Rewterz Threat Advisory – Multiple Microsoft Windows Products Vulnerabilities
October 11, 2023AshreiTech Collaborates with Rewterz for Global Expansion in Cybersecurity Services
October 12, 2023Rewterz Threat Advisory – Multiple Microsoft Windows Products Vulnerabilities
October 11, 2023AshreiTech Collaborates with Rewterz for Global Expansion in Cybersecurity Services
October 12, 2023Severity
High
Analysis Summary
CVE-2023-41766 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Client Server Run-time Subsystem (CSRSS) component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-36723 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Container Manager Service component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to obtain limited SYSTEM privileges.
CVE-2023-41774 CVSS:8.1
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Layer 2 Tunneling Protocol component. By winning a race condition, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36710 CVSS:7.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Media Foundation Core component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36731 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Win32k component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-36564 CVSS:6.5
Microsoft Windows could allow a remote attacker to bypass security restrictions, caused by a flaw in the Search component. An attacker could exploit this vulnerability to bypass security feature to cause impact.
CVE-2023-36577 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the WDAC OLE DB provider for SQL Server component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36576 CVSS:5.5
Microsoft Windows Windows Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Kernel. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-36431 CVSS:7.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Message Queuing component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-36776 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Win32k component. By executing a specially crafted program, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-36591 CVSS:7.3
Microsoft Windows could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Message Queuing component. By executing a specially crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36575 CVSS:7.3
Microsoft Windows could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Message Queuing component. By executing a specially crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36567 CVSS:7.5
Microsoft Windows could allow a remote attacker to obtain sensitive information, caused by a flaw in the Deployment Services component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-36790 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in RDP Encoder Mirror Driver component. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-36701 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Resilient File System (ReFS) component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-36598 CVSS:7.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the WDAC ODBC Driver component. By persuading a victim to open specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36605 CVSS:7.4
Microsoft Windows could allow a local attacker to gain elevated privileges on the system, caused by a flaw in the Named Pipe Filesystem component. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2023-41772 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Win32k component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-36711 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Runtime C++ Template Library component. By executing a specially crafted program, an attacker could exploit this vulnerability to create or delete files in the security context of the NT AUTHORITY\ LOCAL SERVICE account.
CVE-2023-36729 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Named Pipe File System component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-36573 CVSS:7.3
Microsoft Windows could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Message Queuing component. By executing a specially crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36583 CVSS:7.3
Microsoft Windows could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Message Queuing component. By executing a specially crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-38166 CVSS:8.1
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Layer 2 Tunneling Protocol component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36572 CVSS:7.3
Microsoft Windows could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Message Queuing component. By executing a specially crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36602 CVSS:7.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the TCP/IP component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-36603 CVSS:7.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the TCP/IP component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-36704 CVSS:7.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Setup Files Cleanup component. By persuading a victim to open specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-41768 CVSS:8.1
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Layer 2 Tunneling Protocol component. By winning a race condition, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-29348 CVSS:6.5
Microsoft Windows could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the Remote Desktop Gateway (RD Gateway) component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-36579 CVSS:7.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Message Queuing component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-36703 CVSS:7.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the DHCP Server Service component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-41765 CVSS:8.1
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Layer 2 Tunneling Protocol component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-41771 CVSS:8.1
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Layer 2 Tunneling Protocol component. By winning a race condition, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36722 CVSS:4.4
Microsoft Windows could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the Active Directory Domain Services component. By using brute force techniques, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
Impact
- Gain Access
- Information Theft
- Privileges Escalation
- Denial of Services
- Code Execution
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-41766
- CVE-2023-36723
- CVE-2023-41774
- CVE-2023-36710
- CVE-2023-36731
- CVE-2023-36564
- CVE-2023-36577
- CVE-2023-36576
- CVE-2023-36431
- CVE-2023-36776
- CVE-2023-36591
- CVE-2023-36575
- CVE-2023-36567
- CVE-2023-36790
- CVE-2023-36701
- CVE-2023-36598
- CVE-2023-36605
- CVE-2023-41772
- CVE-2023-36711
- CVE-2023-36729
- CVE-2023-36573
- CVE-2023-36583
- CVE-2023-38166
- CVE-2023-36572
- CVE-2023-36602
- CVE-2023-36603
- CVE-2023-36704
- CVE-2023-41768
- CVE-2023-29348
- CVE-2023-36579
- CVE-2023-36703
- CVE-2023-41765
- CVE-2023-41771
- CVE-2023-36722
Affected Vendors
Microsoft
Affected Products
- Microsoft Windows Server 2012
- Microsoft Windows Server 2012 R2
- Microsoft Windows 10 x32
- Microsoft Windows 10 x64
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
- Microsoft Windows 10 1809 for x64-based Systems
- Microsoft Windows 10 1809 for 32-bit Systems
- Microsoft Windows 10 1809 for ARM64-based Systems
- Microsoft Windows 10 1607 for 32-bit Systems
- Microsoft Windows 10 1607 for x64-based Systems
- Microsoft Windows Server (Server Core installation) 2019
- Microsoft Windows Server (Server Core installation) 2016
- Microsoft Windows Server (Server Core installation) 2012 R2
- Microsoft Windows Server (Server Core installation) 2012
- Microsoft Windows Server for X64-based systems 2008 R2 SP1
- Microsoft Windows Server for X64-based systems (Server Core installation) 2008 SP2
- Microsoft Windows Server for 32-bit systems (Server Core installation) 2008 SP2
- Microsoft Windows Server for 32-bit systems 2008 SP2
- Microsoft Windows Server for X64-based systems (Server Core installation) 2008 R2 SP1
- Microsoft Windows Server 2022
- Microsoft Windows Server (Server Core installation) 2022
- Microsoft Windows Server for X64-based systems 2008 SP2
- Microsoft Windows 10 21H2 for 32-bit Systems
- Microsoft Windows 10 21H2 for ARM64-based Systems
- Microsoft Windows 10 21H2 for x64-based Systems
- Microsoft Windows 11 22H2 for ARM64-based Systems
- Microsoft Windows 11 22H2 for x64-based Systems
- Microsoft Windows 10 22H2 for 32-bit Systems
- Microsoft Windows 10 22H2 for ARM64-based Systems
- Microsoft Windows 10 22H2 for x64-based Systems
- Microsoft Windows 11 21H2 for ARM64-based Systems
- Microsoft Windows 11 21H2 for x64-based Systems
- Microsoft .NET 7.0
- Microsoft Visual Studio 2022 17.2
- Microsoft Visual Studio 2022 17.6
- Microsoft Visual Studio 2022 17.7
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.