Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
High
CVE-2023-23410 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the HTTP.sys component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-24908 CVSS:8.1
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Remote Procedure Call Runtime. By sending a specially crafted RPC call to an RPC host, an attacker could exploit this vulnerability to execute arbitrary code on the server side with the same permissions as the RPC service.
CVE-2023-24868 CVSS:8.8
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the PostScript Printer Driver. By sending a specially crafted XPS file to a shared printer, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-23420 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-24907 CVSS:8.8
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the PostScript Printer Driver. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-23421 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-23403 CVSS:8.8
Microsoft Windows could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the PostScript and PCL6 Class Printer Driver. By sending a modified XPS file to a shared printer, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2023-23423 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-23416 CVSS:8.4
Microsoft Windows could allow a local attacker to execute arbitrary code on the system, caused by a flaw in the Cryptographic Services. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-24876 CVSS:8.8
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the PostScript Printer Driver. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-23401 CVSS:7.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Media component. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-24910 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Graphics Component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-23392 CVSS:9.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the HTTP Protocol Stack component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-24861 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Graphics component. By winning a race condition, an authenticated attacker could exploit this vulnerability to obtain limited SYSTEM privileges.
CVE-2023-24867 CVSS:8.8
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the PostScript Printer Driver. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-24864 CVSS:8.8
Microsoft Windows could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the PostScript and PCL6 Class Printer Driver. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-23413 CVSS:8.8
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the PostScript Printer Driver. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-23402 CVSS:7.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Media component. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-23407 CVSS:7.1
Microsoft Windows could allow a remote attacker within the local network to execute arbitrary code on the system, caused by a flaw in the Point-to-Point Protocol over Ethernet (PPPoE). By persuading a victim to dial a PPPoE connection at the same time and winning a race condition, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-24913 CVSS:8.8
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the PostScript Printer Driver. By sending a specially crafted XPS file to a shared printer, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-23400 CVSS:7.2
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the DNS Server component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-23412 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Accounts Control component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-23385 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Point-to-Point Protocol over Ethernet (PPPoE) component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-23419 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Resilient File System (ReFS). By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-23404 CVSS:8.1
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Point-to-Point Tunneling Protocol. By winning a race condition, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-23405 CVSS:8.1
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Remote Procedure Call Runtime component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-21708 CVSS:9.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Remote Procedure Call Runtime component. By a sending a specially crafted RPC call to an RPC host, an attacker could exploit this vulnerability to execute arbitrary code on the server side with the same permissions as the RPC service.
CVE-2023-23393 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Central Resource Manager component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-23415 CVSS:9.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Internet Control Message Protocol (ICMP) component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-23414 CVSS:7.1
Microsoft Windows could allow a remote attacker within the local network to execute arbitrary code on the system, caused by a flaw in the Point-to-Point Protocol over Ethernet (PPPoE). By persuading a victim to dial a PPPoE connection at the same time and winning a race condition, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-24871 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Bluetooth Service. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-23418 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Resilient File System (ReFS). By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-23417 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Partition Management Driver. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain limited SYSTEM privileges.
CVE-2023-23422 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-24872 CVSS:8.8
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the PostScript and PCL6 Class Printer Driver. By sending a specially crafted XPS file to a shared printer, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-24869 CVSS:8.1
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Remote Procedure Call Runtime. By sending a specially crafted RPC call to an RPC host, an attacker could exploit this vulnerability to execute arbitrary code on the server side with the same permissions as the RPC service.
CVE-2023-23388 CVSS:8.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Bluetooth Driver component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-23406 CVSS:8.8
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the PostScript Printer Driver component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Microsoft
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.