Multiple vulnerabilities in Microsoft Windows

Description

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, bypass security restrictions, obtain sensitive information.

Below is a complete list of vulnerabilities:

1. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
2. A remote code execution vulnerability in Microsoft Message Queuing can be exploited remotely to execute arbitrary code.
3. A denial of service vulnerability in Active Template Library can be exploited remotely to cause denial of service.
4. A security feature bypass vulnerability in Windows Search can be exploited remotely to bypass security restrictions.
5. A denial of service vulnerability in Microsoft AllJoyn API can be exploited remotely to cause denial of service.
6. An information disclosure vulnerability in Windows TCP/IP can be exploited remotely to obtain sensitive information.
7. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
8. A denial of service vulnerability in Microsoft QUIC can be exploited remotely to cause denial of service.
9. A remote code execution vulnerability in Layer 2 Tunneling Protocol can be exploited remotely to execute arbitrary code.
10. An elevation of privilege vulnerability in Windows Container Manager Service can be exploited remotely to gain privileges.
11. An information disclosure vulnerability in Windows Power Management Service can be exploited remotely to obtain sensitive information.
12. A denial of service vulnerability in Windows TCP/IP can be exploited remotely to cause denial of service.
13. A denial of service vulnerability in Windows Mixed Reality Developer Tools can be exploited remotely to cause denial of service.
14. A remote code execution vulnerability in Windows MSHTML Platform can be exploited remotely to execute arbitrary code.
15. A remote code execution vulnerability in Windows Setup Files Cleanup can be exploited remotely to execute arbitrary code.
16. A denial of service vulnerability in DHCP Server Service can be exploited remotely to cause denial of service.
17. A remote code execution vulnerability in PrintHTML API can be exploited remotely to execute arbitrary code.
18. An elevation of privilege vulnerability in Windows Named Pipe Filesystem can be exploited remotely to gain privileges.
19. An information disclosure vulnerability in Windows Remote Desktop Gateway (RD Gateway) can be exploited remotely to obtain sensitive information.
20. A denial of service vulnerability in HTTP/2 protocol can be exploited remotely to cause denial of service.
21. A denial of service vulnerability in Windows Virtual Trusted Platform Module can be exploited remotely to cause denial of service.
22. A denial of service vulnerability in Microsoft Message Queuing can be exploited remotely to cause denial of service.
23. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
24. An elevation of privilege vulnerability in Microsoft Resilient File System (ReFS) can be exploited remotely to gain privileges.
25. A remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL Server can be exploited remotely to execute arbitrary code.
26. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
27. An information disclosure vulnerability in Windows Deployment Services can be exploited remotely to obtain sensitive information.
28. An information disclosure vulnerability in Active Directory Domain Services can be exploited remotely to obtain sensitive information.
29. An elevation of privilege vulnerability in Named Pipe File System can be exploited remotely to gain privileges.
30. An elevation of privilege vulnerability in Windows Runtime C++ Template Library can be exploited remotely to gain privileges.
31. A remote code execution vulnerability in Windows Runtime can be exploited remotely to execute arbitrary code.
32. A remote code execution vulnerability in Microsoft Virtual Trusted Platform Module can be exploited remotely to execute arbitrary code.
33. An elevation of privilege vulnerability in Windows Client Server Run-time Subsystem (CSRSS) can be exploited remotely to gain privileges.
34. An elevation of privilege vulnerability in Windows IIS Server can be exploited remotely to gain privileges.
35. An elevation of privilege vulnerability in Windows Error Reporting Service can be exploited remotely to gain privileges.
36. An elevation of privilege vulnerability in Windows Internet Key Exchange (IKE) Extension can be exploited remotely to gain privileges.
37. A remote code execution vulnerability in Microsoft DirectMusic can be exploited remotely to execute arbitrary code.
38. A denial of service vulnerability in Windows Deployment Services can be exploited remotely to cause denial of service.
39. A security feature bypass vulnerability in Windows Mark of the Web can be exploited remotely to bypass security restrictions.
40. An information disclosure vulnerability in Windows Common Log File System Driver can be exploited remotely to obtain sensitive information.
41. A remote code execution vulnerability in Microsoft WDAC ODBC Driver can be exploited remotely to execute arbitrary code.
42. A security feature bypass vulnerability in Windows Kernel can be exploited remotely to bypass security restrictions.
43. An information disclosure vulnerability in Microsoft WordPad can be exploited remotely to obtain sensitive information.
44. A remote code execution vulnerability in Windows Media Foundation Core can be exploited remotely to execute arbitrary code.
45. An information disclosure vulnerability in Remote Procedure Call can be exploited remotely to obtain sensitive information.

Original advisories

• CVE-2023-38159

• CVE-2023-36582
• CVE-2023-36585
• CVE-2023-35349
• CVE-2023-36564
• CVE-2023-36709
• CVE-2023-36571
• CVE-2023-36438
• CVE-2023-36732
• CVE-2023-36435
• CVE-2023-36583
• CVE-2023-36731
• CVE-2023-41774
• CVE-2023-36723
• CVE-2023-36724
• CVE-2023-36590
• CVE-2023-36602
• CVE-2023-38171
• CVE-2023-36720
• CVE-2023-36436
• CVE-2023-36704
• CVE-2023-36703
• CVE-2023-38166
• CVE-2023-36557
• CVE-2023-36605
• CVE-2023-29348
• CVE-2023-41765
• CVE-2023-44487
• CVE-2023-36717
• CVE-2023-36743
• CVE-2023-36579
• CVE-2023-36725
• CVE-2023-36701
• CVE-2023-36577
• CVE-2023-36581
• CVE-2023-36712
• CVE-2023-36576
• CVE-2023-36567
• CVE-2023-41771
• CVE-2023-36722
• CVE-2023-36729
• CVE-2023-41770
• CVE-2023-36711
• CVE-2023-36902
• CVE-2023-36718
• CVE-2023-36570
• CVE-2023-41766
• CVE-2023-36434
• CVE-2023-36721
• CVE-2023-41773
• CVE-2023-36697
• CVE-2023-36593
• CVE-2023-36578
• CVE-2023-36573
• CVE-2023-36572
• CVE-2023-36589
• CVE-2023-36726
• CVE-2023-36702
• CVE-2023-36575
• CVE-2023-36707
• CVE-2023-36776
• CVE-2023-36584
• CVE-2023-36431
• CVE-2023-41772
• CVE-2023-36713
• CVE-2023-36598
• CVE-2023-36574
• CVE-2023-41769
• CVE-2023-36698
• CVE-2023-36563
• CVE-2023-36710
• CVE-2023-36606
• CVE-2023-36594
• CVE-2023-36706
• CVE-2023-36596
• CVE-2023-41768
• CVE-2023-41767
• CVE-2023-36591
• CVE-2023-36592
• CVE-2023-36603

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-10
• Microsoft-Windows-Server-2016
• Microsoft-Windows-Server-2019
• Microsoft-Windows-11

CVE list

• CVE-2023-38171
  critical
• CVE-2023-36435
  critical
• CVE-2023-44487
  critical
• CVE-2023-38159
  high
• CVE-2023-36582
  high
• CVE-2023-36585
  critical
• CVE-2023-35349
  critical
• CVE-2023-36564
  high
• CVE-2023-36709
  critical
• CVE-2023-36571
  high
• CVE-2023-36438
  critical
• CVE-2023-36732
  critical
• CVE-2023-36583
  high
• CVE-2023-36731
  critical
• CVE-2023-41774
  critical
• CVE-2023-36723
  critical
• CVE-2023-36724
  high
• CVE-2023-36590
  high
• CVE-2023-36602
  critical
• CVE-2023-36720
  critical
• CVE-2023-36436
  critical
• CVE-2023-36704
  critical
• CVE-2023-36703
  critical
• CVE-2023-38166
  critical
• CVE-2023-36557
  critical
• CVE-2023-36605
  critical
• CVE-2023-29348
  critical
• CVE-2023-41765
  critical
• CVE-2023-36717
  high
• CVE-2023-36743
  critical
• CVE-2023-36579
  critical
• CVE-2023-36725
  critical
• CVE-2023-36701
  critical
• CVE-2023-36577
  critical
• CVE-2023-36581
  critical
• CVE-2023-36712
  critical
• CVE-2023-36576
  high
• CVE-2023-36567
  critical
• CVE-2023-41771
  critical
• CVE-2023-36722
  warning
• CVE-2023-36729
  critical
• CVE-2023-41770
  critical
• CVE-2023-36711
  critical
• CVE-2023-36902
  high
• CVE-2023-36718
  critical
• CVE-2023-36570
  high
• CVE-2023-41766
  critical
• CVE-2023-36434
  critical
• CVE-2023-36721
  high
• CVE-2023-41773
  critical
• CVE-2023-36697
  critical
• CVE-2023-36593
  high
• CVE-2023-36578
  high
• CVE-2023-36573
  high
• CVE-2023-36572
  high
• CVE-2023-36589
  high
• CVE-2023-36726
  critical
• CVE-2023-36702
  critical
• CVE-2023-36575
  high
• CVE-2023-36707
  critical
• CVE-2023-36776
  high
• CVE-2023-36584
  high
• CVE-2023-36431
  critical
• CVE-2023-41772
  critical
• CVE-2023-36713
  high
• CVE-2023-36598
  critical
• CVE-2023-36574
  high
• CVE-2023-41769
  critical
• CVE-2023-36698
  warning
• CVE-2023-36563
  high
• CVE-2023-36710
  critical
• CVE-2023-36606
  critical
• CVE-2023-36594
  critical
• CVE-2023-36706
  high
• CVE-2023-36596
  critical
• CVE-2023-41768
  critical
• CVE-2023-41767
  critical
• CVE-2023-36591
  high
• CVE-2023-36592
  high
• CVE-2023-36603
  critical

KB list

• 5031354
• 5031356
• 5031364
• 5031362
• 5031361
• 5031377
• 5031358

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com