January 13, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – RedLine Stealer – Active IOCs
November 17, 2023
Rewterz Threat Advisory – Multiple Fortinet Products Vulnerabilities
November 19, 2023
Rewterz Threat Alert – RedLine Stealer – Active IOCs
November 17, 2023
Rewterz Threat Advisory – Multiple Fortinet Products Vulnerabilities
November 19, 2023
Severity
High
Analysis Summary
CVE-2023-36393 CVSS:7.8
Microsoft Windows could allow a local attacker to execute arbitrary code on the system, caused by a flaw in the Tablet Windows User Interface Application Core component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36402 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the WDAC OLE DB provider for SQL Server component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36401 CVSS:7.2
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Remote Registry Service component. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36392 CVSS:7.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in DHCP Server Service component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-36046 CVSS:7.1
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in Authentication component. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-36719 CVSS:8.4
Microsoft Windows could allow a local attacker to gain elevated privileges on the system, caused by a flaw in the Speech Application Programming Interface (SAPI) component. By executing a specially crafted program, an attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-36395 CVSS:7.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in Deployment Services component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-36398 CVSS:6.5
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in NTFS component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-36017 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption flaw in the Scripting Engine component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36028 CVSS:9.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Protected Extensible Authentication Protocol (PEAP) component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36705 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Installer component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-36428 CVSS:5.5
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Local Security Authority Subsystem Service component. By executing a specially crafted program, an attacker could exploit this vulnerability to obtain sensitive information from initialized or uninitialized memory in the process heap and use this information to launch further attacks against the affected system.
CVE-2023-36425 CVSS:8
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Distributed File System (DFS) component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36424 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Common Log File System Driver component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2023-36423 CVSS:7.2
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Remote Registry Service component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36422 CVSS:7.8
Microsoft Windows Defender could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2023-36047 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Authentication component. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-36033 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the DWM Core Library component. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-36400 CVSS:8.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the HMAC Key Derivation component. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-36394 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Search Service component. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-36399 CVSS:7.1
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Storage component. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-36397 CVSS:9.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Pragmatic General Multicast (PGM) component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36396 CVSS:7.8
Microsoft Windows could allow a local attacker to execute arbitrary code on the system, caused by a flaw in the Compressed Folder component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Denial of Service
- Code Execution
- Privileges Escalation
- Information Disclosure
- Cross-Site Scripting
Indicators Of Compromise
CVE
- CVE-2023-36393
- CVE-2023-36402
- CVE-2023-36401
- CVE-2023-36392
- CVE-2023-36046
- CVE-2023-36719
- CVE-2023-36395
- CVE-2023-36398
- CVE-2023-36017
- CVE-2023-36028
- CVE-2023-36705
- CVE-2023-36428
- CVE-2023-36425
- CVE-2023-36424
- CVE-2023-36423
- CVE-2023-36422
- CVE-2023-36047
- CVE-2023-36033
- CVE-2023-36400
- CVE-2023-36394
- CVE-2023-36399
- CVE-2023-36397
- CVE-2023-36396
Affected Vendors
Microsoft
Affected Products
- Microsoft Windows Server 2012
- Microsoft Windows Server 2012 R2
- Microsoft Windows 10 x32
- Microsoft Windows 10 x64
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
- Microsoft Windows 10 1809 for x64-based Systems
- Microsoft Windows 10 1809 for 32-bit Systems
- Microsoft Windows 10 1809 for ARM64-based Systems
- Microsoft Windows 10 1607 for 32-bit Systems
- Microsoft Windows 10 1607 for x64-based Systems
- Microsoft Windows Server (Server Core installation) 2019
- Microsoft Windows Server (Server Core installation) 2016
- Microsoft Windows Server (Server Core installation) 2012 R2
- Microsoft Windows Server (Server Core installation) 2012
- Microsoft Windows Server for X64-based systems 2008 R2 SP1
- Microsoft Windows Server for X64-based systems (Server Core installation) 2008 SP2
- Microsoft Windows Server for 32-bit systems (Server Core installation) 2008 SP2
- Microsoft Windows Server for 32-bit systems 2008 SP2
- Microsoft Windows Server for X64-based systems (Server Core installation) 2008 R2 SP1
- Microsoft Windows Server 2022
- Microsoft Windows Server (Server Core installation) 2022
- Microsoft Windows Server for X64-based systems 2008 SP2
- Microsoft Windows 10 21H2 for 32-bit Systems
- Microsoft Windows 10 21H2 for ARM64-based Systems
- Microsoft Windows 10 21H2 for x64-based Systems
- Microsoft Windows 11 22H2 for ARM64-based Systems
- Microsoft Windows 11 22H2 for x64-based Systems
- Microsoft Windows 10 22H2 for 32-bit Systems
- Microsoft Windows 10 22H2 for ARM64-based Systems
- Microsoft Windows 10 22H2 for x64-based Systems
- Microsoft Windows 11 21H2 for ARM64-based Systems
- Microsoft Windows 11 21H2 for x64-based Systems
- Microsoft Windows Server (Server Core installation) 2022 23H2
- Microsoft Windows Server 2022 23H2
- Microsoft Windows 11 23H2 for ARM64-based Systems
- Microsoft Windows 11 23H2 for x64-based Systems
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.