Rewterz Threat Advisory – Multiple Microsoft Azure Vulnerabilities
September 13, 2023Rewterz Threat Advisory – CVE-2023-36766 – Microsoft Excel Vulnerability
September 13, 2023Rewterz Threat Advisory – Multiple Microsoft Azure Vulnerabilities
September 13, 2023Rewterz Threat Advisory – CVE-2023-36766 – Microsoft Excel Vulnerability
September 13, 2023Severity
High
Analysis Summary
CVE-2023-36793 CVSS: 7.8
Microsoft Visual Studio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36759 CVSS: 6.7
Microsoft Visual Studio could allow a local authenticated attacker to gain elevated privileges on the system. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-36742 CVSS: 7.8
Microsoft Visual Studio Code could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36796 CVSS: 7.8
Microsoft Visual Studio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to execute a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36794 CVSS: 7.8
Microsoft Visual Studio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36758 CVSS: 7.8
Microsoft Visual Studio could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially crafted program, an attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-36792 CVSS: 7.8
Microsoft Visual Studio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2023-36793
- CVE-2023-36759
- CVE-2023-36742
- CVE-2023-36796
- CVE-2023-36794
- CVE-2023-36758
- CVE-2023-36792
Affected Vendors
Microsoft
Affected Products
- Microsoft Visual Studio Code
- Microsoft Visual Studio 2022 17.6
- Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems SP1
- Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems (Server Core installation) SP1
- Microsoft .NET Framework 4.8 on Windows Server 2012
- Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)
- Microsoft Visual Studio 2019 16.11
- Microsoft Visual Studio 2017 15.9
- Microsoft .NET 6.0
- Microsoft Visual Studio 2022 17.2
- Microsoft .NET 7.0
- Microsoft Visual Studio 2022 17.4
- Microsoft Visual Studio 2015 Update 3
- Microsoft Visual Studio 2022 17.7
- Microsoft Visual Studio 2013 Update
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.