Rewterz Threat Advisory – Multiple Microsoft Edge (Chromium-based) Vulnerabilities
November 15, 2023Rewterz Threat Advisory – Multiple Microsoft Windows Kernel Vulnerabilities
November 16, 2023Rewterz Threat Advisory – Multiple Microsoft Edge (Chromium-based) Vulnerabilities
November 15, 2023Rewterz Threat Advisory – Multiple Microsoft Windows Kernel Vulnerabilities
November 16, 2023Severity
High
Analysis Summary
CVE-2023-36558 CVSS:6.2
Microsoft ASP.NET could allow a local attacker to bypass security restriction. An attacker could exploit this vulnerability to bypass validations on Blazor Server forms.
CVE-2023-36038 CVSS:8.2
Microsoft ASP.NET is vulnerable to a denial of service. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-36560 CVSS:8.8
Microsoft ASP.NET Core could allow a remote authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass security checks that prevent an attacker from accessing internal applications in a website.
CVE-2023-36042 CVSS:6.2
Microsoft Visual Studio is vulnerable to a denial of service. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-36018 CVSS:7.8
Microsoft Visual Studio Code Jupyter Extension could allow a remote attacker to conduct spoofing attacks.
CVE-2023-36049 CVSS:7.6
Microsoft .NET, .NET Framework and Visual Studio could allow a remote authenticated attacker to gain elevated privileges on the system. By injecting arbitrary commands in the FTP server, an attacker could exploit this vulnerability to escalate privileges.
Impact
- Denial of Service
- Privileges Escalation
- Security Bypass
- Gain Access
Indicators Of Compromise
CVE
- CVE-2023-36558
- CVE-2023-36038
- CVE-2023-36560
- CVE-2023-36042
- CVE-2023-36018
- CVE-2023-36049
Affected Vendors
Microsoft
Affected Products
- Microsoft .NET 6.0
- Microsoft .NET 7.0
- Microsoft .NET 8.0
- Microsoft Visual Studio 2022 17.2
- Microsoft Visual Studio 2022 17.4
- Microsoft Visual Studio 2022 17.6
- Microsoft Visual Studio 2022 17.7
- Microsoft ASP.NET Core 6.0
- Microsoft ASP.NET Core 7.0
- Microsoft .NET Core 8.0
- Microsoft .NET Framework 4.8
- Microsoft .NET Framework 3.5
- Microsoft .NET Framework 3.5.1
- Microsoft Jupyter Extension for Visual Studio Code
- Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 for 32-bit Systems 1607
- Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 for X64-based Systems 1607
- Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016
- Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)
- Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for X64-based Systems Service Pack 2
- Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2
- Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2
- Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2
- Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012
- Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)
- Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2
- Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.