Описание
Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, overwrite arbitrary files, cause denial of service, spoof user interface.
Below is a complete list of vulnerabilities:
- A remote code execution vulnerability in Internet Connection Sharing (ICS) can be exploited remotely to execute arbitrary code.
- An information disclosure vulnerability in DHCP Server Service can be exploited remotely to obtain sensitive information.
- A remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL Server can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Telephony Server can be exploited remotely to gain privileges.
- A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.
- A remote code execution vulnerability in Microsoft ODBC Driver can be exploited remotely to execute arbitrary code.
- A denial of service vulnerability in Internet Connection Sharing (ICS) can be exploited remotely to cause denial of service.
- An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
- A remote code execution vulnerability in Windows MSHTML Platform can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
- A spoofing vulnerability in Windows DPAPI (Data Protection Application Programming Interface) can be exploited remotely to spoof user interface.
- A denial of service vulnerability in DHCP Server Service can be exploited remotely to cause denial of service.
- An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
- A remote code execution vulnerability in Microsoft USBHUB 3.0 Device Driver can be exploited remotely to execute arbitrary code.
- A remote code execution vulnerability in Windows Media can be exploited remotely to execute arbitrary code.
- A spoofing vulnerability in Windows DNS can be exploited remotely to spoof user interface.
Первичный источник обнаружения
- CVE-2023-35630
CVE-2023-35641
CVE-2023-35643
CVE-2023-36006
CVE-2023-36005
CVE-2023-20588
CVE-2023-35639
CVE-2023-35642
CVE-2023-36011
CVE-2023-35628
CVE-2023-35632
CVE-2023-36004
CVE-2023-35638
CVE-2023-36012
CVE-2023-35633
CVE-2023-35629
CVE-2023-21740
CVE-2023-35622
Эксплуатация
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-Server-2008
Список CVE
- CVE-2023-20588 warning
- CVE-2023-35630 warning
- CVE-2023-35641 warning
- CVE-2023-35643 warning
- CVE-2023-36006 warning
- CVE-2023-36005 warning
- CVE-2023-35639 warning
- CVE-2023-35642 warning
- CVE-2023-36011 warning
- CVE-2023-35628 warning
- CVE-2023-36004 warning
- CVE-2023-35638 warning
- CVE-2023-36012 warning
- CVE-2023-35633 warning
- CVE-2023-35622 warning
- CVE-2023-35629 warning
- CVE-2023-21740 warning
- CVE-2023-35632 warning
Список KB
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!