Multiple vulnerabilities in Microsoft Windows

Описание

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, bypass security restrictions, obtain sensitive information.

Below is a complete list of vulnerabilities:

1. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
2. A remote code execution vulnerability in Microsoft Message Queuing can be exploited remotely to execute arbitrary code.
3. A denial of service vulnerability in Active Template Library can be exploited remotely to cause denial of service.
4. A security feature bypass vulnerability in Windows Search can be exploited remotely to bypass security restrictions.
5. A denial of service vulnerability in Microsoft AllJoyn API can be exploited remotely to cause denial of service.
6. An information disclosure vulnerability in Windows TCP/IP can be exploited remotely to obtain sensitive information.
7. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
8. A denial of service vulnerability in Microsoft QUIC can be exploited remotely to cause denial of service.
9. A remote code execution vulnerability in Layer 2 Tunneling Protocol can be exploited remotely to execute arbitrary code.
10. An elevation of privilege vulnerability in Windows Container Manager Service can be exploited remotely to gain privileges.
11. An information disclosure vulnerability in Windows Power Management Service can be exploited remotely to obtain sensitive information.
12. A denial of service vulnerability in Windows TCP/IP can be exploited remotely to cause denial of service.
13. A denial of service vulnerability in Windows Mixed Reality Developer Tools can be exploited remotely to cause denial of service.
14. A remote code execution vulnerability in Windows MSHTML Platform can be exploited remotely to execute arbitrary code.
15. A remote code execution vulnerability in Windows Setup Files Cleanup can be exploited remotely to execute arbitrary code.
16. A denial of service vulnerability in DHCP Server Service can be exploited remotely to cause denial of service.
17. A remote code execution vulnerability in PrintHTML API can be exploited remotely to execute arbitrary code.
18. An elevation of privilege vulnerability in Windows Named Pipe Filesystem can be exploited remotely to gain privileges.
19. An information disclosure vulnerability in Windows Remote Desktop Gateway (RD Gateway) can be exploited remotely to obtain sensitive information.
20. A denial of service vulnerability in HTTP/2 protocol can be exploited remotely to cause denial of service.
21. A denial of service vulnerability in Windows Virtual Trusted Platform Module can be exploited remotely to cause denial of service.
22. A denial of service vulnerability in Microsoft Message Queuing can be exploited remotely to cause denial of service.
23. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
24. An elevation of privilege vulnerability in Microsoft Resilient File System (ReFS) can be exploited remotely to gain privileges.
25. A remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL Server can be exploited remotely to execute arbitrary code.
26. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
27. An information disclosure vulnerability in Windows Deployment Services can be exploited remotely to obtain sensitive information.
28. An information disclosure vulnerability in Active Directory Domain Services can be exploited remotely to obtain sensitive information.
29. An elevation of privilege vulnerability in Named Pipe File System can be exploited remotely to gain privileges.
30. An elevation of privilege vulnerability in Windows Runtime C++ Template Library can be exploited remotely to gain privileges.
31. A remote code execution vulnerability in Windows Runtime can be exploited remotely to execute arbitrary code.
32. A remote code execution vulnerability in Microsoft Virtual Trusted Platform Module can be exploited remotely to execute arbitrary code.
33. An elevation of privilege vulnerability in Windows Client Server Run-time Subsystem (CSRSS) can be exploited remotely to gain privileges.
34. An elevation of privilege vulnerability in Windows IIS Server can be exploited remotely to gain privileges.
35. An elevation of privilege vulnerability in Windows Error Reporting Service can be exploited remotely to gain privileges.
36. An elevation of privilege vulnerability in Windows Internet Key Exchange (IKE) Extension can be exploited remotely to gain privileges.
37. A remote code execution vulnerability in Microsoft DirectMusic can be exploited remotely to execute arbitrary code.
38. A denial of service vulnerability in Windows Deployment Services can be exploited remotely to cause denial of service.
39. A security feature bypass vulnerability in Windows Mark of the Web can be exploited remotely to bypass security restrictions.
40. An information disclosure vulnerability in Windows Common Log File System Driver can be exploited remotely to obtain sensitive information.
41. A remote code execution vulnerability in Microsoft WDAC ODBC Driver can be exploited remotely to execute arbitrary code.
42. A security feature bypass vulnerability in Windows Kernel can be exploited remotely to bypass security restrictions.
43. An information disclosure vulnerability in Microsoft WordPad can be exploited remotely to obtain sensitive information.
44. A remote code execution vulnerability in Windows Media Foundation Core can be exploited remotely to execute arbitrary code.
45. An information disclosure vulnerability in Remote Procedure Call can be exploited remotely to obtain sensitive information.

Первичный источник обнаружения

• CVE-2023-38159
  CVE-2023-36582
  CVE-2023-36585
  CVE-2023-35349
  CVE-2023-36564
  CVE-2023-36709
  CVE-2023-36571
  CVE-2023-36438
  CVE-2023-36732
  CVE-2023-36435
  CVE-2023-36583
  CVE-2023-36731
  CVE-2023-41774
  CVE-2023-36723
  CVE-2023-36724
  CVE-2023-36590
  CVE-2023-36602
  CVE-2023-38171
  CVE-2023-36720
  CVE-2023-36436
  CVE-2023-36704
  CVE-2023-36703
  CVE-2023-38166
  CVE-2023-36557
  CVE-2023-36605
  CVE-2023-29348
  CVE-2023-41765
  CVE-2023-44487
  CVE-2023-36717
  CVE-2023-36743
  CVE-2023-36579
  CVE-2023-36725
  CVE-2023-36701
  CVE-2023-36577
  CVE-2023-36581
  CVE-2023-36712
  CVE-2023-36576
  CVE-2023-36567
  CVE-2023-41771
  CVE-2023-36722
  CVE-2023-36729
  CVE-2023-41770
  CVE-2023-36711
  CVE-2023-36902
  CVE-2023-36718
  CVE-2023-36570
  CVE-2023-41766
  CVE-2023-36434
  CVE-2023-36721
  CVE-2023-41773
  CVE-2023-36697
  CVE-2023-36593
  CVE-2023-36578
  CVE-2023-36573
  CVE-2023-36572
  CVE-2023-36589
  CVE-2023-36726
  CVE-2023-36702
  CVE-2023-36575
  CVE-2023-36707
  CVE-2023-36776
  CVE-2023-36584
  CVE-2023-36431
  CVE-2023-41772
  CVE-2023-36713
  CVE-2023-36598
  CVE-2023-36574
  CVE-2023-41769
  CVE-2023-36698
  CVE-2023-36563
  CVE-2023-36710
  CVE-2023-36606
  CVE-2023-36594
  CVE-2023-36706
  CVE-2023-36596
  CVE-2023-41768
  CVE-2023-41767
  CVE-2023-36591
  CVE-2023-36592
  CVE-2023-36603
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-10
• Microsoft-Windows-Server-2016
• Microsoft-Windows-Server-2019
• Microsoft-Windows-11

Список CVE

• CVE-2023-38171
  critical
• CVE-2023-36435
  critical
• CVE-2023-44487
  critical
• CVE-2023-38159
  high
• CVE-2023-36582
  high
• CVE-2023-36585
  critical
• CVE-2023-35349
  critical
• CVE-2023-36564
  high
• CVE-2023-36709
  critical
• CVE-2023-36571
  high
• CVE-2023-36438
  critical
• CVE-2023-36732
  critical
• CVE-2023-36583
  high
• CVE-2023-36731
  critical
• CVE-2023-41774
  critical
• CVE-2023-36723
  critical
• CVE-2023-36724
  high
• CVE-2023-36590
  high
• CVE-2023-36602
  critical
• CVE-2023-36720
  critical
• CVE-2023-36436
  critical
• CVE-2023-36704
  critical
• CVE-2023-36703
  critical
• CVE-2023-38166
  critical
• CVE-2023-36557
  critical
• CVE-2023-36605
  critical
• CVE-2023-29348
  critical
• CVE-2023-41765
  critical
• CVE-2023-36717
  high
• CVE-2023-36743
  critical
• CVE-2023-36579
  critical
• CVE-2023-36725
  critical
• CVE-2023-36701
  critical
• CVE-2023-36577
  critical
• CVE-2023-36581
  critical
• CVE-2023-36712
  critical
• CVE-2023-36576
  high
• CVE-2023-36567
  critical
• CVE-2023-41771
  critical
• CVE-2023-36722
  warning
• CVE-2023-36729
  critical
• CVE-2023-41770
  critical
• CVE-2023-36711
  critical
• CVE-2023-36902
  high
• CVE-2023-36718
  critical
• CVE-2023-36570
  high
• CVE-2023-41766
  critical
• CVE-2023-36434
  critical
• CVE-2023-36721
  high
• CVE-2023-41773
  critical
• CVE-2023-36697
  critical
• CVE-2023-36593
  high
• CVE-2023-36578
  high
• CVE-2023-36573
  high
• CVE-2023-36572
  high
• CVE-2023-36589
  high
• CVE-2023-36726
  critical
• CVE-2023-36702
  critical
• CVE-2023-36575
  high
• CVE-2023-36707
  critical
• CVE-2023-36776
  high
• CVE-2023-36584
  high
• CVE-2023-36431
  critical
• CVE-2023-41772
  critical
• CVE-2023-36713
  high
• CVE-2023-36598
  critical
• CVE-2023-36574
  high
• CVE-2023-41769
  critical
• CVE-2023-36698
  warning
• CVE-2023-36563
  high
• CVE-2023-36710
  critical
• CVE-2023-36606
  critical
• CVE-2023-36594
  critical
• CVE-2023-36706
  high
• CVE-2023-36596
  critical
• CVE-2023-41768
  critical
• CVE-2023-41767
  critical
• CVE-2023-36591
  high
• CVE-2023-36592
  high
• CVE-2023-36603
  critical

Список KB

• 5031354
• 5031356
• 5031364
• 5031362
• 5031361
• 5031377
• 5031358

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com