Multiple vulnerabilities in Microsoft Products (ESU)

Description

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

1. An information disclosure vulnerability in Windows Internet Storage Name Service (iSNS) Server can be exploited remotely to obtain sensitive information.
2. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
3. A remote code execution vulnerability in Microsoft PostScript Printer Driver can be exploited remotely to execute arbitrary code.
4. A remote code execution vulnerability in Windows iSCSI Discovery Service can be exploited remotely to execute arbitrary code.
5. A remote code execution vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
6. A remote code execution vulnerability in Microsoft Protected Extensible Authentication Protocol (PEAP) can be exploited remotely to execute arbitrary code.
7. An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
8. An information disclosure vulnerability in Microsoft PostScript Printer Driver can be exploited remotely to obtain sensitive information.
9. A denial of service vulnerability in Windows Active Directory Domain Services API can be exploited remotely to cause denial of service.
10. A remote code execution vulnerability in Windows MSHTML Platform can be exploited remotely to execute arbitrary code.
11. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
12. A denial of service vulnerability in Microsoft Protected Extensible Authentication Protocol (PEAP) can be exploited remotely to cause denial of service.
13. An elevation of privilege vulnerability in NT OS Kernel can be exploited remotely to gain privileges.
14. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
15. A remote code execution vulnerability in Windows Distributed File System (DFS) can be exploited remotely to execute arbitrary code.
16. A remote code execution vulnerability in Windows Fax Service can be exploited remotely to execute arbitrary code.
17. A denial of service vulnerability in Windows iSCSI Discovery Service can be exploited remotely to cause denial of service.
18. A remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL Server can be exploited remotely to execute arbitrary code.
19. A denial of service vulnerability in Windows Secure Channel can be exploited remotely to cause denial of service.
20. A denial of service vulnerability in Windows iSCSI Service can be exploited remotely to cause denial of service.
21. A remote code execution vulnerability in Windows Media can be exploited remotely to execute arbitrary code.
22. A remote code execution vulnerability in Microsoft ODBC Driver can be exploited remotely to execute arbitrary code.
23. An information disclosure vulnerability in Microsoft Protected Extensible Authentication Protocol (PEAP) can be exploited remotely to obtain sensitive information.
24. A remote code execution vulnerability in Microsoft SQL Server can be exploited remotely to execute arbitrary code.
25. A remote code execution vulnerability in Microsoft SQL ODBC Driver can be exploited remotely to execute arbitrary code.

Original advisories

• CVE-2023-21699

• CVE-2023-21800
• CVE-2023-21801
• CVE-2023-21803
• CVE-2023-21823
• CVE-2023-21689
• CVE-2023-21690
• CVE-2023-21817
• CVE-2023-21693
• CVE-2023-21816
• CVE-2023-21805
• CVE-2023-21812
• CVE-2023-21701
• CVE-2023-21688
• CVE-2023-21822
• CVE-2023-21820
• CVE-2023-21695
• CVE-2023-21694
• CVE-2023-21700
• CVE-2023-21685
• CVE-2023-21799
• CVE-2023-21818
• CVE-2023-21697
• CVE-2023-21811
• CVE-2023-21684
• CVE-2023-21692
• CVE-2023-21702
• CVE-2023-23376
• CVE-2023-21686
• CVE-2023-21802
• CVE-2023-21797
• CVE-2023-21813
• CVE-2023-21798
• CVE-2023-21691
• CVE-2023-21705
• CVE-2023-21528
• CVE-2023-21713
• CVE-2023-21718
• CVE-2023-21804

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

• Microsoft-SQL-Server
• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-Server-2008

CVE list

• CVE-2023-21699
  high
• CVE-2023-21800
  high
• CVE-2023-21801
  high
• CVE-2023-21803
  critical
• CVE-2023-21823
  high
• CVE-2023-21689
  critical
• CVE-2023-21690
  critical
• CVE-2023-21817
  high
• CVE-2023-21693
  high
• CVE-2023-21816
  high
• CVE-2023-21805
  high
• CVE-2023-21812
  high
• CVE-2023-21701
  high
• CVE-2023-21688
  high
• CVE-2023-21822
  high
• CVE-2023-21820
  high
• CVE-2023-21695
  high
• CVE-2023-21694
  high
• CVE-2023-21700
  high
• CVE-2023-21685
  high
• CVE-2023-21799
  high
• CVE-2023-21818
  high
• CVE-2023-21697
  high
• CVE-2023-21811
  high
• CVE-2023-21684
  high
• CVE-2023-21692
  critical
• CVE-2023-21702
  high
• CVE-2023-23376
  high
• CVE-2023-21686
  high
• CVE-2023-21802
  high
• CVE-2023-21797
  high
• CVE-2023-21813
  high
• CVE-2023-21798
  high
• CVE-2023-21691
  high
• CVE-2023-21528
  high
• CVE-2023-21713
  high
• CVE-2023-21718
  high
• CVE-2023-21705
  high
• CVE-2023-21804
  high

KB list

• 5022893
• 5022890
• 5022872
• 5022874
• 5022835
• 5022903
• 5022899
• 5022894
• 5022895
• 5021123
• 5021112
• 5020863

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com