Multiple vulnerabilities in Microsoft Windows

Description

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

1. An information disclosure vulnerability in Windows Internet Storage Name Service (iSNS) Server can be exploited remotely to obtain sensitive information.
2. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
3. A remote code execution vulnerability in Microsoft PostScript Printer Driver can be exploited remotely to execute arbitrary code.
4. A remote code execution vulnerability in Windows iSCSI Discovery Service can be exploited remotely to execute arbitrary code.
5. A remote code execution vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
6. A remote code execution vulnerability in Microsoft Protected Extensible Authentication Protocol (PEAP) can be exploited remotely to execute arbitrary code.
7. An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
8. An information disclosure vulnerability in Microsoft PostScript Printer Driver can be exploited remotely to obtain sensitive information.
9. A denial of service vulnerability in Windows Active Directory Domain Services API can be exploited remotely to cause denial of service.
10. A remote code execution vulnerability in Windows MSHTML Platform can be exploited remotely to execute arbitrary code.
11. A denial of service vulnerability in Windows Secure Channel can be exploited remotely to cause denial of service.
12. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
13. A denial of service vulnerability in Microsoft Protected Extensible Authentication Protocol (PEAP) can be exploited remotely to cause denial of service.
14. An elevation of privilege vulnerability in NT OS Kernel can be exploited remotely to gain privileges.
15. A remote code execution vulnerability in Windows Distributed File System (DFS) can be exploited remotely to execute arbitrary code.
16. An information disclosure vulnerability in HTTP.sys can be exploited remotely to obtain sensitive information.
17. A remote code execution vulnerability in Windows Fax Service can be exploited remotely to execute arbitrary code.
18. A denial of service vulnerability in Windows iSCSI Discovery Service can be exploited remotely to cause denial of service.
19. A remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL Server can be exploited remotely to execute arbitrary code.
20. A denial of service vulnerability in Windows iSCSI Service can be exploited remotely to cause denial of service.
21. A remote code execution vulnerability in Windows Media can be exploited remotely to execute arbitrary code.
22. A remote code execution vulnerability in Microsoft ODBC Driver can be exploited remotely to execute arbitrary code.
23. An information disclosure vulnerability in Microsoft Protected Extensible Authentication Protocol (PEAP) can be exploited remotely to obtain sensitive information.

Original advisories

• CVE-2023-21699

• CVE-2023-21804
• CVE-2023-21801
• CVE-2023-21803
• CVE-2023-21823
• CVE-2023-21689
• CVE-2023-21690
• CVE-2023-21817
• CVE-2023-21693
• CVE-2023-21816
• CVE-2023-21805
• CVE-2023-21819
• CVE-2023-21812
• CVE-2023-21701
• CVE-2023-21688
• CVE-2023-21822
• CVE-2023-21820
• CVE-2023-21687
• CVE-2023-21694
• CVE-2023-21695
• CVE-2023-21700
• CVE-2023-21685
• CVE-2023-21799
• CVE-2023-21818
• CVE-2023-21697
• CVE-2023-21811
• CVE-2023-21684
• CVE-2023-21692
• CVE-2023-21702
• CVE-2023-23376
• CVE-2023-21686
• CVE-2023-21802
• CVE-2023-21797
• CVE-2023-21813
• CVE-2023-21798
• CVE-2023-21691

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-10
• Microsoft-Windows-Server-2016
• Microsoft-Windows-Server-2019
• Microsoft-Windows-11

CVE list

• CVE-2023-21699
  high
• CVE-2023-21801
  critical
• CVE-2023-21803
  critical
• CVE-2023-21823
  critical
• CVE-2023-21689
  critical
• CVE-2023-21690
  critical
• CVE-2023-21817
  critical
• CVE-2023-21693
  high
• CVE-2023-21816
  critical
• CVE-2023-21805
  critical
• CVE-2023-21812
  critical
• CVE-2023-21701
  critical
• CVE-2023-21688
  critical
• CVE-2023-21822
  critical
• CVE-2023-21820
  high
• CVE-2023-21695
  critical
• CVE-2023-21694
  high
• CVE-2023-21700
  critical
• CVE-2023-21685
  critical
• CVE-2023-21799
  critical
• CVE-2023-21818
  critical
• CVE-2023-21697
  high
• CVE-2023-21811
  critical
• CVE-2023-21684
  critical
• CVE-2023-21692
  critical
• CVE-2023-21702
  critical
• CVE-2023-23376
  critical
• CVE-2023-21686
  critical
• CVE-2023-21802
  critical
• CVE-2023-21797
  critical
• CVE-2023-21813
  critical
• CVE-2023-21798
  critical
• CVE-2023-21691
  critical
• CVE-2023-21804
  critical
• CVE-2023-21819
  critical
• CVE-2023-21687
  high

KB list

• 5022835
• 5022836
• 5022840
• 5022842
• 5022838
• 5022845
• 5022903
• 5022858
• 5022834
• 5022899
• 5022894
• 5022895
• 5022921

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com