Microsoft CVE Summary

This report contains detail for the following vulnerabilities:

CVE Issued by Tag CVE ID CVE Title
MicrosoftAzure Connected Machine Agent CVE-2023-35624 Azure Connected Machine Agent Elevation of Privilege Vulnerability
MicrosoftAzure Machine Learning CVE-2023-35625 Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability
AMDChipsets CVE-2023-20588 AMD: CVE-2023-20588 AMD Speculative Leaks Security Notice
MicrosoftMicrosoft Bluetooth Driver CVE-2023-35634 Windows Bluetooth Driver Remote Code Execution Vulnerability
MicrosoftMicrosoft Dynamics CVE-2023-35621 Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability
MicrosoftMicrosoft Dynamics CVE-2023-36020 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
MicrosoftMicrosoft Edge (Chromium-based) CVE-2023-35618 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
MicrosoftMicrosoft Edge (Chromium-based) CVE-2023-36880 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
MicrosoftMicrosoft Edge (Chromium-based) CVE-2023-38174 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
ChromeMicrosoft Edge (Chromium-based) CVE-2023-6509 Chromium: CVE-2023-6509 Use after free in Side Panel Search
ChromeMicrosoft Edge (Chromium-based) CVE-2023-6512 Chromium: CVE-2023-6512 Inappropriate implementation in Web Browser UI
ChromeMicrosoft Edge (Chromium-based) CVE-2023-6508 Chromium: CVE-2023-6508 Use after free in Media Stream
ChromeMicrosoft Edge (Chromium-based) CVE-2023-6511 Chromium: CVE-2023-6511 Inappropriate implementation in Autofill
ChromeMicrosoft Edge (Chromium-based) CVE-2023-6510 Chromium: CVE-2023-6510 Use after free in Media Capture
MicrosoftMicrosoft Office Outlook CVE-2023-35636 Microsoft Outlook Information Disclosure Vulnerability
MicrosoftMicrosoft Office Outlook CVE-2023-35619 Microsoft Outlook for Mac Spoofing Vulnerability
MicrosoftMicrosoft Office Word CVE-2023-36009 Microsoft Word Information Disclosure Vulnerability
MicrosoftMicrosoft Power Platform Connector CVE-2023-36019 Microsoft Power Platform Connector Spoofing Vulnerability
MicrosoftMicrosoft WDAC OLE DB provider for SQL CVE-2023-36006 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
MicrosoftMicrosoft Windows DNS CVE-2023-35622 Windows DNS Spoofing Vulnerability
MicrosoftWindows Cloud Files Mini Filter Driver CVE-2023-36696 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
MicrosoftWindows Defender CVE-2023-36010 Microsoft Defender Denial of Service Vulnerability
MicrosoftWindows DHCP Server CVE-2023-35643 DHCP Server Service Information Disclosure Vulnerability
MicrosoftWindows DHCP Server CVE-2023-35638 DHCP Server Service Denial of Service Vulnerability
MicrosoftWindows DHCP Server CVE-2023-36012 DHCP Server Service Information Disclosure Vulnerability
MicrosoftWindows DPAPI (Data Protection Application Programming Interface) CVE-2023-36004 Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability
MicrosoftWindows Internet Connection Sharing (ICS) CVE-2023-35642 Internet Connection Sharing (ICS) Denial of Service Vulnerability
MicrosoftWindows Internet Connection Sharing (ICS) CVE-2023-35630 Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
MicrosoftWindows Internet Connection Sharing (ICS) CVE-2023-35632 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
MicrosoftWindows Internet Connection Sharing (ICS) CVE-2023-35641 Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
MicrosoftWindows Kernel CVE-2023-35633 Windows Kernel Elevation of Privilege Vulnerability
MicrosoftWindows Kernel CVE-2023-35635 Windows Kernel Denial of Service Vulnerability
MicrosoftWindows Kernel-Mode Drivers CVE-2023-35644 Windows Sysmain Service Elevation of Privilege
MicrosoftWindows Local Security Authority Subsystem Service (LSASS) CVE-2023-36391 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
MicrosoftWindows Media CVE-2023-21740 Windows Media Remote Code Execution Vulnerability
MicrosoftWindows MSHTML Platform CVE-2023-35628 Windows MSHTML Platform Remote Code Execution Vulnerability
MicrosoftWindows ODBC Driver CVE-2023-35639 Microsoft ODBC Driver Remote Code Execution Vulnerability
MicrosoftWindows Telephony Server CVE-2023-36005 Windows Telephony Server Elevation of Privilege Vulnerability
MicrosoftWindows USB Mass Storage Class Driver CVE-2023-35629 Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability
MicrosoftWindows Win32K CVE-2023-36011 Win32k Elevation of Privilege Vulnerability
MicrosoftWindows Win32K CVE-2023-35631 Win32k Elevation of Privilege Vulnerability
MicrosoftXAML Diagnostics CVE-2023-36003 XAML Diagnostics Elevation of Privilege Vulnerability

CVE-2023-6508 - Chromium: CVE-2023-6508 Use after free in Media Stream

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-6508
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2023-6508 Use after free in Media Stream
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
120.0.2210.61 12/7/2023 120.0.6099.62/.63

Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Dec-23    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-6508
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
120.0.2210.61 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-6508 None

CVE-2023-6509 - Chromium: CVE-2023-6509 Use after free in Side Panel Search

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-6509
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2023-6509 Use after free in Side Panel Search
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
120.0.2210.61 12/7/2023 120.0.6099.62/.63

Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Dec-23    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-6509
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
120.0.2210.61 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-6509 None

CVE-2023-6510 - Chromium: CVE-2023-6510 Use after free in Media Capture

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-6510
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2023-6510 Use after free in Media Capture
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
120.0.2210.61 12/7/2023 120.0.6099.62/.63

Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Dec-23    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-6510
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
120.0.2210.61 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-6510 None

CVE-2023-6511 - Chromium: CVE-2023-6511 Inappropriate implementation in Autofill

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-6511
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2023-6511 Inappropriate implementation in Autofill
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
120.0.2210.61 12/7/2023 120.0.6099.62/.63

Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Dec-23    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-6511
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
120.0.2210.61 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-6511 None

CVE-2023-6512 - Chromium: CVE-2023-6512 Inappropriate implementation in Web Browser UI

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-6512
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2023-6512 Inappropriate implementation in Web Browser UI
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
120.0.2210.61 12/7/2023 120.0.6099.62/.63

Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Dec-23    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-6512
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
120.0.2210.61 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-6512 None

CVE-2023-36696 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-36696
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Dec-23    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-36696
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 1809 for 32-bit Systems 5033371 (Security Update) Important Elevation of Privilege 5031361
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 1809 for ARM64-based Systems 5033371 (Security Update) Important Elevation of Privilege 5031361
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 1809 for x64-based Systems 5033371 (Security Update) Important Elevation of Privilege 5031361
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 21H2 for 32-bit Systems 5033372 (Security Update) Important Elevation of Privilege 5032189
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 21H2 for ARM64-based Systems 5033372 (Security Update) Important Elevation of Privilege 5032189
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 21H2 for x64-based Systems 5033372 (Security Update) Important Elevation of Privilege 5032189
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 22H2 for 32-bit Systems 5033372 (Security Update) Important Elevation of Privilege
5032189
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 10 Version 22H2 for ARM64-based Systems 5033372 (Security Update) Important Elevation of Privilege
5032189
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 10 Version 22H2 for x64-based Systems 5033372 (Security Update) Important Elevation of Privilege
5032189
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 11 version 21H2 for ARM64-based Systems 5033369 (Security Update) Important Elevation of Privilege 5032192
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2652
Yes 5033369
Windows 11 version 21H2 for x64-based Systems 5033369 (Security Update) Important Elevation of Privilege 5032192
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2652
Yes 5033369
Windows 11 Version 22H2 for ARM64-based Systems 5033375 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2861
Yes 5033375
Windows 11 Version 22H2 for x64-based Systems 5033375 (Security Update) Important Elevation of Privilege
5032190
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22621.2861
Yes 5033375
Windows 11 Version 23H2 for ARM64-based Systems 5033375 (Security Update) Important Elevation of Privilege
5032190
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.2861
Yes 5033375
Windows 11 Version 23H2 for x64-based Systems 5033375 (Security Update) Important Elevation of Privilege
5032190
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.2861
Yes 5033375
Windows Server 2019 5033371 (Security Update) Important Elevation of Privilege 5031361
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows Server 2019 (Server Core installation) 5033371 (Security Update) Important Elevation of Privilege 5031361
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows Server 2022 5033118 (Security Update)
5033464 (Security Hotpatch Update)
Important Elevation of Privilege 5032198
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2159
10.0.20348.2144
Yes None
Windows Server 2022 (Server Core installation) 5033118 (Security Update)
5033464 (Security Hotpatch Update)
Important Elevation of Privilege 5032198
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2159
10.0.20348.2144
Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5033383 (Security Update) Important Elevation of Privilege 5032202 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.584 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-36696 RanchoIce


CVE-2023-36391 - Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-36391
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Dec-23    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-36391
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 11 Version 23H2 for ARM64-based Systems 5033375 (Security Update) Important Elevation of Privilege 5032190
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.2861
Yes 5033375
Windows 11 Version 23H2 for x64-based Systems 5033375 (Security Update) Important Elevation of Privilege 5032190
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.2861
Yes 5033375

Acknowledgements

CVE ID Acknowledgements
CVE-2023-36391 Filip Dragović


CVE-2023-36020 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-36020
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.6/TemporalScore:6.6
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeChanged
ConfidentialityHigh
IntegrityLow
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would have to click on a specially crafted URL to be compromised by the attacker.


According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.


According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.


According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?

The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Dec-23    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-36020
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Dynamics 365 (on-premises) version 9.0 5032298 (Security Update) Important Spoofing None Base: 7.6
Temporal: 6.6
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
9.0.51.06 Maybe None
Microsoft Dynamics 365 (on-premises) version 9.1 5032297 (Security Update) Important Spoofing None Base: 7.6
Temporal: 6.6
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
9.1.23.10 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-36020 batram


CVE-2023-36009 - Microsoft Word Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-36009
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft Word Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

A user needs to be tricked into running malicious files.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Dec-23    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-36009
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None
Microsoft Office 2016 (32-bit edition) 5002520 (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
16.0.5426.1000 Maybe None
Microsoft Office 2016 (64-bit edition) 5002520 (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
16.0.5426.1000 Maybe None
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None
Microsoft Office LTSC 2021 for 32-bit editions Click to Run (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None
Microsoft Office LTSC 2021 for 64-bit editions Click to Run (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None
Microsoft Office LTSC for Mac 2021 Release Notes (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
16.80.23121017 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-36009 ErPaciocco


CVE-2023-36011 - Win32k Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-36011
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Dec-23    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-36011
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5033379 (Security Update) Important Elevation of Privilege 5032199 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20345 Yes None
Windows 10 for x64-based Systems 5033379 (Security Update) Important Elevation of Privilege 5032199 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20345 Yes None
Windows 10 Version 1607 for 32-bit Systems 5033373 (Security Update) Important Elevation of Privilege 5032197 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows 10 Version 1607 for x64-based Systems 5033373 (Security Update) Important Elevation of Privilege 5032197 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows 10 Version 1809 for 32-bit Systems 5033371 (Security Update) Important Elevation of Privilege 5031361
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 1809 for ARM64-based Systems 5033371 (Security Update) Important Elevation of Privilege 5031361
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 1809 for x64-based Systems 5033371 (Security Update) Important Elevation of Privilege 5031361
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 21H2 for 32-bit Systems 5033372 (Security Update) Important Elevation of Privilege 5032189
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 21H2 for ARM64-based Systems 5033372 (Security Update) Important Elevation of Privilege 5032189
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 21H2 for x64-based Systems 5033372 (Security Update) Important Elevation of Privilege 5032189
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 22H2 for 32-bit Systems 5033372 (Security Update) Important Elevation of Privilege
5032189
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 10 Version 22H2 for ARM64-based Systems 5033372 (Security Update) Important Elevation of Privilege
5032189
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 10 Version 22H2 for x64-based Systems 5033372 (Security Update) Important Elevation of Privilege
5032189
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 11 version 21H2 for ARM64-based Systems 5033369 (Security Update) Important Elevation of Privilege 5032192
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2652
Yes 5033369
Windows 11 version 21H2 for x64-based Systems 5033369 (Security Update) Important Elevation of Privilege 5032192
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2652
Yes 5033369
Windows 11 Version 22H2 for ARM64-based Systems 5033375 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2861
Yes 5033375
Windows 11 Version 22H2 for x64-based Systems 5033375 (Security Update) Important Elevation of Privilege
5032190
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22621.2861
Yes 5033375
Windows 11 Version 23H2 for ARM64-based Systems 5033375 (Security Update) Important Elevation of Privilege
5032190
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.2861
Yes 5033375
Windows 11 Version 23H2 for x64-based Systems 5033375 (Security Update) Important Elevation of Privilege
5032190
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.2861
Yes 5033375
Windows Server 2012 5033429 (Monthly Rollup) Important Elevation of Privilege 5032247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24614 Yes None
Windows Server 2012 (Server Core installation) 5033429 (Monthly Rollup) Important Elevation of Privilege 5032247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24614 Yes None
Windows Server 2012 R2 5033420 (Monthly Rollup) Important Elevation of Privilege 5032249 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21715 Yes None
Windows Server 2012 R2 (Server Core installation) 5033420 (Monthly Rollup) Important Elevation of Privilege 5032249 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21715 Yes None
Windows Server 2016 5033373 (Security Update) Important Elevation of Privilege 5032197 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows Server 2016 (Server Core installation) 5033373 (Security Update) Important Elevation of Privilege 5032197 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows Server 2019 5033371 (Security Update) Important Elevation of Privilege 5031361
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows Server 2019 (Server Core installation) 5033371 (Security Update) Important Elevation of Privilege 5031361
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows Server 2022 5033118 (Security Update)
5033464 (Security Hotpatch Update)
Important Elevation of Privilege 5032198
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2159
10.0.20348.2144
Yes None
Windows Server 2022 (Server Core installation) 5033118 (Security Update)
5033464 (Security Hotpatch Update)
Important Elevation of Privilege 5032198
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2159
10.0.20348.2144
Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5033383 (Security Update) Important Elevation of Privilege 5032202 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.584 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-36011 guopengfei with QiAnXin Group


CVE-2023-35618 - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-35618
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:9.6/TemporalScore:8.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

This vulnerability could lead to a browser sandbox escape.


Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal?

Per our severity guidelines, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, "If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded". The CVSS scoring system doesn't allow for this type of nuance.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.


What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could allow the attacker to gain the privileges needed to perform code execution.


Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Dec-23    

Information published.


Moderate Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-35618
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Moderate Elevation of Privilege None Base: 9.6
Temporal: 8.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
120.0.2210.61 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-35618 Anonymous


CVE-2023-20588 - AMD: CVE-2023-20588 AMD Speculative Leaks Security Notice

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-20588
MITRE
NVD

Issuing CNA: AMD

CVE Title: AMD: CVE-2023-20588 AMD Speculative Leaks Security Notice
CVSS:
None
Executive Summary:
None
FAQ:

Why is this AMD CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability.

Please see the following for more information:


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Dec-23    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Yes No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-20588
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5033379 (Security Update) Important Information Disclosure 5032199 Base: N/A
Temporal: N/A
Vector: N/A
10.0.10240.20345 Yes None
Windows 10 for x64-based Systems 5033379 (Security Update) Important Information Disclosure 5032199 Base: N/A
Temporal: N/A
Vector: N/A
10.0.10240.20345 Yes None
Windows 10 Version 1607 for 32-bit Systems 5033373 (Security Update) Important Information Disclosure 5032197 Base: N/A
Temporal: N/A
Vector: N/A
10.0.14393.6529 Yes None
Windows 10 Version 1607 for x64-based Systems 5033373 (Security Update) Important Information Disclosure 5032197 Base: N/A
Temporal: N/A
Vector: N/A
10.0.14393.6529 Yes None
Windows 10 Version 1809 for 32-bit Systems 5033371 (Security Update) Important Information Disclosure 5031361
Base: N/A
Temporal: N/A
Vector: N/A
10.0.17763.5206
Yes 5033371
Windows 10 Version 1809 for ARM64-based Systems 5033371 (Security Update) Important Information Disclosure 5031361
Base: N/A
Temporal: N/A
Vector: N/A
10.0.17763.5206
Yes 5033371
Windows 10 Version 1809 for x64-based Systems 5033371 (Security Update) Important Information Disclosure 5031361
Base: N/A
Temporal: N/A
Vector: N/A
10.0.17763.5206
Yes 5033371
Windows 10 Version 21H2 for 32-bit Systems 5033372 (Security Update) Important Information Disclosure 5032189
Base: N/A
Temporal: N/A
Vector: N/A
10.0.19041.3803
Yes 5033372
Windows 10 Version 21H2 for ARM64-based Systems 5033372 (Security Update) Important Information Disclosure 5032189
Base: N/A
Temporal: N/A
Vector: N/A
10.0.19041.3803
Yes 5033372
Windows 10 Version 21H2 for x64-based Systems 5033372 (Security Update) Important Information Disclosure 5032189
Base: N/A
Temporal: N/A
Vector: N/A
10.0.19041.3803
Yes 5033372
Windows 10 Version 22H2 for 32-bit Systems 5033372 (Security Update) Important Information Disclosure
5032189
Base: N/A
Temporal: N/A
Vector: N/A

10.0.19045.3803
Yes 5033372
Windows 10 Version 22H2 for ARM64-based Systems 5033372 (Security Update) Important Information Disclosure
5032189
Base: N/A
Temporal: N/A
Vector: N/A

10.0.19045.3803
Yes 5033372
Windows 10 Version 22H2 for x64-based Systems 5033372 (Security Update) Important Information Disclosure
5032189
Base: N/A
Temporal: N/A
Vector: N/A

10.0.19045.3803
Yes 5033372
Windows 11 version 21H2 for ARM64-based Systems 5033369 (Security Update) Important Information Disclosure 5032192
Base: N/A
Temporal: N/A
Vector: N/A
10.0.22000.2652
Yes 5033369
Windows 11 version 21H2 for x64-based Systems 5033369 (Security Update) Important Information Disclosure 5032192
Base: N/A
Temporal: N/A
Vector: N/A
10.0.22000.2652
Yes 5033369
Windows 11 Version 22H2 for ARM64-based Systems 5033375 (Security Update) Important Information Disclosure Base: N/A
Temporal: N/A
Vector: N/A
10.0.22621.2861
Yes 5033375
Windows 11 Version 22H2 for x64-based Systems 5033375 (Security Update) Important Information Disclosure
5032190
Base: N/A
Temporal: N/A
Vector: N/A

10.0.22621.2861
Yes 5033375
Windows 11 Version 23H2 for ARM64-based Systems 5033375 (Security Update) Important Information Disclosure
5032190
Base: N/A
Temporal: N/A
Vector: N/A

10.0.22631.2861
Yes 5033375
Windows 11 Version 23H2 for x64-based Systems 5033375 (Security Update) Important Information Disclosure
5032190
Base: N/A
Temporal: N/A
Vector: N/A

10.0.22631.2861
Yes 5033375
Windows Server 2008 for 32-bit Systems Service Pack 2 5033422 (Monthly Rollup)
5033427 (Security Only)
Important Information Disclosure 5032254
Base: N/A
Temporal: N/A
Vector: N/A
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5033422 (Monthly Rollup)
5033427 (Security Only)
Important Information Disclosure 5032254
Base: N/A
Temporal: N/A
Vector: N/A
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 for x64-based Systems Service Pack 2 5033422 (Monthly Rollup)
5033427 (Security Only)
Important Information Disclosure 5032254
Base: N/A
Temporal: N/A
Vector: N/A
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5033422 (Monthly Rollup)
5033427 (Security Only)
Important Information Disclosure 5032254
Base: N/A
Temporal: N/A
Vector: N/A
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5033433 (Monthly Rollup)
5033424 (Security Only)
Important Information Disclosure 5032252
Base: N/A
Temporal: N/A
Vector: N/A
6.1.7601.26864
Yes 5033433
5033424
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5033433 (Monthly Rollup)
5033424 (Security Only)
Important Information Disclosure 5032252
Base: N/A
Temporal: N/A
Vector: N/A
6.1.7601.26864
Yes 5033433
5033424
Windows Server 2012 5033429 (Monthly Rollup) Important Information Disclosure 5032247 Base: N/A
Temporal: N/A
Vector: N/A
6.2.9200.24614 Yes None
Windows Server 2012 (Server Core installation) 5033429 (Monthly Rollup) Important Information Disclosure 5032247 Base: N/A
Temporal: N/A
Vector: N/A
6.2.9200.24614 Yes None
Windows Server 2012 R2 5033420 (Monthly Rollup) Important Information Disclosure 5032249 Base: N/A
Temporal: N/A
Vector: N/A
6.3.9600.21715 Yes None
Windows Server 2012 R2 (Server Core installation) 5033420 (Monthly Rollup) Important Information Disclosure 5032249 Base: N/A
Temporal: N/A
Vector: N/A
6.3.9600.21715 Yes None
Windows Server 2016 5033373 (Security Update) Important Information Disclosure 5032197 Base: N/A
Temporal: N/A
Vector: N/A
10.0.14393.6529 Yes None
Windows Server 2016 (Server Core installation) 5033373 (Security Update) Important Information Disclosure 5032197 Base: N/A
Temporal: N/A
Vector: N/A
10.0.14393.6529 Yes None
Windows Server 2019 5033371 (Security Update) Important Information Disclosure 5031361
Base: N/A
Temporal: N/A
Vector: N/A
10.0.17763.5206
Yes 5033371
Windows Server 2019 (Server Core installation) 5033371 (Security Update) Important Information Disclosure 5031361
Base: N/A
Temporal: N/A
Vector: N/A
10.0.17763.5206
Yes 5033371
Windows Server 2022 5033118 (Security Update)
5033464 (Security Hotpatch Update)
Important Information Disclosure 5032198
Base: N/A
Temporal: N/A
Vector: N/A
10.0.20348.2159
10.0.20348.2144
Yes None
Windows Server 2022 (Server Core installation) 5033118 (Security Update)
5033464 (Security Hotpatch Update)
Important Information Disclosure 5032198
Base: N/A
Temporal: N/A
Vector: N/A
10.0.20348.2159
10.0.20348.2144
Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5033383 (Security Update) Important Information Disclosure 5032202 Base: N/A
Temporal: N/A
Vector: N/A
10.0.25398.584 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-20588 None

CVE-2023-35625 - Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-35625
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:4.7/TemporalScore:4.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does this mean for this vulnerability?

The vulnerability enables data leakage only when a user's script is improperly used and triggers specific errors. The conditions required for triggering the error are not easily met making the complexity high.


What type of information could be disclosed by this vulnerability?

The Azure Machine Learning (ML) training data associated with user accounts will be disclosed. This data primarily consists of information used for ML model training purposes within the Azure ML system.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Dec-23    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-35625
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Machine Learning SDK Release Notes (Security Update) Important Information Disclosure None Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
1.5.0 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-35625 Fei Deng


CVE-2023-21740 - Windows Media Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-21740
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Media Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

Exploitation of the vulnerability requires that a user open a specially crafted file.

  • In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
  • In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.

An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Dec-23    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-21740
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5033379 (Security Update) Important Remote Code Execution 5032199 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20345 Yes None
Windows 10 for x64-based Systems 5033379 (Security Update) Important Remote Code Execution 5032199 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20345 Yes None
Windows 10 Version 1607 for 32-bit Systems 5033373 (Security Update) Important Remote Code Execution 5032197 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows 10 Version 1607 for x64-based Systems 5033373 (Security Update) Important Remote Code Execution 5032197 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows 10 Version 1809 for 32-bit Systems 5033371 (Security Update) Important Remote Code Execution 5031361
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 1809 for ARM64-based Systems 5033371 (Security Update) Important Remote Code Execution 5031361
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 1809 for x64-based Systems 5033371 (Security Update) Important Remote Code Execution 5031361
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 21H2 for 32-bit Systems 5033372 (Security Update) Important Remote Code Execution 5032189
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 21H2 for ARM64-based Systems 5033372 (Security Update) Important Remote Code Execution 5032189
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 21H2 for x64-based Systems 5033372 (Security Update) Important Remote Code Execution 5032189
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 22H2 for 32-bit Systems 5033372 (Security Update) Important Remote Code Execution
5032189
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 10 Version 22H2 for ARM64-based Systems 5033372 (Security Update) Important Remote Code Execution
5032189
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 10 Version 22H2 for x64-based Systems 5033372 (Security Update) Important Remote Code Execution
5032189
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 11 version 21H2 for ARM64-based Systems 5033369 (Security Update) Important Remote Code Execution 5032192
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2652
Yes 5033369
Windows 11 version 21H2 for x64-based Systems 5033369 (Security Update) Important Remote Code Execution 5032192
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2652
Yes 5033369
Windows 11 Version 22H2 for ARM64-based Systems 5033375 (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2861
Yes 5033375
Windows 11 Version 22H2 for x64-based Systems 5033375 (Security Update) Important Remote Code Execution
5032190
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22621.2861
Yes 5033375
Windows 11 Version 23H2 for ARM64-based Systems 5033375 (Security Update) Important Remote Code Execution
5032190
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.2861
Yes 5033375
Windows 11 Version 23H2 for x64-based Systems 5033375 (Security Update) Important Remote Code Execution
5032190
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.2861
Yes 5033375
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5033433 (Monthly Rollup)
5033424 (Security Only)
Important Remote Code Execution 5032252
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26864
Yes 5033433
5033424
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5033433 (Monthly Rollup)
5033424 (Security Only)
Important Remote Code Execution 5032252
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26864
Yes 5033433
5033424
Windows Server 2012 5033429 (Monthly Rollup) Important Remote Code Execution 5032247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24614 Yes None
Windows Server 2012 (Server Core installation) 5033429 (Monthly Rollup) Important Remote Code Execution 5032247 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24614 Yes None
Windows Server 2012 R2 5033420 (Monthly Rollup) Important Remote Code Execution 5032249 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21715 Yes None
Windows Server 2012 R2 (Server Core installation) 5033420 (Monthly Rollup) Important Remote Code Execution 5032249 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21715 Yes None
Windows Server 2016 5033373 (Security Update) Important Remote Code Execution 5032197 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows Server 2016 (Server Core installation) 5033373 (Security Update) Important Remote Code Execution 5032197 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows Server 2019 5033371 (Security Update) Important Remote Code Execution 5031361
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows Server 2019 (Server Core installation) 5033371 (Security Update) Important Remote Code Execution 5031361
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows Server 2022 5033118 (Security Update)
5033464 (Security Hotpatch Update)
Important Remote Code Execution 5032198
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2159
10.0.20348.2144
Yes None
Windows Server 2022 (Server Core installation) 5033118 (Security Update)
5033464 (Security Hotpatch Update)
Important Remote Code Execution 5032198
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2159
10.0.20348.2144
Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5033383 (Security Update) Important Remote Code Execution 5032202 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.584 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-21740 Nguyễn Hồng Quang (@quangnh89) with Viettel Cyber Security


Lê Trần Hải Tùng (@tacbliw) with Viettel Cyber Security


CVE-2023-38174 - Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-38174
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:4.3/TemporalScore:3.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityLow
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would have to click on a specially crafted URL to be compromised by the attacker.


According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?

Exploitation of this vulnerability only discloses limited information, no sensitive information can be obtained.


Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Dec-23    

Information published.


Low Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-38174
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Low Information Disclosure None Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
120.0.2210.61 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-38174 Josef Haji Karimian


CVE-2023-36019 - Microsoft Power Platform Connector Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-36019
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft Power Platform Connector Spoofing Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:9.6/TemporalScore:8.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would have to click on a specially crafted URL to be compromised by the attacker.


According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.


How do I know if my connector does not have a per-connector redirect URI?

Microsoft notified affected customers about this change in behavior via Microsoft 365 Admin Center (MC690931) or Service Health in the Azure Portal (3_SH-LTG) starting on November 17th, 2023. You will need to validate your custom connectors and follow the guidance to make the switch to the per-connector URI.


How do I know if a notification was sent to my organization?

Notifications were sent to customers via the Microsoft 365 Admin Center using a Data Privacy tag. This means that only users with a global administrator role or a Message center privacy reader role can view the notification. These roles are appointed by your organization. You can learn more about these roles and how to assign them at https://azure.microsoft.com/en-us/blog/understanding-service-health-communications-for-azure-vulnerabilities/. If you are a Logic Apps customer, a notification was sent via Service Health in the Azure Portal under tracking ID 3_SH-LTG.


What is the nature of the spoofing?

An attacker could manipulate a malicious link, application, or file to disguise it as a legitimate link or file to trick the victim.


Mitigations:

The following mitigation has been applied to address this vulnerability:

As of November 17, 2023, newly created custom connectors that use OAuth 2.0 to authenticate will automatically have a per connector redirect URI. Existing OAuth 2.0 connectors must be updated to use a per-connector redirect URI before February 17th, 2024. For more information see https://learn.microsoft.com/en-us/connectors/custom-connectors/#21-oauth-20.


Workarounds:
None
Revision:
1.0    12-Dec-23    

Information published.


Critical Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-36019
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Logic Apps Release Notes (Security Update) Critical Spoofing None Base: 9.6
Temporal: 8.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
3.23113 Maybe None
Microsoft Power Platform Release Notes (Security Update) Critical Spoofing None Base: 9.6
Temporal: 8.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
3.23113 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-36019 Kaixuan Luo with Summer Intern @ Samsung Research America, PhD Student @ The Chinese University of Hong Kong


Adonis Fung with Samsung Research America


Xianbo Wang (@sanebow) with The Chinese University of Hong Kong


Wing Cheong Lau with The Chinese University of Hong Kong


CVE-2023-36010 - Microsoft Defender Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-36010
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft Defender Denial of Service Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Dec-23    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-36010
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Malware Protection Platform Release Notes (Security Update) Important Denial of Service None Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
4.18.23110.3 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-36010 Tomer Bar with SafeBreach


CVE-2023-36012 - DHCP Server Service Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-36012
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: DHCP Server Service Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:5.3/TemporalScore:4.6
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.


According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Dec-23    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-36012
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows Server 2008 for 32-bit Systems Service Pack 2 5033422 (Monthly Rollup)
5033427 (Security Only)
Important Information Disclosure 5032254
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5033422 (Monthly Rollup)
5033427 (Security Only)
Important Information Disclosure 5032254
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 for x64-based Systems Service Pack 2 5033422 (Monthly Rollup)
5033427 (Security Only)
Important Information Disclosure 5032254
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5033422 (Monthly Rollup)
5033427 (Security Only)
Important Information Disclosure 5032254
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5033433 (Monthly Rollup)
5033424 (Security Only)
Important Information Disclosure 5032252
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
6.1.7601.26864
Yes 5033433
5033424
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5033433 (Monthly Rollup)
5033424 (Security Only)
Important Information Disclosure 5032252
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
6.1.7601.26864
Yes 5033433
5033424
Windows Server 2012 5033429 (Monthly Rollup) Important Information Disclosure 5032247 Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
6.2.9200.24614 Yes None
Windows Server 2012 (Server Core installation) 5033429 (Monthly Rollup) Important Information Disclosure 5032247 Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
6.2.9200.24614 Yes None
Windows Server 2012 R2 5033420 (Monthly Rollup) Important Information Disclosure 5032249 Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
6.3.9600.21715 Yes None
Windows Server 2012 R2 (Server Core installation) 5033420 (Monthly Rollup) Important Information Disclosure 5032249 Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
6.3.9600.21715 Yes None
Windows Server 2016 5033373 (Security Update) Important Information Disclosure 5032197 Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows Server 2016 (Server Core installation) 5033373 (Security Update) Important Information Disclosure 5032197 Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows Server 2019 5033371 (Security Update) Important Information Disclosure 5031361
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows Server 2019 (Server Core installation) 5033371 (Security Update) Important Information Disclosure 5031361
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows Server 2022 5033118 (Security Update)
5033464 (Security Hotpatch Update)
Important Information Disclosure 5032198
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10.0.20348.2159
10.0.20348.2144
Yes None
Windows Server 2022 (Server Core installation) 5033118 (Security Update)
5033464 (Security Hotpatch Update)
Important Information Disclosure 5032198
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10.0.20348.2159
10.0.20348.2144
Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5033383 (Security Update) Important Information Disclosure 5032202 Base: 5.3
Temporal: 4.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10.0.25398.584 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-36012 Anonymous


CVE-2023-36003 - XAML Diagnostics Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-36003
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: XAML Diagnostics Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:6.7/TemporalScore:5.8
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?

An authorized attacker with regular user privileges may be able to inject a malicious file and then convince a user to execute a UWP application.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Dec-23    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-36003
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5033379 (Security Update) Important Elevation of Privilege 5032199 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20345 Yes None
Windows 10 for x64-based Systems 5033379 (Security Update) Important Elevation of Privilege 5032199 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20345 Yes None
Windows 10 Version 1607 for 32-bit Systems 5033373 (Security Update) Important Elevation of Privilege 5032197 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows 10 Version 1607 for x64-based Systems 5033373 (Security Update) Important Elevation of Privilege 5032197 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows 10 Version 1809 for 32-bit Systems 5033371 (Security Update) Important Elevation of Privilege 5031361
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 1809 for ARM64-based Systems 5033371 (Security Update) Important Elevation of Privilege 5031361
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 1809 for x64-based Systems 5033371 (Security Update) Important Elevation of Privilege 5031361
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 21H2 for 32-bit Systems 5033372 (Security Update) Important Elevation of Privilege 5032189
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 21H2 for ARM64-based Systems 5033372 (Security Update) Important Elevation of Privilege 5032189
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 21H2 for x64-based Systems 5033372 (Security Update) Important Elevation of Privilege 5032189
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 22H2 for 32-bit Systems 5033372 (Security Update) Important Elevation of Privilege
5032189
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 10 Version 22H2 for ARM64-based Systems 5033372 (Security Update) Important Elevation of Privilege
5032189
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 10 Version 22H2 for x64-based Systems 5033372 (Security Update) Important Elevation of Privilege
5032189
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 11 version 21H2 for ARM64-based Systems 5033369 (Security Update) Important Elevation of Privilege 5032192
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2652
Yes 5033369
Windows 11 version 21H2 for x64-based Systems 5033369 (Security Update) Important Elevation of Privilege 5032192
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2652
Yes 5033369
Windows 11 Version 22H2 for ARM64-based Systems 5033375 (Security Update) Important Elevation of Privilege Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2861
Yes 5033375
Windows 11 Version 22H2 for x64-based Systems 5033375 (Security Update) Important Elevation of Privilege
5032190
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22621.2861
Yes 5033375
Windows 11 Version 23H2 for ARM64-based Systems 5033375 (Security Update) Important Elevation of Privilege
5032190
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.2861
Yes 5033375
Windows 11 Version 23H2 for x64-based Systems 5033375 (Security Update) Important Elevation of Privilege
5032190
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.2861
Yes 5033375
Windows Server 2016 5033373 (Security Update) Important Elevation of Privilege 5032197 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows Server 2016 (Server Core installation) 5033373 (Security Update) Important Elevation of Privilege 5032197 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows Server 2019 5033371 (Security Update) Important Elevation of Privilege 5031361
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows Server 2019 (Server Core installation) 5033371 (Security Update) Important Elevation of Privilege 5031361
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows Server 2022 5033118 (Security Update)
5033464 (Security Hotpatch Update)
Important Elevation of Privilege 5032198
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2159
10.0.20348.2144
Yes None
Windows Server 2022 (Server Core installation) 5033118 (Security Update)
5033464 (Security Hotpatch Update)
Important Elevation of Privilege 5032198
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2159
10.0.20348.2144
Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5033383 (Security Update) Important Elevation of Privilege 5032202 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.584 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-36003 Michael Maltsev with Island




CVE-2023-36004 - Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-36004
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What is the attack vector for this vulnerability?

To exploit this vulnerability, an attacker would need to launch a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a man-in-the-middle (MITM) attack.


According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?

An unauthorized attacker must wait for a user to initiate a connection.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Dec-23    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-36004
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5033379 (Security Update) Important Spoofing 5032199 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20345 Yes None
Windows 10 for x64-based Systems 5033379 (Security Update) Important Spoofing 5032199 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20345 Yes None
Windows 10 Version 1607 for 32-bit Systems 5033373 (Security Update) Important Spoofing 5032197 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows 10 Version 1607 for x64-based Systems 5033373 (Security Update) Important Spoofing 5032197 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows 10 Version 1809 for 32-bit Systems 5033371 (Security Update) Important Spoofing 5031361
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 1809 for ARM64-based Systems 5033371 (Security Update) Important Spoofing 5031361
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 1809 for x64-based Systems 5033371 (Security Update) Important Spoofing 5031361
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 21H2 for 32-bit Systems 5033372 (Security Update) Important Spoofing 5032189
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 21H2 for ARM64-based Systems 5033372 (Security Update) Important Spoofing 5032189
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 21H2 for x64-based Systems 5033372 (Security Update) Important Spoofing 5032189
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 22H2 for 32-bit Systems 5033372 (Security Update) Important Spoofing
5032189
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 10 Version 22H2 for ARM64-based Systems 5033372 (Security Update) Important Spoofing
5032189
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 10 Version 22H2 for x64-based Systems 5033372 (Security Update) Important Spoofing
5032189
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 11 version 21H2 for ARM64-based Systems 5033369 (Security Update) Important Spoofing 5032192
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2652
Yes 5033369
Windows 11 version 21H2 for x64-based Systems 5033369 (Security Update) Important Spoofing 5032192
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2652
Yes 5033369
Windows 11 Version 22H2 for ARM64-based Systems 5033375 (Security Update) Important Spoofing Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2861
Yes 5033375
Windows 11 Version 22H2 for x64-based Systems 5033375 (Security Update) Important Spoofing
5032190
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22621.2861
Yes 5033375
Windows 11 Version 23H2 for ARM64-based Systems 5033375 (Security Update) Important Spoofing
5032190
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.2861
Yes 5033375
Windows 11 Version 23H2 for x64-based Systems 5033375 (Security Update) Important Spoofing
5032190
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.2861
Yes 5033375
Windows Server 2008 for 32-bit Systems Service Pack 2 5033422 (Monthly Rollup)
5033427 (Security Only)
Important Spoofing 5032254
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5033422 (Monthly Rollup)
5033427 (Security Only)
Important Spoofing 5032254
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 for x64-based Systems Service Pack 2 5033422 (Monthly Rollup)
5033427 (Security Only)
Important Spoofing 5032254
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5033422 (Monthly Rollup)
5033427 (Security Only)
Important Spoofing 5032254
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5033433 (Monthly Rollup)
5033424 (Security Only)
Important Spoofing 5032252
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26864
Yes 5033433
5033424
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5033433 (Monthly Rollup)
5033424 (Security Only)
Important Spoofing 5032252
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26864
Yes 5033433
5033424
Windows Server 2012 5033429 (Monthly Rollup) Important Spoofing 5032247 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24614 Yes None
Windows Server 2012 (Server Core installation) 5033429 (Monthly Rollup) Important Spoofing 5032247 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24614 Yes None
Windows Server 2012 R2 5033420 (Monthly Rollup) Important Spoofing 5032249 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21715 Yes None
Windows Server 2012 R2 (Server Core installation) 5033420 (Monthly Rollup) Important Spoofing 5032249 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21715 Yes None
Windows Server 2016 5033373 (Security Update) Important Spoofing 5032197 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows Server 2016 (Server Core installation) 5033373 (Security Update) Important Spoofing 5032197 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows Server 2019 5033371 (Security Update) Important Spoofing 5031361
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows Server 2019 (Server Core installation) 5033371 (Security Update) Important Spoofing 5031361
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows Server 2022 5033118 (Security Update)
5033464 (Security Hotpatch Update)
Important Spoofing 5032198
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2159
10.0.20348.2144
Yes None
Windows Server 2022 (Server Core installation) 5033118 (Security Update)
5033464 (Security Hotpatch Update)
Important Spoofing 5032198
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2159
10.0.20348.2144
Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5033383 (Security Update) Important Spoofing 5032202 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.584 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-36004 Jeremy Asbury with Mandiant


Andrew Oliveau with Mandiant


CVE-2023-36005 - Windows Telephony Server Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-36005
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Telephony Server Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could execute code in the security context of the “NT AUTHORITY\Network Service” account.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Dec-23    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-36005
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5033379 (Security Update) Important Elevation of Privilege 5032199 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20345 Yes None
Windows 10 for x64-based Systems 5033379 (Security Update) Important Elevation of Privilege 5032199 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20345 Yes None
Windows 10 Version 1607 for 32-bit Systems 5033373 (Security Update) Important Elevation of Privilege 5032197 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows 10 Version 1607 for x64-based Systems 5033373 (Security Update) Important Elevation of Privilege 5032197 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows 10 Version 1809 for 32-bit Systems 5033371 (Security Update) Important Elevation of Privilege 5031361
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 1809 for ARM64-based Systems 5033371 (Security Update) Important Elevation of Privilege 5031361
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 1809 for x64-based Systems 5033371 (Security Update) Important Elevation of Privilege 5031361
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 21H2 for 32-bit Systems 5033372 (Security Update) Important Elevation of Privilege 5032189
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 21H2 for ARM64-based Systems 5033372 (Security Update) Important Elevation of Privilege 5032189
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 21H2 for x64-based Systems 5033372 (Security Update) Important Elevation of Privilege 5032189
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 22H2 for 32-bit Systems 5033372 (Security Update) Important Elevation of Privilege
5032189
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 10 Version 22H2 for ARM64-based Systems 5033372 (Security Update) Important Elevation of Privilege
5032189
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 10 Version 22H2 for x64-based Systems 5033372 (Security Update) Important Elevation of Privilege
5032189
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 11 version 21H2 for ARM64-based Systems 5033369 (Security Update) Important Elevation of Privilege 5032192
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2652
Yes 5033369
Windows 11 version 21H2 for x64-based Systems 5033369 (Security Update) Important Elevation of Privilege 5032192
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2652
Yes 5033369
Windows 11 Version 22H2 for ARM64-based Systems 5033375 (Security Update) Important Elevation of Privilege Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2861
Yes 5033375
Windows 11 Version 22H2 for x64-based Systems 5033375 (Security Update) Important Elevation of Privilege
5032190
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22621.2861
Yes 5033375
Windows 11 Version 23H2 for ARM64-based Systems 5033375 (Security Update) Important Elevation of Privilege
5032190
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.2861
Yes 5033375
Windows 11 Version 23H2 for x64-based Systems 5033375 (Security Update) Important Elevation of Privilege
5032190
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.2861
Yes 5033375
Windows Server 2008 for 32-bit Systems Service Pack 2 5033422 (Monthly Rollup)
5033427 (Security Only)
Important Elevation of Privilege 5032254
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5033422 (Monthly Rollup)
5033427 (Security Only)
Important Elevation of Privilege 5032254
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 for x64-based Systems Service Pack 2 5033422 (Monthly Rollup)
5033427 (Security Only)
Important Elevation of Privilege 5032254
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5033422 (Monthly Rollup)
5033427 (Security Only)
Important Elevation of Privilege 5032254
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5033433 (Monthly Rollup)
5033424 (Security Only)
Important Elevation of Privilege 5032252
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26864
Yes 5033433
5033424
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5033433 (Monthly Rollup)
5033424 (Security Only)
Important Elevation of Privilege 5032252
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26864
Yes 5033433
5033424
Windows Server 2012 5033429 (Monthly Rollup) Important Elevation of Privilege 5032247 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24614 Yes None
Windows Server 2012 (Server Core installation) 5033429 (Monthly Rollup) Important Elevation of Privilege 5032247 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24614 Yes None
Windows Server 2012 R2 5033420 (Monthly Rollup) Important Elevation of Privilege 5032249 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21715 Yes None
Windows Server 2012 R2 (Server Core installation) 5033420 (Monthly Rollup) Important Elevation of Privilege 5032249 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21715 Yes None
Windows Server 2016 5033373 (Security Update) Important Elevation of Privilege 5032197 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows Server 2016 (Server Core installation) 5033373 (Security Update) Important Elevation of Privilege 5032197 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows Server 2019 5033371 (Security Update) Important Elevation of Privilege 5031361
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows Server 2019 (Server Core installation) 5033371 (Security Update) Important Elevation of Privilege 5031361
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows Server 2022 5033118 (Security Update)
5033464 (Security Hotpatch Update)
Important Elevation of Privilege 5032198
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2159
10.0.20348.2144
Yes None
Windows Server 2022 (Server Core installation) 5033118 (Security Update)
5033464 (Security Hotpatch Update)
Important Elevation of Privilege 5032198
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2159
10.0.20348.2144
Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5033383 (Security Update) Important Elevation of Privilege 5032202 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.584 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-36005 k0shl with Kunlun Lab


CVE-2023-36006 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-36006
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

How could an attacker exploit this vulnerability?

An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.


According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?

An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable).


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Dec-23    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-36006
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5033379 (Security Update) Important Remote Code Execution 5032199 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20345 Yes None
Windows 10 for x64-based Systems 5033379 (Security Update) Important Remote Code Execution 5032199 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20345 Yes None
Windows 10 Version 1607 for 32-bit Systems 5033373 (Security Update) Important Remote Code Execution 5032197 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows 10 Version 1607 for x64-based Systems 5033373 (Security Update) Important Remote Code Execution 5032197 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows 10 Version 1809 for 32-bit Systems 5033371 (Security Update) Important Remote Code Execution 5031361
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 1809 for ARM64-based Systems 5033371 (Security Update) Important Remote Code Execution 5031361
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 1809 for x64-based Systems 5033371 (Security Update) Important Remote Code Execution 5031361
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 21H2 for 32-bit Systems 5033372 (Security Update) Important Remote Code Execution 5032189
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 21H2 for ARM64-based Systems 5033372 (Security Update) Important Remote Code Execution 5032189
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 21H2 for x64-based Systems 5033372 (Security Update) Important Remote Code Execution 5032189
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 22H2 for 32-bit Systems 5033372 (Security Update) Important Remote Code Execution
5032189
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 10 Version 22H2 for ARM64-based Systems 5033372 (Security Update) Important Remote Code Execution
5032189
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 10 Version 22H2 for x64-based Systems 5033372 (Security Update) Important Remote Code Execution
5032189
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 11 version 21H2 for ARM64-based Systems 5033369 (Security Update) Important Remote Code Execution 5032192
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2652
Yes 5033369
Windows 11 version 21H2 for x64-based Systems 5033369 (Security Update) Important Remote Code Execution 5032192
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2652
Yes 5033369
Windows 11 Version 22H2 for ARM64-based Systems 5033375 (Security Update) Important Remote Code Execution Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2861
Yes 5033375
Windows 11 Version 22H2 for x64-based Systems 5033375 (Security Update) Important Remote Code Execution
5032190
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22621.2861
Yes 5033375
Windows 11 Version 23H2 for ARM64-based Systems 5033375 (Security Update) Important Remote Code Execution
5032190
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.2861
Yes 5033375
Windows 11 Version 23H2 for x64-based Systems 5033375 (Security Update) Important Remote Code Execution
5032190
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.2861
Yes 5033375
Windows Server 2008 for 32-bit Systems Service Pack 2 5033422 (Monthly Rollup)
5033427 (Security Only)
Important Remote Code Execution 5032254
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5033422 (Monthly Rollup)
5033427 (Security Only)
Important Remote Code Execution 5032254
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 for x64-based Systems Service Pack 2 5033422 (Monthly Rollup)
5033427 (Security Only)
Important Remote Code Execution 5032254
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5033422 (Monthly Rollup)
5033427 (Security Only)
Important Remote Code Execution 5032254
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5033433 (Monthly Rollup)
5033424 (Security Only)
Important Remote Code Execution 5032252
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26864
Yes 5033433
5033424
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5033433 (Monthly Rollup)
5033424 (Security Only)
Important Remote Code Execution 5032252
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26864
Yes 5033433
5033424
Windows Server 2012 5033429 (Monthly Rollup) Important Remote Code Execution 5032247 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24614 Yes None
Windows Server 2012 (Server Core installation) 5033429 (Monthly Rollup) Important Remote Code Execution 5032247 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24614 Yes None
Windows Server 2012 R2 5033420 (Monthly Rollup) Important Remote Code Execution 5032249 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21715 Yes None
Windows Server 2012 R2 (Server Core installation) 5033420 (Monthly Rollup) Important Remote Code Execution 5032249 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21715 Yes None
Windows Server 2016 5033373 (Security Update) Important Remote Code Execution 5032197 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows Server 2016 (Server Core installation) 5033373 (Security Update) Important Remote Code Execution 5032197 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows Server 2019 5033371 (Security Update) Important Remote Code Execution 5031361
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows Server 2019 (Server Core installation) 5033371 (Security Update) Important Remote Code Execution 5031361
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows Server 2022 5033118 (Security Update)
5033464 (Security Hotpatch Update)
Important Remote Code Execution 5032198
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2159
10.0.20348.2144
Yes None
Windows Server 2022 (Server Core installation) 5033118 (Security Update)
5033464 (Security Hotpatch Update)
Important Remote Code Execution 5032198
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2159
10.0.20348.2144
Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5033383 (Security Update) Important Remote Code Execution 5032202 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.584 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-36006 Yuki Chen with Cyber KunLun


Yuki Chen with Cyber KunLun


Yuki Chen with Cyber KunLun


Yuki Chen with Cyber KunLun


Anonymous


Yuki Chen with Cyber KunLun


Yuki Chen with Cyber KunLun


Yuki Chen with Cyber KunLun


Yuki Chen with Cyber KunLun


Yuki Chen with Cyber KunLun


Sam Pope with MSRC Vulnerabilities & Mitigations


CVE-2023-35638 - DHCP Server Service Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-35638
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: DHCP Server Service Denial of Service Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Dec-23    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-35638
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows Server 2012 5033429 (Monthly Rollup) Important Denial of Service 5032247 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.2.9200.24614 Yes None
Windows Server 2012 (Server Core installation) 5033429 (Monthly Rollup) Important Denial of Service 5032247 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.2.9200.24614 Yes None
Windows Server 2012 R2 5033420 (Monthly Rollup) Important Denial of Service 5032249 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.3.9600.21715 Yes None
Windows Server 2012 R2 (Server Core installation) 5033420 (Monthly Rollup) Important Denial of Service 5032249 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.3.9600.21715 Yes None
Windows Server 2016 5033373 (Security Update) Important Denial of Service 5032197 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows Server 2016 (Server Core installation) 5033373 (Security Update) Important Denial of Service 5032197 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows Server 2019 5033371 (Security Update) Important Denial of Service 5031361
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows Server 2019 (Server Core installation) 5033371 (Security Update) Important Denial of Service 5031361
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows Server 2022 5033118 (Security Update)
5033464 (Security Hotpatch Update)
Important Denial of Service 5032198
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.20348.2159
10.0.20348.2144
Yes None
Windows Server 2022 (Server Core installation) 5033118 (Security Update)
5033464 (Security Hotpatch Update)
Important Denial of Service 5032198
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.20348.2159
10.0.20348.2144
Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5033383 (Security Update) Important Denial of Service 5032202 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.25398.584 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-35638 YanZiShuang@BigCJTeam of cyberkl


CVE-2023-35639 - Microsoft ODBC Driver Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-35639
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft ODBC Driver Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

How could an attacker exploit this vulnerability?

An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.


According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?

An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable).


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Dec-23    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-35639
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5033379 (Security Update) Important Remote Code Execution 5032199 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20345 Yes None
Windows 10 for x64-based Systems 5033379 (Security Update) Important Remote Code Execution 5032199 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20345 Yes None
Windows 10 Version 1607 for 32-bit Systems 5033373 (Security Update) Important Remote Code Execution 5032197 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows 10 Version 1607 for x64-based Systems 5033373 (Security Update) Important Remote Code Execution 5032197 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows 10 Version 1809 for 32-bit Systems 5033371 (Security Update) Important Remote Code Execution 5031361
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 1809 for ARM64-based Systems 5033371 (Security Update) Important Remote Code Execution 5031361
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 1809 for x64-based Systems 5033371 (Security Update) Important Remote Code Execution 5031361
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 21H2 for 32-bit Systems 5033372 (Security Update) Important Remote Code Execution 5032189
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 21H2 for ARM64-based Systems 5033372 (Security Update) Important Remote Code Execution 5032189
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 21H2 for x64-based Systems 5033372 (Security Update) Important Remote Code Execution 5032189
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 22H2 for 32-bit Systems 5033372 (Security Update) Important Remote Code Execution
5032189
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 10 Version 22H2 for ARM64-based Systems 5033372 (Security Update) Important Remote Code Execution
5032189
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 10 Version 22H2 for x64-based Systems 5033372 (Security Update) Important Remote Code Execution
5032189
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 11 version 21H2 for ARM64-based Systems 5033369 (Security Update) Important Remote Code Execution 5032192
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2652
Yes 5033369
Windows 11 version 21H2 for x64-based Systems 5033369 (Security Update) Important Remote Code Execution 5032192
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2652
Yes 5033369
Windows 11 Version 22H2 for ARM64-based Systems 5033375 (Security Update) Important Remote Code Execution Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2861
Yes 5033375
Windows 11 Version 22H2 for x64-based Systems 5033375 (Security Update) Important Remote Code Execution
5032190
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22621.2861
Yes 5033375
Windows 11 Version 23H2 for ARM64-based Systems 5033375 (Security Update) Important Remote Code Execution
5032190
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.2861
Yes 5033375
Windows 11 Version 23H2 for x64-based Systems 5033375 (Security Update) Important Remote Code Execution
5032190
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.2861
Yes 5033375
Windows Server 2008 for 32-bit Systems Service Pack 2 5033422 (Monthly Rollup)
5033427 (Security Only)
Important Remote Code Execution 5032254
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5033422 (Monthly Rollup)
5033427 (Security Only)
Important Remote Code Execution 5032254
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 for x64-based Systems Service Pack 2 5033422 (Monthly Rollup)
5033427 (Security Only)
Important Remote Code Execution 5032254
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5033422 (Monthly Rollup)
5033427 (Security Only)
Important Remote Code Execution 5032254
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5033433 (Monthly Rollup)
5033424 (Security Only)
Important Remote Code Execution 5032252
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26864
Yes 5033433
5033424
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5033433 (Monthly Rollup)
5033424 (Security Only)
Important Remote Code Execution 5032252
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26864
Yes 5033433
5033424
Windows Server 2012 5033429 (Monthly Rollup) Important Remote Code Execution 5032247 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24614 Yes None
Windows Server 2012 (Server Core installation) 5033429 (Monthly Rollup) Important Remote Code Execution 5032247 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24614 Yes None
Windows Server 2012 R2 5033420 (Monthly Rollup) Important Remote Code Execution 5032249 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21715 Yes None
Windows Server 2012 R2 (Server Core installation) 5033420 (Monthly Rollup) Important Remote Code Execution 5032249 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21715 Yes None
Windows Server 2016 5033373 (Security Update) Important Remote Code Execution 5032197 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows Server 2016 (Server Core installation) 5033373 (Security Update) Important Remote Code Execution 5032197 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows Server 2019 5033371 (Security Update) Important Remote Code Execution 5031361
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows Server 2019 (Server Core installation) 5033371 (Security Update) Important Remote Code Execution 5031361
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows Server 2022 5033118 (Security Update)
5033464 (Security Hotpatch Update)
Important Remote Code Execution 5032198
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2159
10.0.20348.2144
Yes None
Windows Server 2022 (Server Core installation) 5033118 (Security Update)
5033464 (Security Hotpatch Update)
Important Remote Code Execution 5032198
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2159
10.0.20348.2144
Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5033383 (Security Update) Important Remote Code Execution 5032202 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.584 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-35639 Yuki Chen with Cyber KunLun


CVE-2023-35641 - Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-35641
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?

This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.


How could an attacker exploit this vulnerability?

To exploit this vulnerability, an attacker would need to send a maliciously crafted DHCP message to a server that runs the Internet Connection Sharing service.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Dec-23    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-35641
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5033379 (Security Update) Critical Remote Code Execution 5032199 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20345 Yes None
Windows 10 for x64-based Systems 5033379 (Security Update) Critical Remote Code Execution 5032199 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20345 Yes None
Windows 10 Version 1607 for 32-bit Systems 5033373 (Security Update) Critical Remote Code Execution 5032197 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows 10 Version 1607 for x64-based Systems 5033373 (Security Update) Critical Remote Code Execution 5032197 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows 10 Version 1809 for 32-bit Systems 5033371 (Security Update) Critical Remote Code Execution 5031361
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 1809 for ARM64-based Systems 5033371 (Security Update) Critical Remote Code Execution 5031361
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 1809 for x64-based Systems 5033371 (Security Update) Critical Remote Code Execution 5031361
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 21H2 for 32-bit Systems 5033372 (Security Update) Critical Remote Code Execution 5032189
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 21H2 for ARM64-based Systems 5033372 (Security Update) Critical Remote Code Execution 5032189
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 21H2 for x64-based Systems 5033372 (Security Update) Critical Remote Code Execution 5032189
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19041.3803
Yes 5033372
Windows 10 Version 22H2 for 32-bit Systems 5033372 (Security Update) Critical Remote Code Execution
5032189
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 10 Version 22H2 for ARM64-based Systems 5033372 (Security Update) Critical Remote Code Execution
5032189
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 10 Version 22H2 for x64-based Systems 5033372 (Security Update) Critical Remote Code Execution
5032189
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.3803
Yes 5033372
Windows 11 version 21H2 for ARM64-based Systems 5033369 (Security Update) Critical Remote Code Execution 5032192
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2652
Yes 5033369
Windows 11 version 21H2 for x64-based Systems 5033369 (Security Update) Critical Remote Code Execution 5032192
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.2652
Yes 5033369
Windows 11 Version 22H2 for ARM64-based Systems 5033375 (Security Update) Critical Remote Code Execution Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.2861
Yes 5033375
Windows 11 Version 22H2 for x64-based Systems 5033375 (Security Update) Critical Remote Code Execution
5032190
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22621.2861
Yes 5033375
Windows 11 Version 23H2 for ARM64-based Systems 5033375 (Security Update) Critical Remote Code Execution
5032190
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.2861
Yes 5033375
Windows 11 Version 23H2 for x64-based Systems 5033375 (Security Update) Critical Remote Code Execution
5032190
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.2861
Yes 5033375
Windows Server 2008 for 32-bit Systems Service Pack 2 5033422 (Monthly Rollup)
5033427 (Security Only)
Critical Remote Code Execution 5032254
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5033422 (Monthly Rollup)
5033427 (Security Only)
Critical Remote Code Execution 5032254
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 for x64-based Systems Service Pack 2 5033422 (Monthly Rollup)
5033427 (Security Only)
Critical Remote Code Execution 5032254
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5033422 (Monthly Rollup)
5033427 (Security Only)
Critical Remote Code Execution 5032254
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22413
Yes 5033422
5033427
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5033433 (Monthly Rollup)
5033424 (Security Only)
Critical Remote Code Execution 5032252
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26864
Yes 5033433
5033424
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5033433 (Monthly Rollup)
5033424 (Security Only)
Critical Remote Code Execution 5032252
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.26864
Yes 5033433
5033424
Windows Server 2012 5033429 (Monthly Rollup) Critical Remote Code Execution 5032247 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24614 Yes None
Windows Server 2012 (Server Core installation) 5033429 (Monthly Rollup) Critical Remote Code Execution 5032247 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24614 Yes None
Windows Server 2012 R2 5033420 (Monthly Rollup) Critical Remote Code Execution 5032249 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21715 Yes None
Windows Server 2012 R2 (Server Core installation) 5033420 (Monthly Rollup) Critical Remote Code Execution 5032249 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.21715 Yes None
Windows Server 2016 5033373 (Security Update) Critical Remote Code Execution 5032197 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows Server 2016 (Server Core installation) 5033373 (Security Update) Critical Remote Code Execution 5032197 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows Server 2019 5033371 (Security Update) Critical Remote Code Execution 5031361
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows Server 2019 (Server Core installation) 5033371 (Security Update) Critical Remote Code Execution 5031361
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows Server 2022 5033118 (Security Update)
5033464 (Security Hotpatch Update)
Critical Remote Code Execution 5032198
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2159
10.0.20348.2144
Yes None
Windows Server 2022 (Server Core installation) 5033118 (Security Update)
5033464 (Security Hotpatch Update)
Critical Remote Code Execution 5032198
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2159
10.0.20348.2144
Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5033383 (Security Update) Critical Remote Code Execution 5032202 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.584 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-35641 Anonymous


k0shl with Kunlun Lab


Wei in Kunlun Lab with Cyber KunLun


k0shl with Kunlun Lab


CVE-2023-35642 - Internet Connection Sharing (ICS) Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-35642
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Internet Connection Sharing (ICS) Denial of Service Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Base score metrics
Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?

This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.


Mitigations:
None
Workarounds:
None
Revision:
1.0    12-Dec-23    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-35642
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5033379 (Security Update) Important Denial of Service 5032199 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.10240.20345 Yes None
Windows 10 for x64-based Systems 5033379 (Security Update) Important Denial of Service 5032199 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.10240.20345 Yes None
Windows 10 Version 1607 for 32-bit Systems 5033373 (Security Update) Important Denial of Service 5032197 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows 10 Version 1607 for x64-based Systems 5033373 (Security Update) Important Denial of Service 5032197 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.14393.6529 Yes None
Windows 10 Version 1809 for 32-bit Systems 5033371 (Security Update) Important Denial of Service 5031361
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 1809 for ARM64-based Systems 5033371 (Security Update) Important Denial of Service 5031361
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes 5033371
Windows 10 Version 1809 for x64-based Systems 5033371 (Security Update) Important Denial of Service 5031361
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.17763.5206
Yes