Server 2016 SP3+GDR (Feb 2023) 13.0.6300.2 - 13.0.6419.1 KB 5014355 - Previous SQL2016 SP3 GDR
5021045 Security update for SQL Server 2014 SP3 CU4+GDR (Feb 2023) 12.0.6205.1 - 12.0.6439.10 KB 5014164 – SQL2014 SP3 CU4
5021037 Security update for SQL Server 2014 SP3+GDR (Feb 2023) 12.0.6024.0 - 12.0.6169.19 KB 5014165 - Previous SQL2014 SP3 GDR

What are the GDR and CU update designations and how do they differ?

The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.

  • GDR updates – cumulatively only contain security updates for the given baseline.
  • CU updates – cumulatively contain all functional fixes and security updates for the given baseline.

For any given baseline, either the GDR or CU updates could be options (see below).

  • If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.
  • If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.
  • If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.

Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.

Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?

Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21528
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4) 5021045 (Security Update) Important Remote Code Execution 5014164 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR) 5021037 (Security Update) Important Remote Code Execution 5014165 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4) 5021045 (Security Update) Important Remote Code Execution 5014164 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR) 5021037 (Security Update) Important Remote Code Execution 5014165 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) 5021129 (Security Update) Important Remote Code Execution 5014355 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connectivity Pack 5021128 (Security Update) Important Remote Code Execution 5015371 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2017 for x64-based Systems (CU 31) 5021126 (Security Update) Important Remote Code Execution 5014553 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2017 for x64-based Systems (GDR) 5021127 (Security Update) Important Remote Code Execution 5014354 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2019 for x64-based Systems (CU 18) 5021124 (Security Update) Important Remote Code Execution 5014353 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2019 for x64-based Systems (GDR) 5021125 (Security Update) Important Remote Code Execution 5014356 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2022 for x64-based Systems (GDR) 5021522 (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21528 Nicolas Joly of MSRC


CVE-2023-21684 - Microsoft PostScript Printer Driver Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21684
MITRE
NVD
CVE Title: Microsoft PostScript Printer Driver Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

How could an attacker exploit this vulnerability?

An authenticated attacker could send a specially crafted file to a shared printer. This could result in arbitrary code execution on the system that is sharing the printer.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21684
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5022858 (Security Update) Important Remote Code Execution 5022297 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5022858 (Security Update) Important Remote Code Execution 5022297 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5022838 (Security Update) Important Remote Code Execution 5022289 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5022838 (Security Update) Important Remote Code Execution 5022289 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5022840 (Security Update) Important Remote Code Execution 5022286
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5022840 (Security Update) Important Remote Code Execution 5022286
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5022840 (Security Update) Important Remote Code Execution 5022286
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5022834 (Security Update) Important Remote Code Execution 5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5022834 (Security Update) Important Remote Code Execution 5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5022834 (Security Update) Important Remote Code Execution 5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for 32-bit Systems 5022834 (Security Update) Important Remote Code Execution
5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for ARM64-based Systems 5022834 (Security Update) Important Remote Code Execution
5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for x64-based Systems 5022834 (Security Update) Important Remote Code Execution
5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 22H2 for 32-bit Systems 5022834 (Security Update) Important Remote Code Execution
5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 22H2 for ARM64-based Systems 5022834 (Security Update) Important Remote Code Execution
5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 22H2 for x64-based Systems 5022834 (Security Update) Important Remote Code Execution
5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 version 21H2 for ARM64-based Systems 5022836 (Security Update) Important Remote Code Execution 5022287 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 version 21H2 for x64-based Systems 5022836 (Security Update) Important Remote Code Execution 5022287 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 Version 22H2 for ARM64-based Systems 5022845 (Security Update) Important Remote Code Execution 5022303
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 Version 22H2 for x64-based Systems 5022845 (Security Update) Important Remote Code Execution 5022303
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5022890 (Monthly Rollup)
5022893 (Security Only)
Important Remote Code Execution 5022340
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5022890 (Monthly Rollup)
5022893 (Security Only)
Important Remote Code Execution 5022340
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5022890 (Monthly Rollup)
5022893 (Security Only)
Important Remote Code Execution 5022340
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5022890 (Monthly Rollup)
5022893 (Security Only)
Important Remote Code Execution 5022340
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5022872 (Monthly Rollup)
5022874 (Security Only)
Important Remote Code Execution 5022338
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5022872 (Monthly Rollup)
5022874 (Security Only)
Important Remote Code Execution 5022338
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5022903 (Monthly Rollup)
5022895 (Security Only)
Important Remote Code Execution 5022348
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5022903 (Monthly Rollup)
5022895 (Security Only)
Important Remote Code Execution 5022348
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5022899 (Monthly Rollup)
5022894 (Security Only)
Important Remote Code Execution 5022352
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5022899 (Monthly Rollup)
5022894 (Security Only)
Important Remote Code Execution 5022352
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5022838 (Security Update) Important Remote Code Execution 5022289 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5022838 (Security Update) Important Remote Code Execution 5022289 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5022840 (Security Update) Important Remote Code Execution 5022286
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5022840 (Security Update) Important Remote Code Execution 5022286
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5022842 (Security Update) Important Remote Code Execution 5022291
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5022842 (Security Update) Important Remote Code Execution 5022291
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21684 kap0k


CVE-2023-21777 - Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21777
MITRE
NVD
CVE Title: Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 8.7/7.6
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityLow
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metrics, the attack vector is local (AV:L) and privilege required is low (PR:L). What does that mean for this vulnerability?

An attacker must have access to the targeted worker role and the ability to deploy a malicious application within the worker. The attack itself is carried out locally on the worker role where a malicious application has been deployed.


According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

This vulnerability could lead to the attacker gaining the ability to interact with other tenant’s applications and content.


According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) and major loss of integrity (I:H) but have low effect on availability (A:L). What does that mean for this vulnerability?

Exploiting this vulnerability could enable an attacker with the ability to access and modify content of a targeted application or workload leading to major loss of confidentiality and integrity. The attacker cannot fully deny service availability across all infrastructure, hence low effect on availability.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21777
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Azure App Service on Azure Stack Hub Release Notes (App Service Installer) Important Elevation of Privilege None Base: 8.7
Temporal: 7.6
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21777 Denis Faiustov


Ruslan Sayfiev


CVE-2023-21778 - Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21778
MITRE
NVD
CVE Title: Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 8.3/7.2
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

Exploitation of the vulnerability requires that a user open a specially crafted file.

  • In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
  • In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.

An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.


According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

In this case, the attack is carried over the webpage but it compromises the web server running the page. In addition, the attacker might be able to call victim's local files in the Resources directory and execute Windows commands that are outside of the Dynamics application.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.


According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

The attacker must be authenticated to be able to exploit this vulnerability.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21778
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Dynamics 365 Unified Service Desk Important Remote Code Execution None Base: 8.3
Temporal: 7.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Unknown

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21778 Erik Donker with Vattenfall


Erik Donker


CVE-2023-21794 - Microsoft Edge (Chromium-based) Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21794
MITRE
NVD
CVE Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS:

CVSS:3.1 4.3/3.9
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityLow
AvailabilityNone
Temporal score metrics
Exploit Code MaturityProof-of-Concept
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would have to click on a specially crafted URL to be compromised by the attacker.


According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?

The user would need to access the URL of the malicious website, which could spoof the content of a legitimate website, and then click a popup displayed on that site.


What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
110.0.1587.41 2/9/2023 110.0.5481.78

Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-09T08:00:00    

Information published.


Low Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21794
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Low Spoofing None Base: 4.3
Temporal: 3.9
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21794 Anonymous


CVE-2023-21806 - Power BI Report Server Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21806
MITRE
NVD
CVE Title: Power BI Report Server Spoofing Vulnerability
CVSS:

CVSS:3.1 8.2/7.1
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeChanged
ConfidentialityHigh
IntegrityLow
AvailabilityLow
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

An attacker would have to send the victim a malicious file that the victim would have to execute.


According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

The attacker must have permissions to access the target domain environment to be able to exploit this vulnerability


According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability?

There could be a loss of confidentiality if an unaware user clicked on a popup therefore creating an opportunity for an attacker to retrieve cookies or present the user with a dialog box to enter user credentials.


According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability?

The attacker cannot fully deny service availability across all infrastructure, hence low effect on availability.


According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?

An attacker could modify the contents of a reports file creating the potential opportunity for Java Script to be run as part of the Spoofing vulnerability.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21806
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Power BI Report Server - January 2023 5023884 (Security Update) Important Spoofing None Base: 8.2
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21806 Steffen Langenfeld and Sebastian Biehler


CVE-2023-21807 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21807
MITRE
NVD
CVE Title: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS:

CVSS:3.1 5.8/5.1
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredLow
User InteractionRequired
ScopeChanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would have to click on a specially crafted URL to be compromised by the attacker.


According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.


According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21807
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Dynamics 365 (on-premises) version 9.0 5022994 (Security Update) Important Spoofing None Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
Maybe
Microsoft Dynamics 365 (on-premises) version 9.1 5023001 (Security Update) Important Spoofing None Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21807 batram


CVE-2023-21704 - Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21704
MITRE
NVD
CVE Title: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?

  • First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185 - How to determine the version, edition, and update level of SQL Server and its components.
  • Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.

Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.

Update number Title Apply if current product version is… This security update also includes servicing releases up through…
5021522 Security update for SQL Server 2022 RTM+GDR (Feb 2023) 16.0.1000.6 N/A
5021124 Security update for SQL Server 2019 CU18+GDR (Feb 2023) 15.0.4003.23 - 15.0.4261.1 KB 5017593 – SQL2019 RTM CU18
5021125 Security update for SQL Server 2019 RTM+GDR (Feb 2023) 15.0.2000.5 - 15.0.2095.3 KB 5014356 - Previous SQL2019 RTM GDR
5021126 Security update for SQL Server 2017 CU31+GDR (Feb 2023) 14.0.3006.16 - 14.0.3456.2 KB 5016884 – SQL2017 RTM CU31
5021127 Security update forSQL Server 2017 RTM+GDR (Feb 2023) 14.0.1000.169 - 14.0.2042.3 KB 5014354 - Previous SQL2017 RTM GDR
5021128 Security update for SQL Server 2016 SP3 Azure Connect Feature Pack+GDR (Feb 2023) 13.0.7000.253 - 13.0.7016.1 KB 5015371 - Previous Azure Connect Feature Pack GDR
5021129 Security update for SQL Server 2016 SP3+GDR (Feb 2023) 13.0.6300.2 - 13.0.6419.1 KB 5014355 - Previous SQL2016 SP3 GDR
5021045 Security update for SQL Server 2014 SP3 CU4+GDR (Feb 2023) 12.0.6205.1 - 12.0.6439.10 KB 5014164 – SQL2014 SP3 CU4
5021037 Security update for SQL Server 2014 SP3+GDR (Feb 2023) 12.0.6024.0 - 12.0.6169.19 KB 5014165 - Previous SQL2014 SP3 GDR

What are the GDR and CU update designations and how do they differ?

The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.

  • GDR updates – cumulatively only contain security updates for the given baseline.
  • CU updates – cumulatively contain all functional fixes and security updates for the given baseline.

For any given baseline, either the GDR or CU updates could be options (see below).

  • If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.
  • If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.
  • If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.

Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.

Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?

Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.


How could an attacker exploit this vulnerability?

An attacker could exploit the vulnerability by tricking an un-authenticated user into attempting to connect to a malicious SQL server database via ODBC. This could result in the database returning malicious data that might cause arbitrary code execution on the client.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21704
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4) 5021045 (Security Update) Important Remote Code Execution 5014164 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR) 5021037 (Security Update) Important Remote Code Execution 5014165 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4) 5021045 (Security Update) Important Remote Code Execution 5014164 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR) 5021037 (Security Update) Important Remote Code Execution 5014165 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) 5021129 (Security Update) Important Remote Code Execution 5014355 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connectivity Pack 5021128 (Security Update) Important Remote Code Execution 5015371 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2017 for x64-based Systems (CU 31) 5021126 (Security Update) Important Remote Code Execution 5014553 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2017 for x64-based Systems (GDR) 5021127 (Security Update) Important Remote Code Execution 5014354 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2019 for x64-based Systems (CU 18) 5021124 (Security Update) Important Remote Code Execution 5014353 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2019 for x64-based Systems (GDR) 5021125 (Security Update) Important Remote Code Execution 5014356 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2022 for x64-based Systems (GDR) 5021522 (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21704 hexb1n


CVE-2023-21705 - Microsoft SQL Server Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21705
MITRE
NVD
CVE Title: Microsoft SQL Server Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.


According to the CVSS metric, the attack vector is network (AV:N), and privilege required is low (PR:L). What is the target used in the context of the remote code execution?

The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.

The privilege requirement is low because the attacker needs to be authenticated as a normal user.


There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?

  • First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185 - How to determine the version, edition, and update level of SQL Server and its components.
  • Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.

Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.

Update number Title Apply if current product version is… This security update also includes servicing releases up through…
5021522 Security update for SQL Server 2022 RTM+GDR (Feb 2023) 16.0.1000.6 N/A
5021124 Security update for SQL Server 2019 CU18+GDR (Feb 2023) 15.0.4003.23 - 15.0.4261.1 KB 5017593 – SQL2019 RTM CU18
5021125 Security update for SQL Server 2019 RTM+GDR (Feb 2023) 15.0.2000.5 - 15.0.2095.3 KB 5014356 - Previous SQL2019 RTM GDR
5021126 Security update for SQL Server 2017 CU31+GDR (Feb 2023) 14.0.3006.16 - 14.0.3456.2 KB 5016884 – SQL2017 RTM CU31
5021127 Security update forSQL Server 2017 RTM+GDR (Feb 2023) 14.0.1000.169 - 14.0.2042.3 KB 5014354 - Previous SQL2017 RTM GDR
5021128 Security update for SQL Server 2016 SP3 Azure Connect Feature Pack+GDR (Feb 2023) 13.0.7000.253 - 13.0.7016.1 KB 5015371 - Previous Azure Connect Feature Pack GDR
5021129 Security update for SQL Server 2016 SP3+GDR (Feb 2023) 13.0.6300.2 - 13.0.6419.1 KB 5014355 - Previous SQL2016 SP3 GDR
5021045 Security update for SQL Server 2014 SP3 CU4+GDR (Feb 2023) 12.0.6205.1 - 12.0.6439.10 KB 5014164 – SQL2014 SP3 CU4
5021037 Security update for SQL Server 2014 SP3+GDR (Feb 2023) 12.0.6024.0 - 12.0.6169.19 KB 5014165 - Previous SQL2014 SP3 GDR

What are the GDR and CU update designations and how do they differ?

The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.

  • GDR updates – cumulatively only contain security updates for the given baseline.
  • CU updates – cumulatively contain all functional fixes and security updates for the given baseline.

For any given baseline, either the GDR or CU updates could be options (see below).

  • If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.
  • If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.
  • If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.

Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.

Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?

Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.


Mitigations:

Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21705
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4) 5021045 (Security Update) Important Remote Code Execution 5014164 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR) 5021037 (Security Update) Important Remote Code Execution 5014165 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4) 5021045 (Security Update) Important Remote Code Execution 5014164 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR) 5021037 (Security Update) Important Remote Code Execution 5014165 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) 5021129 (Security Update) Important Remote Code Execution 5014355 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connectivity Pack 5021128 (Security Update) Important Remote Code Execution 5015371 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2017 for x64-based Systems (CU 31) 5021126 (Security Update) Important Remote Code Execution 5014553 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2017 for x64-based Systems (GDR) 5021127 (Security Update) Important Remote Code Execution 5014354 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2019 for x64-based Systems (CU 18) 5021124 (Security Update) Important Remote Code Execution 5014353 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2019 for x64-based Systems (GDR) 5021125 (Security Update) Important Remote Code Execution 5014356 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2022 for x64-based Systems (GDR) 5021522 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21705 Andrew Ruddick with Microsoft Security Response Center


CVE-2023-21706 - Microsoft Exchange Server Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21706
MITRE
NVD
CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?

Yes, the attacker must be authenticated.


According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is none (UI:N). What is the target used in the context of the remote code execution?

The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21706
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Exchange Server 2013 Cumulative Update 23 5023038 (Security Update) Important Remote Code Execution 5019758 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Microsoft Exchange Server 2016 Cumulative Update 23 5023038 (Security Update) Important Remote Code Execution 5019758 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Microsoft Exchange Server 2019 Cumulative Update 11 5023038 (Security Update) Important Remote Code Execution 5019758 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Microsoft Exchange Server 2019 Cumulative Update 12 5023038 (Security Update) Important Remote Code Execution 5019758 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21706 zcgonvh with 360 noah lab


CVE-2023-21707 - Microsoft Exchange Server Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21707
MITRE
NVD
CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?

Yes, the attacker must be authenticated.


According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is none (UI:N). What is the target used in the context of the remote code execution?

The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21707
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Exchange Server 2013 Cumulative Update 23 5023038 (Security Update) Important Remote Code Execution 5019758 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Microsoft Exchange Server 2016 Cumulative Update 23 5023038 (Security Update) Important Remote Code Execution 5019758 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Microsoft Exchange Server 2019 Cumulative Update 11 5023038 (Security Update) Important Remote Code Execution 5019758 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Microsoft Exchange Server 2019 Cumulative Update 12 5023038 (Security Update) Important Remote Code Execution 5019758 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21707 Nguyễn Tiến Giang (Jang) with STAR Labs SG Pte. Ltd.


CVE-2023-21718 - Microsoft SQL ODBC Driver Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21718
MITRE
NVD
CVE Title: Microsoft SQL ODBC Driver Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?

  • First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185 - How to determine the version, edition, and update level of SQL Server and its components.
  • Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.

Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.

Update number Title Apply if current product version is… This security update also includes servicing releases up through…
5021522 Security update for SQL Server 2022 RTM+GDR (Feb 2023) 16.0.1000.6 N/A
5021124 Security update for SQL Server 2019 CU18+GDR (Feb 2023) 15.0.4003.23 - 15.0.4261.1 KB 5017593 – SQL2019 RTM CU18
5021125 Security update for SQL Server 2019 RTM+GDR (Feb 2023) 15.0.2000.5 - 15.0.2095.3 KB 5014356 - Previous SQL2019 RTM GDR
5021126 Security update for SQL Server 2017 CU31+GDR (Feb 2023) 14.0.3006.16 - 14.0.3456.2 KB 5016884 – SQL2017 RTM CU31
5021127 Security update forSQL Server 2017 RTM+GDR (Feb 2023) 14.0.1000.169 - 14.0.2042.3 KB 5014354 - Previous SQL2017 RTM GDR
5021128 Security update for SQL Server 2016 SP3 Azure Connect Feature Pack+GDR (Feb 2023) 13.0.7000.253 - 13.0.7016.1 KB 5015371 - Previous Azure Connect Feature Pack GDR
5021129 Security update for SQL Server 2016 SP3+GDR (Feb 2023) 13.0.6300.2 - 13.0.6419.1 KB 5014355 - Previous SQL2016 SP3 GDR
5021045 Security update for SQL Server 2014 SP3 CU4+GDR (Feb 2023) 12.0.6205.1 - 12.0.6439.10 KB 5014164 – SQL2014 SP3 CU4
5021037 Security update for SQL Server 2014 SP3+GDR (Feb 2023) 12.0.6024.0 - 12.0.6169.19 KB 5014165 - Previous SQL2014 SP3 GDR

What are the GDR and CU update designations and how do they differ?

The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.

  • GDR updates – cumulatively only contain security updates for the given baseline.
  • CU updates – cumulatively contain all functional fixes and security updates for the given baseline.

For any given baseline, either the GDR or CU updates could be options (see below).

  • If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.
  • If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.
  • If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.

Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.

Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?

Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.


How could an attacker exploit this vulnerability?

An attacker could exploit the vulnerability by tricking an un-authenticated user into attempting to connect to a malicious SQL server database via ODBC. This could result in the database returning malicious data that might cause arbitrary code execution on the client.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21718
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4) 5021045 (Security Update) Critical Remote Code Execution 5014164 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR) 5021037 (Security Update) Critical Remote Code Execution 5014165 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4) 5021045 (Security Update) Critical Remote Code Execution 5014164 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR) 5021037 (Security Update) Critical Remote Code Execution 5014165 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) 5021129 (Security Update) Critical Remote Code Execution 5014355 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connectivity Pack 5021128 (Security Update) Critical Remote Code Execution 5015371 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2017 for x64-based Systems (CU 31) 5021126 (Security Update) Critical Remote Code Execution 5014553 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2017 for x64-based Systems (GDR) 5021127 (Security Update) Critical Remote Code Execution 5014354 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2019 for x64-based Systems (CU 18) 5021124 (Security Update) Critical Remote Code Execution 5014353 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2019 for x64-based Systems (GDR) 5021125 (Security Update) Critical Remote Code Execution 5014356 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2022 for x64-based Systems (GDR) 5021522 (Security Update) Critical Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21718 Anonymous


CVE-2023-21720 - Microsoft Edge (Chromium-based) Tampering Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21720
MITRE
NVD
CVE Title: Microsoft Edge (Chromium-based) Tampering Vulnerability
CVSS:

CVSS:3.1 5.3/4.8
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityProof-of-Concept
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.


Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal?

Per our severity guidelines, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, "If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded". The CVSS scoring system doesn't allow for this type of nuance.


How could an attacker exploit this vulnerability via the Network?

An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would have to click on a specially crafted URL to be compromised by the attacker.


According to the CVSS metric, successful exploitation of this vulnerability could lead to loss of availability (A:H)? What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires the user to click on a malicious URL or an embedded link in an email message which could lead to denial of service (DOS) or the Browser to crash.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-03T08:00:00    

Information published.


Low Tampering

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21720
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Low Tampering None Base: 5.3
Temporal: 4.8
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21720 William Brown with SUSE


CVE-2023-21721 - Microsoft OneNote Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21721
MITRE
NVD
CVE Title: Microsoft OneNote Spoofing Vulnerability
CVSS:

CVSS:3.1 6.5/5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.


How do I get the update for a Windows App?

The Microsoft Store will automatically update affected customers.

It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: Get updates for apps and games in Microsoft Store. Be sure to select the tab for the operating system installed on your device to search for updates.


According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of integrity (I:H)? What does that mean for this vulnerability?

An authenticated attacker could impersonate another user to perform actions.


How do I get the update for OneNote for Android?

Please reference How to update the Play Store & apps on Android - Google Play Help for guidance.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21721
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft OneNote for Android Release Notes (Security Update) Important Spoofing None Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21721 Dimitrios Valsamaras with Microsoft


CVE-2023-21566 - Visual Studio Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21566
MITRE
NVD
CVE Title: Visual Studio Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21566
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Visual Studio 2022 version 17.0 Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Visual Studio 2022 version 17.2 Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Visual Studio 2022 version 17.4 Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21566 Filip Dragovic with Infigo IS


CVE-2023-21567 - Visual Studio Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21567
MITRE
NVD
CVE Title: Visual Studio Denial of Service Vulnerability
CVSS:

CVSS:3.1 5.6/5.1
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityLow
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityProof-of-Concept
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

Exploitation of this vulnerability requires that a local user executes the Visual Studio installer


According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?

An attacker who successfully exploited this vulnerability could affect the integrity by is replacing one file with another.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21567
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Release Notes (Security Update) Important Denial of Service None Base: 5.6
Temporal: 5.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C
Maybe
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Release Notes (Security Update) Important Denial of Service None Base: 5.6
Temporal: 5.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C
Maybe
Microsoft Visual Studio 2022 version 17.0 Release Notes (Security Update) Important Denial of Service None Base: 5.6
Temporal: 5.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C
Maybe
Microsoft Visual Studio 2022 version 17.2 Release Notes (Security Update) Important Denial of Service None Base: 5.6
Temporal: 5.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C
Maybe
Microsoft Visual Studio 2022 version 17.4 Release Notes (Security Update) Important Denial of Service None Base: 5.6
Temporal: 5.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21567 ycdxsb with VARAS@IIE


CVE-2023-21568 - Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21568
MITRE
NVD
CVE Title: Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 7.3/6.4
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

An attacker must convince the user to open a file on a malicious SQL server.


There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?

  • First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185 - How to determine the version, edition, and update level of SQL Server and its components.
  • Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.

Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.

Update number Title Apply if current product version is… This security update also includes servicing releases up through…
5021522 Security update for SQL Server 2022 RTM+GDR (Feb 2023) 16.0.1000.6 N/A
5021124 Security update for SQL Server 2019 CU18+GDR (Feb 2023) 15.0.4003.23 - 15.0.4261.1 KB 5017593 – SQL2019 RTM CU18
5021125 Security update for SQL Server 2019 RTM+GDR (Feb 2023) 15.0.2000.5 - 15.0.2095.3 KB 5014356 - Previous SQL2019 RTM GDR
5021126 Security update for SQL Server 2017 CU31+GDR (Feb 2023) 14.0.3006.16 - 14.0.3456.2 KB 5016884 – SQL2017 RTM CU31
5021127 Security update forSQL Server 2017 RTM+GDR (Feb 2023) 14.0.1000.169 - 14.0.2042.3 KB 5014354 - Previous SQL2017 RTM GDR
5021128 Security update for SQL Server 2016 SP3 Azure Connect Feature Pack+GDR (Feb 2023) 13.0.7000.253 - 13.0.7016.1 KB 5015371 - Previous Azure Connect Feature Pack GDR
5021129 Security update for SQL Server 2016 SP3+GDR (Feb 2023) 13.0.6300.2 - 13.0.6419.1 KB 5014355 - Previous SQL2016 SP3 GDR
5021045 Security update for SQL Server 2014 SP3 CU4+GDR (Feb 2023) 12.0.6205.1 - 12.0.6439.10 KB 5014164 – SQL2014 SP3 CU4
5021037 Security update for SQL Server 2014 SP3+GDR (Feb 2023) 12.0.6024.0 - 12.0.6169.19 KB 5014165 - Previous SQL2014 SP3 GDR

What are the GDR and CU update designations and how do they differ?

The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.

  • GDR updates – cumulatively only contain security updates for the given baseline.
  • CU updates – cumulatively contain all functional fixes and security updates for the given baseline.

For any given baseline, either the GDR or CU updates could be options (see below).

  • If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.
  • If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.
  • If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.

Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.

Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?

Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21568
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4) 5021045 (Security Update) Important Remote Code Execution 5014164 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR) 5021037 (Security Update) Important Remote Code Execution 5014165 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4) 5021045 (Security Update) Important Remote Code Execution 5014164 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR) 5021037 (Security Update) Important Remote Code Execution 5014165 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) 5021129 (Security Update) Important Remote Code Execution 5014355 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connectivity Pack 5021128 (Security Update) Important Remote Code Execution 5015371 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2017 for x64-based Systems (CU 31) 5021126 (Security Update) Important Remote Code Execution 5014553 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2017 for x64-based Systems (GDR) 5021127 (Security Update) Important Remote Code Execution 5014354 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2019 for x64-based Systems (CU 18) 5021124 (Security Update) Important Remote Code Execution 5014353 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2019 for x64-based Systems (GDR) 5021125 (Security Update) Important Remote Code Execution 5014356 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft SQL Server 2022 for x64-based Systems (GDR) 5021522 (Security Update) Important Remote Code Execution None Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21568 Andrew Ruddick with Microsoft Security Response Center


CVE-2023-21570 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21570
MITRE
NVD
CVE Title: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS:

CVSS:3.1 5.4/4.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeChanged
ConfidentialityLow
IntegrityLow
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would have to click on a specially crafted URL to be compromised by the attacker.


According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.


According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.


According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?

Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker.


According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?

The user would need to access the URL of the malicious website, which could spoof the content of a legitimate website, and then click a popup displayed on that site.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21570
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Dynamics 365 (on-premises) version 9.0 5022994 (Security Update) Important Spoofing None Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
Maybe
Microsoft Dynamics 365 (on-premises) version 9.1 5023001 (Security Update) Important Spoofing None Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21570 batram


CVE-2023-21571 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21571
MITRE
NVD
CVE Title: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS:

CVSS:3.1 5.4/4.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeChanged
ConfidentialityLow
IntegrityLow
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.


According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would need to click on a specially crafted URL that could present a popup box requesting additional user input.


According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?

Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker.


According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?

The user would need to access the URL of the malicious website, which could spoof the content of a legitimate website, and then click a popup displayed on that site.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21571
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Dynamics 365 (on-premises) version 9.0 5022994 (Security Update) Important Spoofing None Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
Maybe
Microsoft Dynamics 365 (on-premises) version 9.1 5023001 (Security Update) Important Spoofing None Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21571 batram


CVE-2023-21572 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21572
MITRE
NVD
CVE Title: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS:

CVSS:3.1 6.5/5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeChanged
ConfidentialityLow
IntegrityLow
AvailabilityLow
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.


According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would need to click on a specially crafted URL that could present a popup box requesting additional user input.


According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?

Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker.


According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?

The user would need to access the URL of the malicious website, which could spoof the content of a legitimate website, and then click a popup displayed on that site.


According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability?

The attacker cannot fully deny service availability across all infrastructure, hence low effect on availability.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21572
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Dynamics 365 (on-premises) version 9.0 5022994 (Security Update) Important Spoofing None Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C
Maybe
Microsoft Dynamics 365 (on-premises) version 9.1 5023001 (Security Update) Important Spoofing None Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21572 batram


CVE-2023-21573 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21573
MITRE
NVD
CVE Title: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS:

CVSS:3.1 5.4/4.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeChanged
ConfidentialityLow
IntegrityLow
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.


According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would need to click on a specially crafted URL that could present a popup box requesting additional user input.


According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?

Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker.


According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?

The user would need to access the URL of the malicious website, which could spoof the content of a legitimate website, and then click a popup displayed on that site.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21573
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Dynamics 365 (on-premises) version 9.0 5022994 (Security Update) Important Spoofing None Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
Maybe
Microsoft Dynamics 365 (on-premises) version 9.1 5023001 (Security Update) Important Spoofing None Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21573 batram


CVE-2023-23374 - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-23374
MITRE
NVD
CVE Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 8.3/7.2
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

This vulnerability could lead to a browser sandbox escape.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.


Why is the severity for this CVE rated as Moderate, but the CVSS score is 8.3?

Per our severity guidelines, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity. The CVSS scoring system doesn't allow for this type of nuance.


How could an attacker exploit this vulnerability via the Network?

An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would need to click on a specially crafted URL that could present a popup box requesting additional user input.


What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
110.0.1587.41 2/9/2023 110.0.5481.78

Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-09T08:00:00    

Information published.


Moderate Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-23374
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge for Android Release Notes (Security Update) Moderate Remote Code Execution None Base: 8.3
Temporal: 7.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2023-23374 Anonymous


CVE-2023-23378 - Print 3D Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-23378
MITRE
NVD
CVE Title: Print 3D Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 7.8/7.1
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelUnavailable
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

An attacker must send the user a malicious file and convince the user to open said file.


Where do I find the update for Print 3D?

Microsoft is not planning on fixing this vulnerability in Print 3D as the app has been deprecated along with Windows 10 version 1903. The deprecation was announced here: https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features Microsoft recommends upgrading to the 3D Builder app.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-23378
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Print 3D More Information (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2023-23378 Mat Powell of Trend Micro Zero Day Initiative


CVE-2023-23379 - Microsoft Defender for IoT Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-23379
MITRE
NVD
CVE Title: Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 6.4/5.6
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could gain administrator privileges.


What is the action required to take the update?

You need to update to the latest Microsoft Defender for IoT software version. See the Update the software version section of Manage the on-premises management console.

What is Microsoft Defender for IoT?

Microsoft Defender for IoT is a unified security solution for identifying IoT/OT devices, vulnerabilities, and threats. It enables you to secure your entire IoT/OT environment, whether you need to protect existing IoT/OT devices or build security into new IoT innovations. See Microsoft Defender for IoT for more information.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-23379
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Defender for IoT Release Notes (Security Update) Important Elevation of Privilege None Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2023-23379 Yiming Xiang with NSFOCUS TIANJI LAB


CVE-2023-23382 - Azure Machine Learning Compute Instance Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-23382
MITRE
NVD
CVE Title: Azure Machine Learning Compute Instance Information Disclosure Vulnerability
CVSS:

CVSS:3.1 6.5/5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

How do I check my Azure Machine Learning Compute Instance runtime version?

To determine your runtime version, make a GET compute rest API call for your compute instance, then check the response. You can find the runtime version from field *versions.runtime. *

Please view additional details here: https://learn.microsoft.com/en-us/rest/api/azureml/2022-10-01/compute/get?tabs=HTTP

How do I update my Azure Machine Learning Compute Instance runtime version?

Please reference the guidacne provided here: https://learn.microsoft.com/en-us/rest/api/azureml/2022-10-01/compute/update?tabs=HTTP


What type of information could be disclosed by this vulnerability?

An attacker that successfully exploited this vulnerability could recover cleartext passwords from error logs.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-23382
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Azure Machine Learning Release Notes (Security Update) Important Information Disclosure None Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2023-23382 Nitesh Surana (@_niteshsurana) of Project Nebula Trend Micro Zero Day Initiative


CVE-2023-21529 - Microsoft Exchange Server Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21529
MITRE
NVD
CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?

Yes, the attacker must be authenticated.


According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is none (UI:N). What is the target used in the context of the remote code execution?

The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21529
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Exchange Server 2013 Cumulative Update 23 5023038 (Security Update) Important Remote Code Execution 5019758 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Microsoft Exchange Server 2016 Cumulative Update 23 5023038 (Security Update) Important Remote Code Execution 5019758 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Microsoft Exchange Server 2019 Cumulative Update 11 5023038 (Security Update) Important Remote Code Execution 5019758 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Microsoft Exchange Server 2019 Cumulative Update 12 5023038 (Security Update) Important Remote Code Execution 5019758 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21529 Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative


Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative


zcgonvh with 360 noah lab


CVE-2023-21553 - Azure DevOps Server Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21553
MITRE
NVD
CVE Title: Azure DevOps Server Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 7.5/6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack vector is network (AV:N), user interaction is none (UI:N), and privilege required is low (PR:L). What is the target used in the context of the remote code execution?

The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.

The privilege requirement is low because the attack needs to have only Run access to the pipeline.

Azure DevOps server is not bound to any network stack or protocol. Communication is on the TCP/IP level and this allows to communicate over the Internet.


According to the CVSS metric, the attack complexity is high (AC:H). What does this mean for this vulnerability?

Owning an affected domain is not enough to run the attack. For a successful attacker the appropriate variable must be used in the pipeline, and not every pipeline is vulnerable.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21553
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Azure DevOps Server 2020.1.2 Release Notes (Security Update) Important Remote Code Execution None Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21553 Legit Security (LinkedIn) with Legit Security


CVE-2023-21797 - Microsoft ODBC Driver Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21797
MITRE
NVD
CVE Title: Microsoft ODBC Driver Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

How could an attacker exploit this vulnerability?

An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21797
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5022858 (Security Update) Important Remote Code Execution 5022297 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5022858 (Security Update) Important Remote Code Execution 5022297 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5022838 (Security Update) Important Remote Code Execution 5022289 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5022838 (Security Update) Important Remote Code Execution 5022289 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5022840 (Security Update) Important Remote Code Execution 5022286
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5022840 (Security Update) Important Remote Code Execution 5022286
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5022840 (Security Update) Important Remote Code Execution 5022286
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5022834 (Security Update) Important Remote Code Execution 5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5022834 (Security Update) Important Remote Code Execution 5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5022834 (Security Update) Important Remote Code Execution 5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for 32-bit Systems 5022834 (Security Update) Important Remote Code Execution
5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for ARM64-based Systems 5022834 (Security Update) Important Remote Code Execution
5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for x64-based Systems 5022834 (Security Update) Important Remote Code Execution
5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 22H2 for 32-bit Systems 5022834 (Security Update) Important Remote Code Execution
5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 22H2 for ARM64-based Systems 5022834 (Security Update) Important Remote Code Execution
5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 22H2 for x64-based Systems 5022834 (Security Update) Important Remote Code Execution
5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 version 21H2 for ARM64-based Systems 5022836 (Security Update) Important Remote Code Execution 5022287 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 version 21H2 for x64-based Systems 5022836 (Security Update) Important Remote Code Execution 5022287 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 Version 22H2 for ARM64-based Systems 5022845 (Security Update) Important Remote Code Execution 5022303
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 Version 22H2 for x64-based Systems 5022845 (Security Update) Important Remote Code Execution 5022303
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5022890 (Monthly Rollup)
5022893 (Security Only)
Important Remote Code Execution 5022340
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5022890 (Monthly Rollup)
5022893 (Security Only)
Important Remote Code Execution 5022340
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5022890 (Monthly Rollup)
5022893 (Security Only)
Important Remote Code Execution 5022340
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5022890 (Monthly Rollup)
5022893 (Security Only)
Important Remote Code Execution 5022340
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5022872 (Monthly Rollup)
5022874 (Security Only)
Important Remote Code Execution 5022338
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5022872 (Monthly Rollup)
5022874 (Security Only)
Important Remote Code Execution 5022338
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5022903 (Monthly Rollup)
5022895 (Security Only)
Important Remote Code Execution 5022348
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5022903 (Monthly Rollup)
5022895 (Security Only)
Important Remote Code Execution 5022348
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5022899 (Monthly Rollup)
5022894 (Security Only)
Important Remote Code Execution 5022352
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5022899 (Monthly Rollup)
5022894 (Security Only)
Important Remote Code Execution 5022352
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5022838 (Security Update) Important Remote Code Execution 5022289 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5022838 (Security Update) Important Remote Code Execution 5022289 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5022840 (Security Update) Important Remote Code Execution 5022286
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5022840 (Security Update) Important Remote Code Execution 5022286
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5022842 (Security Update) Important Remote Code Execution 5022291
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5022842 (Security Update) Important Remote Code Execution 5022291
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21797 Anonymous


CVE-2023-21798 - Microsoft ODBC Driver Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21798
MITRE
NVD
CVE Title: Microsoft ODBC Driver Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

How could an attacker exploit this vulnerability?

An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21798
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5022858 (Security Update) Important Remote Code Execution 5022297 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5022858 (Security Update) Important Remote Code Execution 5022297 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5022838 (Security Update) Important Remote Code Execution 5022289 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5022838 (Security Update) Important Remote Code Execution 5022289 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5022840 (Security Update) Important Remote Code Execution 5022286
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5022840 (Security Update) Important Remote Code Execution 5022286
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5022840 (Security Update) Important Remote Code Execution 5022286
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5022834 (Security Update) Important Remote Code Execution 5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5022834 (Security Update) Important Remote Code Execution 5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5022834 (Security Update) Important Remote Code Execution 5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for 32-bit Systems 5022834 (Security Update) Important Remote Code Execution
5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for ARM64-based Systems 5022834 (Security Update) Important Remote Code Execution
5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for x64-based Systems 5022834 (Security Update) Important Remote Code Execution
5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 22H2 for 32-bit Systems 5022834 (Security Update) Important Remote Code Execution
5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 22H2 for ARM64-based Systems 5022834 (Security Update) Important Remote Code Execution
5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 22H2 for x64-based Systems 5022834 (Security Update) Important Remote Code Execution
5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 version 21H2 for ARM64-based Systems 5022836 (Security Update) Important Remote Code Execution 5022287 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 version 21H2 for x64-based Systems 5022836 (Security Update) Important Remote Code Execution 5022287 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 Version 22H2 for ARM64-based Systems 5022845 (Security Update) Important Remote Code Execution 5022303
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 Version 22H2 for x64-based Systems 5022845 (Security Update) Important Remote Code Execution 5022303
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5022890 (Monthly Rollup)
5022893 (Security Only)
Important Remote Code Execution 5022340
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5022890 (Monthly Rollup)
5022893 (Security Only)
Important Remote Code Execution 5022340
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5022890 (Monthly Rollup)
5022893 (Security Only)
Important Remote Code Execution 5022340
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5022890 (Monthly Rollup)
5022893 (Security Only)
Important Remote Code Execution 5022340
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5022872 (Monthly Rollup)
5022874 (Security Only)
Important Remote Code Execution 5022338
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5022872 (Monthly Rollup)
5022874 (Security Only)
Important Remote Code Execution 5022338
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5022903 (Monthly Rollup)
5022895 (Security Only)
Important Remote Code Execution 5022348
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5022903 (Monthly Rollup)
5022895 (Security Only)
Important Remote Code Execution 5022348
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5022899 (Monthly Rollup)
5022894 (Security Only)
Important Remote Code Execution 5022352
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5022899 (Monthly Rollup)
5022894 (Security Only)
Important Remote Code Execution 5022352
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5022838 (Security Update) Important Remote Code Execution 5022289 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5022838 (Security Update) Important Remote Code Execution 5022289 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5022840 (Security Update) Important Remote Code Execution 5022286
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5022840 (Security Update) Important Remote Code Execution 5022286
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5022842 (Security Update) Important Remote Code Execution 5022291
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5022842 (Security Update) Important Remote Code Execution 5022291
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21798 Anonymous


CVE-2023-21799 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21799
MITRE
NVD
CVE Title: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

How could an attacker exploit this vulnerability?

An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2023-02-14T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21799
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5022858 (Security Update) Important Remote Code Execution 5022297 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5022858 (Security Update) Important Remote Code Execution 5022297 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5022838 (Security Update) Important Remote Code Execution 5022289 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5022838 (Security Update) Important Remote Code Execution 5022289 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5022840 (Security Update) Important Remote Code Execution 5022286
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5022840 (Security Update) Important Remote Code Execution 5022286
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5022840 (Security Update) Important Remote Code Execution 5022286
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5022834 (Security Update) Important Remote Code Execution 5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5022834 (Security Update) Important Remote Code Execution 5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5022834 (Security Update) Important Remote Code Execution 5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for 32-bit Systems 5022834 (Security Update) Important Remote Code Execution
5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for ARM64-based Systems 5022834 (Security Update) Important Remote Code Execution
5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for x64-based Systems 5022834 (Security Update) Important Remote Code Execution
5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 22H2 for 32-bit Systems 5022834 (Security Update) Important Remote Code Execution
5022282
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 22H2 for ARM64-based Systems 5022834 (Security Update) Important Remote Code Execution
5022282