Rewterz Threat Advisory – Multiple Microsoft Exchange Server Vulnerabilities
January 11, 2023Rewterz Threat Advisory – Multiple Microsoft Azure Vulnerabilities
January 11, 2023Rewterz Threat Advisory – Multiple Microsoft Exchange Server Vulnerabilities
January 11, 2023Rewterz Threat Advisory – Multiple Microsoft Azure Vulnerabilities
January 11, 2023Severity
High
Analysis Summary
CVE-2023-21736 CVSS:7.8
Microsoft Office Visio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-21737 CVSS:7.8
Microsoft Office Visio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-21734 CVSS:7.8
Microsoft Office could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-21738 CVSS:7.1
Microsoft Office Visio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-21741 CVSS:7.1
Microsoft Office Visio could allow a remote authenticated attacker to obtain sensitive information. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information from heap memory and then use this information to launch further attacks against the affected system.
CVE-2023-21735 CVSS:7.8
Microsoft Office could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-21736
- CVE-2023-21737
- CVE-2023-21734
- CVE-2023-21738
- CVE-2023-21741
- CVE-2023-21735
Affected Vendors
Microsoft
Affected Products
- Microsoft Visio 2013 SP1 x32
- Microsoft Visio 2013 SP1 x64
- Microsoft Visio 2016 x32
- Microsoft Visio 2016 x64
- Microsoft Office 2019 Mac
- Microsoft Office LTSC for Mac 2021
- Microsoft Office 2019 x32
- Microsoft Office 2019 x64
- Microsoft Office LTSC 2021 x64
- Microsoft Office LTSC 2021 x32
- Microsoft 365 Apps for Enterprise x32
- Microsoft 365 Apps for Enterprise x64
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.