This report contains detail for the following vulnerabilities:
CVE Issued by | Tag | CVE ID | CVE Title |
---|---|---|---|
Microsoft | .NET Framework | CVE-2023-36049 | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability |
Microsoft | ASP.NET | CVE-2023-36560 | ASP.NET Security Feature Bypass Vulnerability |
Microsoft | ASP.NET | CVE-2023-36038 | ASP.NET Core Denial of Service Vulnerability |
Microsoft | ASP.NET | CVE-2023-36558 | ASP.NET Core - Security Feature Bypass Vulnerability |
Microsoft | Azure | CVE-2023-36052 | Azure CLI REST Command Information Disclosure Vulnerability |
Microsoft | Azure | CVE-2023-38151 | Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability |
Microsoft | Azure | CVE-2023-36021 | Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability |
Microsoft | Azure DevOps | CVE-2023-36437 | Azure DevOps Server Remote Code Execution Vulnerability |
secalert@redhat.com | Mariner | CVE-2020-1747 | Unknown |
cve@mitre.org | Mariner | CVE-2023-46316 | Unknown |
cve@mitre.org | Mariner | CVE-2023-46753 | Unknown |
security@kubernetes.io | Mariner | CVE-2020-8554 | Unknown |
secalert@redhat.com | Mariner | CVE-2020-14343 | Unknown |
Mitre | Microsoft Bluetooth Driver | CVE-2023-24023 | Mitre: CVE-2023-24023 Bluetooth Vulnerability |
Microsoft | Microsoft Dynamics | CVE-2023-36016 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
Microsoft | Microsoft Dynamics | CVE-2023-36007 | Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability |
Microsoft | Microsoft Dynamics | CVE-2023-36031 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
Microsoft | Microsoft Dynamics | CVE-2023-36410 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
Microsoft | Microsoft Dynamics 365 Sales | CVE-2023-36030 | Microsoft Dynamics 365 Sales Spoofing Vulnerability |
Microsoft | Microsoft Edge (Chromium-based) | CVE-2023-36014 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-5996 | Chromium: CVE-2023-5996 Use after free in WebAudio |
Microsoft | Microsoft Edge (Chromium-based) | CVE-2023-36022 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
Microsoft | Microsoft Edge (Chromium-based) | CVE-2023-36027 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
Microsoft | Microsoft Edge (Chromium-based) | CVE-2023-36029 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-5480 | Chromium: CVE-2023-5480 Inappropriate implementation in Payments |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-5856 | Chromium: CVE-2023-5856 Use after free in Side Panel |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-5855 | Chromium: CVE-2023-5855 Use after free in Reading Mode |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-5854 | Chromium: CVE-2023-5854 Use after free in Profiles |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-5859 | Chromium: CVE-2023-5859 Incorrect security UI in Picture In Picture |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-5858 | Chromium: CVE-2023-5858 Inappropriate implementation in WebApp Provider |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-5857 | Chromium: CVE-2023-5857 Inappropriate implementation in Downloads |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-5850 | Chromium: CVE-2023-5850 Incorrect security UI in Downloads |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-5849 | Chromium: CVE-2023-5849 Integer overflow in USB |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-5482 | Chromium: CVE-2023-5482 Insufficient data validation in USB |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-5853 | Chromium: CVE-2023-5853 Incorrect security UI in Downloads |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-5852 | Chromium: CVE-2023-5852 Use after free in Printing |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-5851 | Chromium: CVE-2023-5851 Inappropriate implementation in Downloads |
Microsoft | Microsoft Edge (Chromium-based) | CVE-2023-36024 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
Microsoft | Microsoft Edge (Chromium-based) | CVE-2023-36034 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
Microsoft | Microsoft Exchange Server | CVE-2023-36439 | Microsoft Exchange Server Remote Code Execution Vulnerability |
Microsoft | Microsoft Exchange Server | CVE-2023-36050 | Microsoft Exchange Server Spoofing Vulnerability |
Microsoft | Microsoft Exchange Server | CVE-2023-36039 | Microsoft Exchange Server Spoofing Vulnerability |
Microsoft | Microsoft Exchange Server | CVE-2023-36035 | Microsoft Exchange Server Spoofing Vulnerability |
Microsoft | Microsoft Office | CVE-2023-36413 | Microsoft Office Security Feature Bypass Vulnerability |
Microsoft | Microsoft Office | CVE-2023-36045 | Microsoft Office Graphics Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Excel | CVE-2023-36041 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Excel | CVE-2023-36037 | Microsoft Excel Security Feature Bypass Vulnerability |
Microsoft | Microsoft Office SharePoint | CVE-2023-38177 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
Microsoft | Microsoft Remote Registry Service | CVE-2023-36423 | Microsoft Remote Registry Service Remote Code Execution Vulnerability |
Microsoft | Microsoft Remote Registry Service | CVE-2023-36401 | Microsoft Remote Registry Service Remote Code Execution Vulnerability |
Microsoft | Microsoft WDAC OLE DB provider for SQL | CVE-2023-36402 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
Microsoft | Microsoft Windows Search Component | CVE-2023-36394 | Windows Search Service Elevation of Privilege Vulnerability |
Microsoft | Microsoft Windows Speech | CVE-2023-36719 | Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability |
Microsoft | Open Management Infrastructure | CVE-2023-36043 | Open Management Infrastructure Information Disclosure Vulnerability |
Microsoft | Tablet Windows User Interface | CVE-2023-36393 | Windows User Interface Application Core Remote Code Execution Vulnerability |
Microsoft | Visual Studio | CVE-2023-36042 | Visual Studio Denial of Service Vulnerability |
Microsoft | Visual Studio Code | CVE-2023-36018 | Visual Studio Code Jupyter Extension Spoofing Vulnerability |
Microsoft | Windows Authentication Methods | CVE-2023-36047 | Windows Authentication Elevation of Privilege Vulnerability |
Microsoft | Windows Authentication Methods | CVE-2023-36428 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability |
Microsoft | Windows Authentication Methods | CVE-2023-36046 | Windows Authentication Denial of Service Vulnerability |
Microsoft | Windows Cloud Files Mini Filter Driver | CVE-2023-36036 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
Microsoft | Windows Common Log File System Driver | CVE-2023-36424 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Microsoft | Windows Compressed Folder | CVE-2023-36396 | Windows Compressed Folder Remote Code Execution Vulnerability |
Microsoft | Windows Defender | CVE-2023-36422 | Microsoft Windows Defender Elevation of Privilege Vulnerability |
Microsoft | Windows Deployment Services | CVE-2023-36395 | Windows Deployment Services Denial of Service Vulnerability |
Microsoft | Windows DHCP Server | CVE-2023-36392 | DHCP Server Service Denial of Service Vulnerability |
Microsoft | Windows Distributed File System (DFS) | CVE-2023-36425 | Windows Distributed File System (DFS) Remote Code Execution Vulnerability |
Microsoft | Windows DWM Core Library | CVE-2023-36033 | Windows DWM Core Library Elevation of Privilege Vulnerability |
Microsoft | Windows HMAC Key Derivation | CVE-2023-36400 | Windows HMAC Key Derivation Elevation of Privilege Vulnerability |
Microsoft | Windows Hyper-V | CVE-2023-36427 | Windows Hyper-V Elevation of Privilege Vulnerability |
Microsoft | Windows Hyper-V | CVE-2023-36407 | Windows Hyper-V Elevation of Privilege Vulnerability |
Microsoft | Windows Hyper-V | CVE-2023-36406 | Windows Hyper-V Information Disclosure Vulnerability |
Microsoft | Windows Hyper-V | CVE-2023-36408 | Windows Hyper-V Elevation of Privilege Vulnerability |
Microsoft | Windows Installer | CVE-2023-36705 | Windows Installer Elevation of Privilege Vulnerability |
Microsoft | Windows Internet Connection Sharing (ICS) | CVE-2023-36397 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability |
Microsoft | Windows Kernel | CVE-2023-36405 | Windows Kernel Elevation of Privilege Vulnerability |
Microsoft | Windows Kernel | CVE-2023-36404 | Windows Kernel Information Disclosure Vulnerability |
Microsoft | Windows Kernel | CVE-2023-36403 | Windows Kernel Elevation of Privilege Vulnerability |
Microsoft | Windows NTFS | CVE-2023-36398 | Windows NTFS Information Disclosure Vulnerability |
Microsoft | Windows Protected EAP (PEAP) | CVE-2023-36028 | Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability |
Microsoft | Windows Scripting | CVE-2023-36017 | Windows Scripting Engine Memory Corruption Vulnerability |
Microsoft | Windows SmartScreen | CVE-2023-36025 | Windows SmartScreen Security Feature Bypass Vulnerability |
Microsoft | Windows Storage | CVE-2023-36399 | Windows Storage Elevation of Privilege Vulnerability |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
CVE-2023-5996
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2023-5996 Use after free in WebAudio
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    09-Nov-23     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-5996 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
119.0.2151.58 | No | None |
Microsoft Edge (Chromium-based) Extended Stable | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
118.0.2088.102 | No | None |
CVE ID | Acknowledgements |
CVE-2023-5996 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-38151
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the target machine if the victim connects to the attacker's malicious DB2 server and they execute a specially crafted query. Mitigations: The following mitigating factors may be helpful in your situation: The victim must have installed Microsoft OLE DB Provider for DB2 Server Version 7.0 for the target machine to be vulnerable. Workarounds: None Revision: 1.0    14-Nov-23     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-38151 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Host Integration Server 2020 | 5032921 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
KB5032921 | Maybe | None |
Microsoft OLE DB Provider for DB2 V7 | 5032921 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
KB5032921 | Yes | None |
CVE ID | Acknowledgements |
CVE-2023-38151 | bee13oy with Cyber Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-36719
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.4/TemporalScore:7.3
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. Mitigations: None Workarounds: None Revision: 1.0    14-Nov-23     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-36719 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5032199 (Security Update) | Important | Elevation of Privilege | 5031377 | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20308 | Yes | None |
Windows 10 for x64-based Systems | 5032199 (Security Update) | Important | Elevation of Privilege | 5031377 | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20308 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5032197 (Security Update) | Important | Elevation of Privilege | 5031362 | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5032197 (Security Update) | Important | Elevation of Privilege | 5031362 | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows 10 Version 1809 for ARM64-based Systems | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows 10 Version 1809 for x64-based Systems | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows 10 Version 21H2 for 32-bit Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
Windows 10 Version 21H2 for ARM64-based Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
Windows 10 Version 21H2 for x64-based Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
Windows 10 Version 22H2 for 32-bit Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
Windows 10 Version 22H2 for ARM64-based Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
Windows 10 Version 22H2 for x64-based Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
Windows 11 version 21H2 for ARM64-based Systems | 5032192 (Security Update) | Important | Elevation of Privilege | 5031358 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2600 |
Yes | 5032192 |
Windows 11 version 21H2 for x64-based Systems | 5032192 (Security Update) | Important | Elevation of Privilege | 5031358 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2600 |
Yes | 5032192 |
Windows 11 Version 22H2 for ARM64-based Systems | 5032190 (Security Update) | Important | Elevation of Privilege | 5031354 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows 11 Version 22H2 for x64-based Systems | 5032190 (Security Update) | Important | Elevation of Privilege | 5031354 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows 11 Version 23H2 for ARM64-based Systems | 5032190 (Security Update) | Important | Elevation of Privilege | 5031354 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows 11 Version 23H2 for x64-based Systems | 5032190 (Security Update) | Important | Elevation of Privilege | 5031354 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Elevation of Privilege | 5031416 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Elevation of Privilege | 5031416 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Elevation of Privilege | 5031416 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Elevation of Privilege | 5031416 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5032252 (Monthly Rollup) 5032250 (Security Only) |
Important | Elevation of Privilege | 5031408 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26816 |
Yes | 5032252 5032250 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5032252 (Monthly Rollup) 5032250 (Security Only) |
Important | Elevation of Privilege | 5031408 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26816 |
Yes | 5032252 5032250 |
Windows Server 2012 | 5032247 (Monthly Rollup) | Important | Elevation of Privilege | 5031442 | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24569 | Yes | None |
Windows Server 2012 (Server Core installation) | 5032247 (Monthly Rollup) | Important | Elevation of Privilege | 5031442 | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24569 | Yes | None |
Windows Server 2012 R2 | 5032249 (Monthly Rollup) | Important | Elevation of Privilege | 5031419 | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21668 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5032249 (Monthly Rollup) | Important | Elevation of Privilege | 5031419 | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21668 | Yes | None |
Windows Server 2016 | 5032197 (Security Update) | Important | Elevation of Privilege | 5031362 | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows Server 2016 (Server Core installation) | 5032197 (Security Update) | Important | Elevation of Privilege | 5031362 | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows Server 2019 | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows Server 2019 (Server Core installation) | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows Server 2022 | 5032198 (Security Update) | Important | Elevation of Privilege | 5031364 | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2113 | Yes | None |
Windows Server 2022 (Server Core installation) | 5032198 (Security Update) | Important | Elevation of Privilege | 5031364 | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2113 | Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5032202 (Security Update) | Important | Elevation of Privilege | 5031364 | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.531 | Yes | None |
CVE ID | Acknowledgements |
CVE-2023-36719 | Marco Bartoli with Microsoft Giulio Candreva with Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-36705
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Installer Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    14-Nov-23     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-36705 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5032199 (Security Update) | Important | Elevation of Privilege | 5031377 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20308 | Yes | None |
Windows 10 for x64-based Systems | 5032199 (Security Update) | Important | Elevation of Privilege | 5031377 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20308 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5032197 (Security Update) | Important | Elevation of Privilege | 5031362 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5032197 (Security Update) | Important | Elevation of Privilege | 5031362 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows 10 Version 1809 for ARM64-based Systems | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows 10 Version 1809 for x64-based Systems | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows 10 Version 21H2 for 32-bit Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
Windows 10 Version 21H2 for ARM64-based Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
Windows 10 Version 21H2 for x64-based Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
Windows 10 Version 22H2 for 32-bit Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
Windows 10 Version 22H2 for ARM64-based Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
Windows 10 Version 22H2 for x64-based Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
Windows 11 version 21H2 for ARM64-based Systems | 5032192 (Security Update) | Important | Elevation of Privilege | 5031358 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2600 |
Yes | 5032192 |
Windows 11 version 21H2 for x64-based Systems | 5032192 (Security Update) | Important | Elevation of Privilege | 5031358 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2600 |
Yes | 5032192 |
Windows 11 Version 22H2 for ARM64-based Systems | 5032190 (Security Update) | Important | Elevation of Privilege | 5031354 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows 11 Version 22H2 for x64-based Systems | 5032190 (Security Update) | Important | Elevation of Privilege | 5031354 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows 11 Version 23H2 for ARM64-based Systems | 5032190 (Security Update) | Important | Elevation of Privilege | 5031354 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows 11 Version 23H2 for x64-based Systems | 5032190 (Security Update) | Important | Elevation of Privilege | 5031354 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Elevation of Privilege | 5031416 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Elevation of Privilege | 5031416 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Elevation of Privilege | 5031416 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Elevation of Privilege | 5031416 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5032252 (Monthly Rollup) 5032250 (Security Only) |
Important | Elevation of Privilege | 5031408 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26816 |
Yes | 5032252 5032250 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5032252 (Monthly Rollup) 5032250 (Security Only) |
Important | Elevation of Privilege | 5031408 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26816 |
Yes | 5032252 5032250 |
Windows Server 2012 | 5032247 (Monthly Rollup) | Important | Elevation of Privilege | 5031442 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24569 | Yes | None |
Windows Server 2012 (Server Core installation) | 5032247 (Monthly Rollup) | Important | Elevation of Privilege | 5031442 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24569 | Yes | None |
Windows Server 2012 R2 | 5032249 (Monthly Rollup) | Important | Elevation of Privilege | 5031419 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21668 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5032249 (Monthly Rollup) | Important | Elevation of Privilege | 5031419 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21668 | Yes | None |
Windows Server 2016 | 5032197 (Security Update) | Important | Elevation of Privilege | 5031362 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows Server 2016 (Server Core installation) | 5032197 (Security Update) | Important | Elevation of Privilege | 5031362 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows Server 2019 | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows Server 2019 (Server Core installation) | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows Server 2022 | 5032198 (Security Update) | Important | Elevation of Privilege | 5031364 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2113 | Yes | None |
Windows Server 2022 (Server Core installation) | 5032198 (Security Update) | Important | Elevation of Privilege | 5031364 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2113 | Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5032202 (Security Update) | Important | Elevation of Privilege | 5031364 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.531 | Yes | None |
CVE ID | Acknowledgements |
CVE-2023-36705 | Abdelhamid Naceri |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-36560
MITRE NVD Issuing CNA: Microsoft |
CVE Title: ASP.NET Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? The attacker would be able to bypass the security checks that prevents an attacker from accessing internal applications in a website. How could an attacker exploit this vulnerability? The attacker could send a specially crafted request that would enable them to access parts of a web application that they would not normally have access to. Mitigations: None Workarounds: None Revision: 1.0    14-Nov-23     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-36560 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5032344 (Monthly Rollup) 5032186 (Security Only) |
Important | Security Feature Bypass | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
3.0.50727.8975 | Maybe | None | |
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5032344 (Monthly Rollup) 5032186 (Security Only) |
Important | Security Feature Bypass | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
3.0.50727.8975 | Maybe | None | |
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5032344 (Monthly Rollup) 5032186 (Security Only) |
Important | Security Feature Bypass | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
3.0.50727.8975 | Maybe | None | |
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5032344 (Monthly Rollup) 5032186 (Security Only) |
Important | Security Feature Bypass | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
3.0.50727.8975 | Maybe | None | |
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems | 5032197 (Security Update) | Important | Security Feature Bypass | 5031362 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems | 5032197 (Security Update) | Important | Security Feature Bypass | 5031362 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 | 5032197 (Security Update) | Important | Security Feature Bypass | 5031362 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation) | 5032197 (Security Update) | Important | Security Feature Bypass | 5031362 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Microsoft .NET Framework 3.5 AND 4.6/4.6.2 on Windows 10 for 32-bit Systems | 5032199 (Security Update) | Important | Security Feature Bypass | 5031377 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20308 | Yes | None |
Microsoft .NET Framework 3.5 AND 4.6/4.6.2 on Windows 10 for x64-based Systems | 5032199 (Security Update) | Important | Security Feature Bypass | 5031377 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20308 | Yes | None |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems | 5032337 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.7.4076.06 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems | 5032337 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.7.4076.06 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems | 5032337 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.7.4076.06 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 | 5032337 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.7.4076.06 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) | 5032337 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.7.4076.06 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems | 5032337 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.8.4682.02 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems | 5032337 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.8.4682.02 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems | 5032338 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.8.4682.02 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems | 5032338 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.8.4682.02 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems | 5032338 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.8.4682.02 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems | 5032339 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.8.4682.02 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems | 5032339 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.8.4682.02 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems | 5032339 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.8.4682.02 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for ARM64-based Systems | 5032340 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.8.4682.02 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for x64-based Systems | 5032340 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.8.4682.02 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 | 5032337 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.8.4682.02 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) | 5032337 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.8.4682.02 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 | 5032336 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.8.4682.02 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) | 5032336 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.8.4682.02 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems | 5032338 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.9206.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems | 5032338 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.9206.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems | 5032338 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.9206.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems | 5032339 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.9206.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems | 5032339 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.9206.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems | 5032339 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.9206.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for ARM64-based Systems | 5032340 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.9206.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for x64-based Systems | 5032340 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.9206.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems | 5032007 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.9206.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems | 5032007 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.9206.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems | 5032007 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.9206.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems | 5032007 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.9206.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 | 5032336 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.9206.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) | 5032336 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.9206.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022, 23H2 Edition (Server Core installation) | 5032004 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.9206.01 | Maybe | None |
Microsoft .NET Framework 3.5 on Windows Server 2012 | 5032342 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
3.0.50727.8975 | Maybe | None |
Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) | 5032342 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
3.0.50727.8975 | Maybe | None |
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 | 5032343 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
3.0.50727.8975 | Maybe | None |
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) | 5032343 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
3.0.50727.8975 | Maybe | None |
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5032341 (Monthly Rollup) 5032185 (Security Only) |
Important | Security Feature Bypass | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
3.0.50727.8975 | Maybe | None | |
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5032341 (Monthly Rollup) 5032185 (Security Only) |
Important | Security Feature Bypass | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
3.0.50727.8975 | Maybe | None | |
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5032344 (Monthly Rollup) 5032186 (Security Only) |
Important | Security Feature Bypass | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.7.4076.06 4.7.4076.02 |
Maybe | None | |
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5032344 (Monthly Rollup) 5032186 (Security Only) |
Important | Security Feature Bypass | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.7.4076.06 4.7.4076.02 |
Maybe | None | |
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5032344 (Monthly Rollup) 5032186 (Security Only) |
Important | Security Feature Bypass | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.7.4076.06 4.7.4076.02 |
Maybe | None | |
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5032344 (Monthly Rollup) 5032186 (Security Only) |
Important | Security Feature Bypass | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.7.4076.06 4.7.4076.02 |
Maybe | None | |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5032341 (Monthly Rollup) 5032185 (Security Only) |
Important | Security Feature Bypass | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.7.4076.06 4.7.4076.02 |
Maybe | None | |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5032341 (Monthly Rollup) 5032185 (Security Only) |
Important | Security Feature Bypass | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.7.4076.06 4.7.4076.02 |
Maybe | None | |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 | 5032342 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.7.4076.06 | Maybe | None |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) | 5032342 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.7.4076.06 | Maybe | None |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 | 5032343 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.7.4076.06 | Maybe | None |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) | 5032343 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.7.4076.06 | Maybe | None |
Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems | 5031989 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.8.4682.02 | Maybe | None |
Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems | 5031989 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.8.4682.02 | Maybe | None |
Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5032341 (Monthly Rollup) 5032185 (Security Only) |
Important | Security Feature Bypass | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.8.4682.02 | Maybe | None | |
Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5032341 (Monthly Rollup) 5032185 (Security Only) |
Important | Security Feature Bypass | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.8.4682.02 | Maybe | None | |
Microsoft .NET Framework 4.8 on Windows Server 2012 | 5032342 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.8.4682.03 | Maybe | None |
Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) | 5032342 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.8.4682.03 | Maybe | None |
Microsoft .NET Framework 4.8 on Windows Server 2012 R2 | 5032343 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.8.4682.03 | Maybe | None |
Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) | 5032343 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.8.4682.03 | Maybe | None |
Microsoft .NET Framework 4.8 on Windows Server 2016 | 5031989 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.8.4682.02 | Maybe | None |
Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) | 5031989 (Security Update) | Important | Security Feature Bypass | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
04.8.4682.02 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2023-36560 | Markus Wulftange with CODE WHITE GmbH Soroush Dalili with SecProject Markus Wulftange with CODE WHITE GmbH |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-36437
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure DevOps Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit an integer overflow vulnerability that results in arbitrary heap writes, which could be used to perform arbitrary code execution. According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on ADO? Yes, the attacker needs to be authenticated to Azure DevOps server. Mitigations: None Workarounds: None Revision: 1.0    14-Nov-23     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-36437 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Pipelines Agent | Pull Request (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
2.39.1 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2023-36437 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-36428
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Mitigations: None Workarounds: None Revision: 1.0    14-Nov-23     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-36428 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5032199 (Security Update) | Important | Information Disclosure | 5031377 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20308 | Yes | None |
Windows 10 for x64-based Systems | 5032199 (Security Update) | Important | Information Disclosure | 5031377 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20308 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5032197 (Security Update) | Important | Information Disclosure | 5031362 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5032197 (Security Update) | Important | Information Disclosure | 5031362 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5032196 (Security Update) | Important | Information Disclosure | 5031361 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows 10 Version 1809 for ARM64-based Systems | 5032196 (Security Update) | Important | Information Disclosure | 5031361 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows 10 Version 1809 for x64-based Systems | 5032196 (Security Update) | Important | Information Disclosure | 5031361 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows 10 Version 21H2 for 32-bit Systems | 5032189 (Security Update) | Important | Information Disclosure | 5031356 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
Windows 10 Version 21H2 for ARM64-based Systems | 5032189 (Security Update) | Important | Information Disclosure | 5031356 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
Windows 10 Version 21H2 for x64-based Systems | 5032189 (Security Update) | Important | Information Disclosure | 5031356 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
Windows 10 Version 22H2 for 32-bit Systems | 5032189 (Security Update) | Important | Information Disclosure | 5031356 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
Windows 10 Version 22H2 for ARM64-based Systems | 5032189 (Security Update) | Important | Information Disclosure | 5031356 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
Windows 10 Version 22H2 for x64-based Systems | 5032189 (Security Update) | Important | Information Disclosure | 5031356 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
Windows 11 version 21H2 for ARM64-based Systems | 5032192 (Security Update) | Important | Information Disclosure | 5031358 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2600 |
Yes | 5032192 |
Windows 11 version 21H2 for x64-based Systems | 5032192 (Security Update) | Important | Information Disclosure | 5031358 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2600 |
Yes | 5032192 |
Windows 11 Version 22H2 for ARM64-based Systems | 5032190 (Security Update) | Important | Information Disclosure | 5031354 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows 11 Version 22H2 for x64-based Systems | 5032190 (Security Update) | Important | Information Disclosure | 5031354 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows 11 Version 23H2 for ARM64-based Systems | 5032190 (Security Update) | Important | Information Disclosure | 5031354 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows 11 Version 23H2 for x64-based Systems | 5032190 (Security Update) | Important | Information Disclosure | 5031354 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Information Disclosure | 5031416 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Information Disclosure | 5031416 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Information Disclosure | 5031416 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Information Disclosure | 5031416 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5032252 (Monthly Rollup) 5032250 (Security Only) |
Important | Information Disclosure | 5031408 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26816 |
Yes | 5032252 5032250 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5032252 (Monthly Rollup) 5032250 (Security Only) |
Important | Information Disclosure | 5031408 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26816 |
Yes | 5032252 5032250 |
Windows Server 2012 | 5032247 (Monthly Rollup) | Important | Information Disclosure | 5031442 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24569 | Yes | None |
Windows Server 2012 (Server Core installation) | 5032247 (Monthly Rollup) | Important | Information Disclosure | 5031442 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24569 | Yes | None |
Windows Server 2012 R2 | 5032249 (Monthly Rollup) | Important | Information Disclosure | 5031419 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21668 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5032249 (Monthly Rollup) | Important | Information Disclosure | 5031419 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21668 | Yes | None |
Windows Server 2016 | 5032197 (Security Update) | Important | Information Disclosure | 5031362 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows Server 2016 (Server Core installation) | 5032197 (Security Update) | Important | Information Disclosure | 5031362 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows Server 2019 | 5032196 (Security Update) | Important | Information Disclosure | 5031361 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows Server 2019 (Server Core installation) | 5032196 (Security Update) | Important | Information Disclosure | 5031361 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows Server 2022 | 5032198 (Security Update) | Important | Information Disclosure | 5031364 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2113 | Yes | None |
Windows Server 2022 (Server Core installation) | 5032198 (Security Update) | Important | Information Disclosure | 5031364 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2113 | Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5032202 (Security Update) | Important | Information Disclosure | 5031364 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.531 | Yes | None |
CVE ID | Acknowledgements |
CVE-2023-36428 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-36427
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Hyper-V Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Real-world exploitability of this attack is very low. Successful exploitation of this vulnerability requires an attacker to obtain 12th+ generation hardware to trigger the vulnerability. In addition, the attacker can only populate data at the beginning of a page, and its contents are mostly uncontrollable. Mitigations: None Workarounds: None Revision: 1.0    14-Nov-23     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-36427 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for x64-based Systems | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows 10 Version 21H2 for x64-based Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
Windows 10 Version 22H2 for x64-based Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
Windows 11 version 21H2 for x64-based Systems | 5032192 (Security Update) | Important | Elevation of Privilege | 5031358 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2600 |
Yes | 5032192 |
Windows 11 Version 22H2 for x64-based Systems | 5032190 (Security Update) | Important | Elevation of Privilege | 5031354 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows 11 Version 23H2 for x64-based Systems | 5032190 (Security Update) | Important | Elevation of Privilege | 5031354 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows Server 2019 | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows Server 2019 (Server Core installation) | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows Server 2022 | 5032198 (Security Update) | Important | Elevation of Privilege | 5031364 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2113 | Yes | None |
Windows Server 2022 (Server Core installation) | 5032198 (Security Update) | Important | Elevation of Privilege | 5031364 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2113 | Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5032202 (Security Update) | Important | Elevation of Privilege | 5031364 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.531 | Yes | None |
CVE ID | Acknowledgements |
CVE-2023-36427 | Satoshi Tanda with System Programming Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-36425
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Distributed File System (DFS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.0/TemporalScore:7.0
Executive Summary: None FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities. According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker or targeted user to have both domain user and delegate management permissions on a non-default DFS namespace. How could an attacker exploit this vulnerability? An attacker could exploit a DFS namespace (non-default) out-of-bound write vulnerability that results in heap corruption, which could then be used to perform arbitrary code execution on the server's dfssvc.exe process which runs as SYSTEM user. According to the CVSS metric, attack complexity is high (AC:H). What does that mean for this vulnerability? In a real-world attack scenario, a domain admin would have to configure their DFS namespace in such a way to add a low privileged domain user to the delegate management permission on a certain DFS namespace. In essence, a successful exploitation of this vulnerability would require a non-default and unlikely configuration. Mitigations: None Workarounds: None Revision: 1.0    14-Nov-23     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-36425 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5032199 (Security Update) | Important | Remote Code Execution | 5031377 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20308 | Yes | None |
Windows 10 for x64-based Systems | 5032199 (Security Update) | Important | Remote Code Execution | 5031377 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20308 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5032197 (Security Update) | Important | Remote Code Execution | 5031362 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5032197 (Security Update) | Important | Remote Code Execution | 5031362 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5032196 (Security Update) | Important | Remote Code Execution | 5031361 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows 10 Version 1809 for ARM64-based Systems | 5032196 (Security Update) | Important | Remote Code Execution | 5031361 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows 10 Version 1809 for x64-based Systems | 5032196 (Security Update) | Important | Remote Code Execution | 5031361 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows 10 Version 21H2 for 32-bit Systems | 5032189 (Security Update) | Important | Remote Code Execution | 5031356 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
Windows 10 Version 21H2 for ARM64-based Systems | 5032189 (Security Update) | Important | Remote Code Execution | 5031356 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
Windows 10 Version 21H2 for x64-based Systems | 5032189 (Security Update) | Important | Remote Code Execution | 5031356 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
Windows 10 Version 22H2 for 32-bit Systems | 5032189 (Security Update) | Important | Remote Code Execution | 5031356 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
Windows 10 Version 22H2 for ARM64-based Systems | 5032189 (Security Update) | Important | Remote Code Execution | 5031356 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
Windows 10 Version 22H2 for x64-based Systems | 5032189 (Security Update) | Important | Remote Code Execution | 5031356 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
Windows 11 version 21H2 for ARM64-based Systems | 5032192 (Security Update) | Important | Remote Code Execution | 5031358 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2600 |
Yes | 5032192 |
Windows 11 version 21H2 for x64-based Systems | 5032192 (Security Update) | Important | Remote Code Execution | 5031358 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2600 |
Yes | 5032192 |
Windows 11 Version 22H2 for ARM64-based Systems | 5032190 (Security Update) | Important | Remote Code Execution | 5031354 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows 11 Version 22H2 for x64-based Systems | 5032190 (Security Update) | Important | Remote Code Execution | 5031354 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows 11 Version 23H2 for ARM64-based Systems | 5032190 (Security Update) | Important | Remote Code Execution | 5031354 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows 11 Version 23H2 for x64-based Systems | 5032190 (Security Update) | Important | Remote Code Execution | 5031354 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Remote Code Execution | 5031416 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Remote Code Execution | 5031416 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Remote Code Execution | 5031416 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Remote Code Execution | 5031416 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5032252 (Monthly Rollup) 5032250 (Security Only) |
Important | Remote Code Execution | 5031408 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26816 |
Yes | 5032252 5032250 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5032252 (Monthly Rollup) 5032250 (Security Only) |
Important | Remote Code Execution | 5031408 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26816 |
Yes | 5032252 5032250 |
Windows Server 2012 | 5032247 (Monthly Rollup) | Important | Remote Code Execution | 5031442 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24569 | Yes | None |
Windows Server 2012 (Server Core installation) | 5032247 (Monthly Rollup) | Important | Remote Code Execution | 5031442 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24569 | Yes | None |
Windows Server 2012 R2 | 5032249 (Monthly Rollup) | Important | Remote Code Execution | 5031419 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21668 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5032249 (Monthly Rollup) | Important | Remote Code Execution | 5031419 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21668 | Yes | None |
Windows Server 2016 | 5032197 (Security Update) | Important | Remote Code Execution | 5031362 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows Server 2016 (Server Core installation) | 5032197 (Security Update) | Important | Remote Code Execution | 5031362 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows Server 2019 | 5032196 (Security Update) | Important | Remote Code Execution | 5031361 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows Server 2019 (Server Core installation) | 5032196 (Security Update) | Important | Remote Code Execution | 5031361 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows Server 2022 | 5032198 (Security Update) | Important | Remote Code Execution | 5031364 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2113 | Yes | None |
Windows Server 2022 (Server Core installation) | 5032198 (Security Update) | Important | Remote Code Execution | 5031364 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2113 | Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5032202 (Security Update) | Important | Remote Code Execution | 5031364 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.531 | Yes | None |
CVE ID | Acknowledgements |
CVE-2023-36425 | k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-36424
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate privileges from Medium Integrity Level to a High Integrity Level. Mitigations: None Workarounds: None Revision: 1.0    14-Nov-23     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-36424 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5032199 (Security Update) | Important | Elevation of Privilege | 5031377 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20308 | Yes | None |
Windows 10 for x64-based Systems | 5032199 (Security Update) | Important | Elevation of Privilege | 5031377 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20308 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5032197 (Security Update) | Important | Elevation of Privilege | 5031362 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5032197 (Security Update) | Important | Elevation of Privilege | 5031362 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows 10 Version 1809 for ARM64-based Systems | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows 10 Version 1809 for x64-based Systems | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows 10 Version 21H2 for 32-bit Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
Windows 10 Version 21H2 for ARM64-based Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
Windows 10 Version 21H2 for x64-based Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
Windows 10 Version 22H2 for 32-bit Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
Windows 10 Version 22H2 for ARM64-based Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
Windows 10 Version 22H2 for x64-based Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
Windows 11 version 21H2 for ARM64-based Systems | 5032192 (Security Update) | Important | Elevation of Privilege | 5031358 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2600 |
Yes | 5032192 |
Windows 11 version 21H2 for x64-based Systems | 5032192 (Security Update) | Important | Elevation of Privilege | 5031358 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2600 |
Yes | 5032192 |
Windows 11 Version 22H2 for ARM64-based Systems | 5032190 (Security Update) | Important | Elevation of Privilege | 5031354 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows 11 Version 22H2 for x64-based Systems | 5032190 (Security Update) | Important | Elevation of Privilege | 5031354 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows 11 Version 23H2 for ARM64-based Systems | 5032190 (Security Update) | Important | Elevation of Privilege | 5031354 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows 11 Version 23H2 for x64-based Systems | 5032190 (Security Update) | Important | Elevation of Privilege | 5031354 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Elevation of Privilege | 5031416 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Elevation of Privilege | 5031416 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Elevation of Privilege | 5031416 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Elevation of Privilege | 5031416 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5032252 (Monthly Rollup) 5032250 (Security Only) |
Important | Elevation of Privilege | 5031408 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26816 |
Yes | 5032252 5032250 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5032252 (Monthly Rollup) 5032250 (Security Only) |
Important | Elevation of Privilege | 5031408 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26816 |
Yes | 5032252 5032250 |
Windows Server 2012 | 5032247 (Monthly Rollup) | Important | Elevation of Privilege | 5031442 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24569 | Yes | None |
Windows Server 2012 (Server Core installation) | 5032247 (Monthly Rollup) | Important | Elevation of Privilege | 5031442 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24569 | Yes | None |
Windows Server 2012 R2 | 5032249 (Monthly Rollup) | Important | Elevation of Privilege | 5031419 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21668 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5032249 (Monthly Rollup) | Important | Elevation of Privilege | 5031419 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21668 | Yes | None |
Windows Server 2016 | 5032197 (Security Update) | Important | Elevation of Privilege | 5031362 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows Server 2016 (Server Core installation) | 5032197 (Security Update) | Important | Elevation of Privilege | 5031362 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows Server 2019 | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows Server 2019 (Server Core installation) | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows Server 2022 | 5032198 (Security Update) | Important | Elevation of Privilege | 5031364 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2113 | Yes | None |
Windows Server 2022 (Server Core installation) | 5032198 (Security Update) | Important | Elevation of Privilege | 5031364 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2113 | Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5032202 (Security Update) | Important | Elevation of Privilege | 5031364 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.531 | Yes | None |
CVE ID | Acknowledgements |
CVE-2023-36424 | Anonymous with SSD Secure Disclosure |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-36423
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Remote Registry Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.2/TemporalScore:6.3
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker must be an authenticated user on the network who is a member of the performance log users group. Although this group defaults to only Administrators, it is possible for an Administrator to add other standard users to this group. How could an attacker exploit this vulnerability? A remote, authenticated attacker who is on the domain and a member of the performance log users group could exploit an integer overflow vulnerability within regsvc to execute arbitrary code on the server. Mitigations: None Workarounds: None Revision: 1.0    14-Nov-23     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-36423 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5032199 (Security Update) | Important | Remote Code Execution | 5031377 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20308 | Yes | None |
Windows 10 for x64-based Systems | 5032199 (Security Update) | Important | Remote Code Execution | 5031377 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20308 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5032197 (Security Update) | Important | Remote Code Execution | 5031362 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5032197 (Security Update) | Important | Remote Code Execution | 5031362 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5032196 (Security Update) | Important | Remote Code Execution | 5031361 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows 10 Version 1809 for ARM64-based Systems | 5032196 (Security Update) | Important | Remote Code Execution | 5031361 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows 10 Version 1809 for x64-based Systems | 5032196 (Security Update) | Important | Remote Code Execution | 5031361 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows 10 Version 21H2 for 32-bit Systems | 5032189 (Security Update) | Important | Remote Code Execution | 5031356 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
Windows 10 Version 21H2 for ARM64-based Systems | 5032189 (Security Update) | Important | Remote Code Execution | 5031356 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
Windows 10 Version 21H2 for x64-based Systems | 5032189 (Security Update) | Important | Remote Code Execution | 5031356 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
Windows 10 Version 22H2 for 32-bit Systems | 5032189 (Security Update) | Important | Remote Code Execution | 5031356 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
Windows 10 Version 22H2 for ARM64-based Systems | 5032189 (Security Update) | Important | Remote Code Execution | 5031356 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
Windows 10 Version 22H2 for x64-based Systems | 5032189 (Security Update) | Important | Remote Code Execution | 5031356 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
Windows 11 version 21H2 for ARM64-based Systems | 5032192 (Security Update) | Important | Remote Code Execution | 5031358 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2600 |
Yes | 5032192 |
Windows 11 version 21H2 for x64-based Systems | 5032192 (Security Update) | Important | Remote Code Execution | 5031358 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2600 |
Yes | 5032192 |
Windows 11 Version 22H2 for ARM64-based Systems | 5032190 (Security Update) | Important | Remote Code Execution | 5031354 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows 11 Version 22H2 for x64-based Systems | 5032190 (Security Update) | Important | Remote Code Execution | 5031354 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows 11 Version 23H2 for ARM64-based Systems | 5032190 (Security Update) | Important | Remote Code Execution | 5031354 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows 11 Version 23H2 for x64-based Systems | 5032190 (Security Update) | Important | Remote Code Execution | 5031354 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Remote Code Execution | 5031416 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Remote Code Execution | 5031416 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Remote Code Execution | 5031416 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Remote Code Execution | 5031416 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5032252 (Monthly Rollup) 5032250 (Security Only) |
Important | Remote Code Execution | 5031408 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26816 |
Yes | 5032252 5032250 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5032252 (Monthly Rollup) 5032250 (Security Only) |
Important | Remote Code Execution | 5031408 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26816 |
Yes | 5032252 5032250 |
Windows Server 2012 | 5032247 (Monthly Rollup) | Important | Remote Code Execution | 5031442 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24569 | Yes | None |
Windows Server 2012 (Server Core installation) | 5032247 (Monthly Rollup) | Important | Remote Code Execution | 5031442 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24569 | Yes | None |
Windows Server 2012 R2 | 5032249 (Monthly Rollup) | Important | Remote Code Execution | 5031419 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21668 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5032249 (Monthly Rollup) | Important | Remote Code Execution | 5031419 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21668 | Yes | None |
Windows Server 2016 | 5032197 (Security Update) | Important | Remote Code Execution | 5031362 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows Server 2016 (Server Core installation) | 5032197 (Security Update) | Important | Remote Code Execution | 5031362 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows Server 2019 | 5032196 (Security Update) | Important | Remote Code Execution | 5031361 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows Server 2019 (Server Core installation) | 5032196 (Security Update) | Important | Remote Code Execution | 5031361 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows Server 2022 | 5032198 (Security Update) | Important | Remote Code Execution | 5031364 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2113 | Yes | None |
Windows Server 2022 (Server Core installation) | 5032198 (Security Update) | Important | Remote Code Execution | 5031364 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2113 | Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5032202 (Security Update) | Important | Remote Code Execution | 5031364 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.531 | Yes | None |
CVE ID | Acknowledgements |
CVE-2023-36423 | k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||
CVE-2023-36422
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Windows Defender Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
See Manage Updates Baselines Microsoft Defender Antivirus for more information. Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue? Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state. Why is no action required to install this update? In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Windows Defender Antimalware Platform. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner. For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Windows Defender Antimalware Platform are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating. Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Windows Defender Antimalware Platform updates and malware definitions, is working as expected in their environment. How often are the Windows Defender Antimalware Platform and malware definitions updated? Microsoft typically releases an update for the Windows Defender Antimalware Platform once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed. Depending on which Microsoft antimalware software is used and how it is configured, the software may search for platform, engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time. What is the Windows Defender Antimalware Platform? The Windows Defender Antimalware Platform is a collection of user-mode binaries (e.g. MsMpEng.exe) and kernel-mode drivers that run on top of Windows to keep devices protected against new and prevalent threats. Windows Defender uses the Windows Defender Antimalware Platform. On which products is Defender installed and active by default? Defender runs on all supported versions of Windows. Are there other products that use the Windows Defender Antimalware Platform? Yes, Microsoft System Center Endpoint Protection, Microsoft System Center 2012 R2 Endpoint Protection, Microsoft System Center 2012 Endpoint Protection and Microsoft Security Essentials. Does this update contain any additional security-related changes to functionality? Yes. In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features. Suggested ActionsVerify that the update is installed Customers should verify that the latest version of the Microsoft Malware Protection Platform and definition updates are being actively downloaded and installed for their Microsoft antimalware products.
Mitigations: None Workarounds: None Revision: 1.0    14-Nov-23     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-36422 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Defender Antimalware Platform | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.18.23100.2009 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2023-36422 | Sascha Meyer with GAI NetConsult GmbH |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-36413
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. What kind of security feature could be bypassed by successfully exploiting this vulnerability? Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode. Mitigations: None Workarounds: None Revision: 1.0    14-Nov-23     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-36413 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2016 (32-bit edition) | 5002521 (Security Update) | Important | Security Feature Bypass | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
16.0.5422.1000 | Maybe | None |
Microsoft Office 2016 (64-bit edition) | 5002521 (Security Update) | Important | Security Feature Bypass | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
16.0.5422.1000 | Maybe | None |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
CVE ID | Acknowledgements |
CVE-2023-36413 | Eduardo Braun Prado Will Dormann with Vul Labs |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-36410
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.6/TemporalScore:6.6
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. Mitigations: None Workarounds: None Revision: 1.0    14-Nov-23     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-36410 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Dynamics 365 (on-premises) version 9.1 | 5032297 (Security Update) | Important | Spoofing | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
9.1.23.10 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2023-36410 | batram |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-36052
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure CLI REST Command Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.6/TemporalScore:7.5
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker that successfully exploited this vulnerability could recover plaintext passwords and usernames from log files created by the affected CLI commands and published by Azure DevOps and/or GitHub Actions. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities. How could an attacker exploit this vulnerability? An unauthenticated attacker can search and discover credentials contained in log files which have been stored in open-source repositories. Where can I find more information? Please see the MSRC Blog Post relating to this vulnerability here: Microsoft guidance regarding credentials leaked to Github Actions logs through Azure CLI. What actions do customers need to take to protect themselves from this vulnerability? Customers using the affected CLI commands must update their Azure CLI version to 2.53.1 or above to be protected against the risks of this vulnerability. This also applies to customers with log files created by using these commands through Azure DevOps and/or GitHub Actions. Mitigations: None Workarounds: None Revision: 1.0    14-Nov-23     Information published. |
Critical | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-36052 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
az functionapp config appsettings delete | Release Notes (Security Update) | Critical | Information Disclosure | None | Base: 8.6 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
2.53.1 | Maybe | None |
az functionapp config appsettings set | Release Notes (Security Update) | Critical | Information Disclosure | None | Base: 8.6 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
2.53.1 | Maybe | None |
az logicapp config appsettings delete | Release Notes (Security Update) | Critical | Information Disclosure | None | Base: 8.6 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
2.53.1 | Maybe | None |
az logicapp config appsettings set | Release Notes (Security Update) | Critical | Information Disclosure | None | Base: 8.6 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
2.53.1 | Maybe | None |
az staticwebapp appsettings delete | Release Notes (Security Update) | Critical | Information Disclosure | None | Base: 8.6 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
2.53.1 | Maybe | None |
az staticwebapp appsettings set | Release Notes (Security Update) | Critical | Information Disclosure | None | Base: 8.6 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
2.53.1 | No | None |
az webapp config appsettings delete | Release Notes (Security Update) | Critical | Information Disclosure | None | Base: 8.6 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
2.53.1 | Maybe | None |
az webapp config appsettings set | Release Notes (Security Update) | Critical | Information Disclosure | None | Base: 8.6 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
2.53.1 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2023-36052 | Aviad Hahami with PANW |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-36043
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Open Management Infrastructure Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.1
Executive Summary: None FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An attacker who successfully exploits this vulnerability could affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component could be different from the impacted component and are managed by different security authorities. What type of information could be disclosed by this vulnerability? Successful exploitation of this vulnerability could allow an attacker to access credentials of privileged accounts stored in trace logs on the machine being monitored by SCOM. What versions of OMI are affected? OMI versions v1.7.1-0 and below are affected. How do the updates address the vulnerability? The update disables logging of the credentials in the trace file and deletes the existing trace files that may have credentials logged. Is there any action customers need to take? In addition to updating their affected versions of SCOM, customers are encouraged to reset their privileged account passwords. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker be an authenticated user with read access to the trace file on the machine being monitored with SCOM and OMI installed. What is OMI? Open Management Infrastructure (OMI) is an open-source Web-Based Enterprise Management (WBEM) implementation for managing Linux and UNIX systems. SCOM uses this framework to orchestrate configuration management and log collection on Linux VMs. More information can be found here: GitHub - Open Management Infrastructure. Mitigations: None Workarounds: None Revision: 1.0    14-Nov-23     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-36043 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
System Center Operations Manager (SCOM) 2016 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:T/RC:C |
1.7.3-0 | Maybe | None |
System Center Operations Manager (SCOM) 2019 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:T/RC:C |
1.7.3-0 | Maybe | None |
System Center Operations Manager (SCOM) 2022 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:T/RC:C |
1.7.3-0 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2023-36043 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-36036
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.2
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    14-Nov-23     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
CVE-2023-36036 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5032199 (Security Update) | Important | Elevation of Privilege | 5031377 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.10240.20308 | Yes | None |
Windows 10 for x64-based Systems | 5032199 (Security Update) | Important | Elevation of Privilege | 5031377 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.10240.20308 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5032197 (Security Update) | Important | Elevation of Privilege | 5031362 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5032197 (Security Update) | Important | Elevation of Privilege | 5031362 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows 10 Version 1809 for ARM64-based Systems | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows 10 Version 1809 for x64-based Systems | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows 10 Version 21H2 for 32-bit Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
Windows 10 Version 21H2 for ARM64-based Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
Windows 10 Version 21H2 for x64-based Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
Windows 10 Version 22H2 for 32-bit Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
Windows 10 Version 22H2 for ARM64-based Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
Windows 10 Version 22H2 for x64-based Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
Windows 11 version 21H2 for ARM64-based Systems | 5032192 (Security Update) | Important | Elevation of Privilege | 5031358 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22000.2600 |
Yes | 5032192 |
Windows 11 version 21H2 for x64-based Systems | 5032192 (Security Update) | Important | Elevation of Privilege | 5031358 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22000.2600 |
Yes | 5032192 |
Windows 11 Version 22H2 for ARM64-based Systems | 5032190 (Security Update) | Important | Elevation of Privilege | 5031354 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows 11 Version 22H2 for x64-based Systems | 5032190 (Security Update) | Important | Elevation of Privilege | 5031354 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows 11 Version 23H2 for ARM64-based Systems | 5032190 (Security Update) | Important | Elevation of Privilege | 5031354 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows 11 Version 23H2 for x64-based Systems | 5032190 (Security Update) | Important | Elevation of Privilege | 5031354 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Elevation of Privilege | 5031416 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Elevation of Privilege | 5031416 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Elevation of Privilege | 5031416 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5032254 (Monthly Rollup) 5032248 (Security Only) |
Important | Elevation of Privilege | 5031416 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.0.6003.22367 |
Yes | 5032254 5032248 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5032252 (Monthly Rollup) 5032250 (Security Only) |
Important | Elevation of Privilege | 5031408 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.1.7601.26816 |
Yes | 5032252 5032250 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5032252 (Monthly Rollup) 5032250 (Security Only) |
Important | Elevation of Privilege | 5031408 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.1.7601.26816 |
Yes | 5032252 5032250 |
Windows Server 2012 | 5032247 (Monthly Rollup) | Important | Elevation of Privilege | 5031442 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.2.9200.24569 | Yes | None |
Windows Server 2012 (Server Core installation) | 5032247 (Monthly Rollup) | Important | Elevation of Privilege | 5031442 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.2.9200.24569 | Yes | None |
Windows Server 2012 R2 | 5032249 (Monthly Rollup) | Important | Elevation of Privilege | 5031419 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.3.9600.21668 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5032249 (Monthly Rollup) | Important | Elevation of Privilege | 5031419 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.3.9600.21668 | Yes | None |
Windows Server 2016 | 5032197 (Security Update) | Important | Elevation of Privilege | 5031362 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows Server 2016 (Server Core installation) | 5032197 (Security Update) | Important | Elevation of Privilege | 5031362 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows Server 2019 | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows Server 2019 (Server Core installation) | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows Server 2022 | 5032198 (Security Update) | Important | Elevation of Privilege | 5031364 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.20348.2113 | Yes | None |
Windows Server 2022 (Server Core installation) | 5032198 (Security Update) | Important | Elevation of Privilege | 5031364 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.20348.2113 | Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5032202 (Security Update) | Important | Elevation of Privilege | 5031364 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.25398.531 | Yes | None |
CVE ID | Acknowledgements |
CVE-2023-36036 | Microsoft Threat Intelligence
Microsoft Security Response Center |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||
CVE-2023-36034
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability? The performance can be interrupted and/or reduced, but the attacker cannot fully deny service. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L). What does that mean for this vulnerability? The attacker who successfully exploited the vulnerability could have limited ability to perform code execution. What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    02-Nov-23     Information published. |
Moderate | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-36034 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Moderate | Remote Code Execution | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C |
119.0.2151.44 | No | None |
Microsoft Edge (Chromium-based) Extended Stable | Release Notes (Security Update) | Moderate | Remote Code Execution | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C |
118.0.2088.88 | No | None |
CVE ID | Acknowledgements |
CVE-2023-36034 | HAO LI of VenusTech ADLab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||
CVE-2023-36024
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.1/TemporalScore:6.2
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? This vulnerability could lead to a browser sandbox escape. According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability? While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack. Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal? Per our severity guidelines, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, "If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded". The CVSS scoring system doesn't allow for this type of nuance. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could allow the attacker to perform remote code execution. What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    09-Nov-23     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-36024 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C |
119.0.2151.58 | No | None |
Microsoft Edge (Chromium-based) Extended Stable | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C |
118.0.2088.102 | No | None |
CVE ID | Acknowledgements |
CVE-2023-36024 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-36017
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Scripting Engine Memory Corruption Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message. The CVE title says Windows Scripting Engine, what does that mean for this vulnerability? This vulnerability impacts the JScript9 scripting engine. Mitigations: None Workarounds: None Revision: 1.0    14-Nov-23     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-36017 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5032199 (Security Update) | Important | Remote Code Execution | 5031377 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20308 | Yes | None |
Windows 10 for x64-based Systems | 5032199 (Security Update) | Important | Remote Code Execution | 5031377 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20308 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5032197 (Security Update) | Important | Remote Code Execution | 5031362 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5032197 (Security Update) | Important | Remote Code Execution | 5031362 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5032196 (Security Update) | Important | Remote Code Execution | 5031361 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows 10 Version 1809 for ARM64-based Systems | 5032196 (Security Update) | Important | Remote Code Execution | 5031361 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows 10 Version 1809 for x64-based Systems | 5032196 (Security Update) | Important | Remote Code Execution | 5031361 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows 10 Version 21H2 for 32-bit Systems | 5032189 (Security Update) | Important | Remote Code Execution | 5031356 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
Windows 10 Version 21H2 for ARM64-based Systems | 5032189 (Security Update) | Important | Remote Code Execution | 5031356 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
Windows 10 Version 21H2 for x64-based Systems | 5032189 (Security Update) | Important | Remote Code Execution | 5031356 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
Windows 10 Version 22H2 for 32-bit Systems | 5032189 (Security Update) | Important | Remote Code Execution | 5031356 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
Windows 10 Version 22H2 for ARM64-based Systems | 5032189 (Security Update) | Important | Remote Code Execution | 5031356 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
Windows 10 Version 22H2 for x64-based Systems | 5032189 (Security Update) | Important | Remote Code Execution | 5031356 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
Windows 11 version 21H2 for ARM64-based Systems | 5032192 (Security Update) | Important | Remote Code Execution | 5031358 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2600 |
Yes | 5032192 |
Windows 11 version 21H2 for x64-based Systems | 5032192 (Security Update) | Important | Remote Code Execution | 5031358 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2600 |
Yes | 5032192 |
Windows 11 Version 22H2 for ARM64-based Systems | 5032190 (Security Update) | Important | Remote Code Execution | 5031354 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows 11 Version 22H2 for x64-based Systems | 5032190 (Security Update) | Important | Remote Code Execution | 5031354 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows 11 Version 23H2 for ARM64-based Systems | 5032190 (Security Update) | Important | Remote Code Execution | 5031354 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows 11 Version 23H2 for x64-based Systems | 5032190 (Security Update) | Important | Remote Code Execution | 5031354 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5032252 (Monthly Rollup) 5032250 (Security Only) 5032191 (IE Cumulative) |
Important | Remote Code Execution | 5031408 5031355 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26816 1.001 |
Yes | 5032252 5032250 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5032252 (Monthly Rollup) 5032250 (Security Only) 5032191 (IE Cumulative) |
Important | Remote Code Execution | 5031408 5031355 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26816 1.001 |
Yes | 5032252 5032250 |
Windows Server 2012 | 5032191 (IE Cumulative) 5032247 (Monthly Rollup) |
Important | Remote Code Execution | 5031355 5031442 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
1.001 6.2.9200.24569 |
Yes | None |
Windows Server 2012 (Server Core installation) | 5032191 (IE Cumulative) 5032247 (Monthly Rollup) |
Important | Remote Code Execution | 5031355 5031442 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
1.001 6.2.9200.24569 |
Yes | None |
Windows Server 2012 R2 | 5032191 (IE Cumulative) 5032249 (Monthly Rollup) |
Important | Remote Code Execution | 5031355 5031419 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
1.001 6.3.9600.21668 |
Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5032191 (IE Cumulative) 5032249 (Monthly Rollup) |
Important | Remote Code Execution | 5031355 5031419 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
1.001 6.3.9600.21668 |
Yes | None |
Windows Server 2016 | 5032197 (Security Update) | Important | Remote Code Execution | 5031362 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows Server 2016 (Server Core installation) | 5032197 (Security Update) | Important | Remote Code Execution | 5031362 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
Windows Server 2019 | 5032196 (Security Update) | Important | Remote Code Execution | 5031361 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows Server 2019 (Server Core installation) | 5032196 (Security Update) | Important | Remote Code Execution | 5031361 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
Windows Server 2022 | 5032198 (Security Update) | Important | Remote Code Execution | 5031364 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2113 | Yes | None |
Windows Server 2022 (Server Core installation) | 5032198 (Security Update) | Important | Remote Code Execution | 5031364 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2113 | Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5032202 (Security Update) | Important | Remote Code Execution | 5031364 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.531 | Yes | None |
CVE ID | Acknowledgements |
CVE-2023-36017 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||
CVE-2023-36007
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.6/TemporalScore:6.6
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. According to the CVSS metric, successful exploitation of this vulnerability |