Rewterz Threat Advisory – Multiple Microsoft Azure Vulnerabilities
October 11, 2023Rewterz Threat Advisory – Multiple Microsoft SQL Vulnerabilities
October 11, 2023Rewterz Threat Advisory – Multiple Microsoft Azure Vulnerabilities
October 11, 2023Rewterz Threat Advisory – Multiple Microsoft SQL Vulnerabilities
October 11, 2023Severity
High
Analysis Summary
CVE-2023-36789 CVSS:7.2
Microsoft Skype for Business could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-36786 CVSS:7.2
Microsoft Skype for Business could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36780 CVSS:7.2
Microsoft Skype for Business could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Privilege Escalation
- Gain Access
Indicators Of Compromise
CVE
- CVE-2023-36789
- CVE-2023-36786
- CVE-2023-36780
Affected Vendors
Microsoft
Affected Products
- Microsoft Skype for Business Server 2015 CU13
- Microsoft Skype for Business Server 2019 CU7
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.