Rewterz Threat Alert -Qakbot aka Pinkslipbot or Qbot Malware – Active IOCs
March 15, 2023Rewterz Threat Alert – DarkComet RAT (Remote Access Trojan) – Active IOCs
March 15, 2023Rewterz Threat Alert -Qakbot aka Pinkslipbot or Qbot Malware – Active IOCs
March 15, 2023Rewterz Threat Alert – DarkComet RAT (Remote Access Trojan) – Active IOCs
March 15, 2023Severity
High
Analysis Summary
CVE-2023-23410 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the HTTP.sys component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-24908 CVSS:8.1
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Remote Procedure Call Runtime. By sending a specially crafted RPC call to an RPC host, an attacker could exploit this vulnerability to execute arbitrary code on the server side with the same permissions as the RPC service.
CVE-2023-24868 CVSS:8.8
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the PostScript Printer Driver. By sending a specially crafted XPS file to a shared printer, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-23420 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-24907 CVSS:8.8
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the PostScript Printer Driver. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-23421 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-23403 CVSS:8.8
Microsoft Windows could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the PostScript and PCL6 Class Printer Driver. By sending a modified XPS file to a shared printer, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2023-23423 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-23416 CVSS:8.4
Microsoft Windows could allow a local attacker to execute arbitrary code on the system, caused by a flaw in the Cryptographic Services. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-24876 CVSS:8.8
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the PostScript Printer Driver. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-23401 CVSS:7.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Media component. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-24910 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Graphics Component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-23392 CVSS:9.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the HTTP Protocol Stack component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-24861 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Graphics component. By winning a race condition, an authenticated attacker could exploit this vulnerability to obtain limited SYSTEM privileges.
CVE-2023-24867 CVSS:8.8
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the PostScript Printer Driver. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-24864 CVSS:8.8
Microsoft Windows could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the PostScript and PCL6 Class Printer Driver. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-23413 CVSS:8.8
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the PostScript Printer Driver. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-23402 CVSS:7.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Media component. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-23407 CVSS:7.1
Microsoft Windows could allow a remote attacker within the local network to execute arbitrary code on the system, caused by a flaw in the Point-to-Point Protocol over Ethernet (PPPoE). By persuading a victim to dial a PPPoE connection at the same time and winning a race condition, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-24913 CVSS:8.8
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the PostScript Printer Driver. By sending a specially crafted XPS file to a shared printer, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-23400 CVSS:7.2
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the DNS Server component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-23412 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Accounts Control component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-23385 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Point-to-Point Protocol over Ethernet (PPPoE) component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-23419 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Resilient File System (ReFS). By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-23404 CVSS:8.1
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Point-to-Point Tunneling Protocol. By winning a race condition, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-23405 CVSS:8.1
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Remote Procedure Call Runtime component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-21708 CVSS:9.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Remote Procedure Call Runtime component. By a sending a specially crafted RPC call to an RPC host, an attacker could exploit this vulnerability to execute arbitrary code on the server side with the same permissions as the RPC service.
CVE-2023-23393 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Central Resource Manager component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-23415 CVSS:9.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Internet Control Message Protocol (ICMP) component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-23414 CVSS:7.1
Microsoft Windows could allow a remote attacker within the local network to execute arbitrary code on the system, caused by a flaw in the Point-to-Point Protocol over Ethernet (PPPoE). By persuading a victim to dial a PPPoE connection at the same time and winning a race condition, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-24871 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Bluetooth Service. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-23418 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Resilient File System (ReFS). By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-23417 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Partition Management Driver. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain limited SYSTEM privileges.
CVE-2023-23422 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-24872 CVSS:8.8
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the PostScript and PCL6 Class Printer Driver. By sending a specially crafted XPS file to a shared printer, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-24869 CVSS:8.1
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Remote Procedure Call Runtime. By sending a specially crafted RPC call to an RPC host, an attacker could exploit this vulnerability to execute arbitrary code on the server side with the same permissions as the RPC service.
CVE-2023-23388 CVSS:8.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Bluetooth Driver component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-23406 CVSS:8.8
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the PostScript Printer Driver component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
- Privilege Escalation
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-23410
- CVE-2023-24908
- CVE-2023-24868
- CVE-2023-23420
- CVE-2023-24907
- CVE-2023-23421
- CVE-2023-23403
- CVE-2023-23423
- CVE-2023-23416
- CVE-2023-24876
- CVE-2023-23401
- CVE-2023-24910
- CVE-2023-23392
- CVE-2023-24861
- CVE-2023-24867
- CVE-2023-24864
- CVE-2023-23413
- CVE-2023-23402
- CVE-2023-23407
- CVE-2023-24913
- CVE-2023-23400
- CVE-2023-23412
- CVE-2023-23385
- CVE-2023-23419
- CVE-2023-23404
- CVE-2023-23405
- CVE-2023-21708
- CVE-2023-23393
- CVE-2023-23415
- CVE-2023-23414
- CVE-2023-24871
- CVE-2023-23418
- CVE-2023-23417
- CVE-2023-23422
- CVE-2023-24872
- CVE-2023-24869
- CVE-2023-23388
- CVE-2023-23406
Affected Vendors
Microsoft
Affected Products
- Microsoft Windows Server 2012
- Microsoft Windows Server 2012 R2
- Microsoft Windows 10 x64
- Microsoft Windows 10 x32
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
- Microsoft Windows 10 1809 for 32-bit Systems
- Microsoft Windows 10 1809 for x64-based Systems
- Microsoft Windows 10 1809 for ARM64-based Systems
- Microsoft Windows 10 1607 for 32-bit Systems
- Microsoft Windows 10 1607 for x64-based Systems
- Microsoft Windows 10 20H2 for 32-bit Systems
- Microsoft Windows 10 20H2 for ARM64-based Systems
- Microsoft Windows 10 20H2 for x64-based Systems
- Microsoft Windows Server (Server Core installation) 2019
- Microsoft Windows Server (Server Core installation) 2016
- Microsoft Windows Server (Server Core installation) 2012 R2
- Microsoft Windows Server (Server Core installation) 2012
- Microsoft Windows Server for X64-based systems 2008 R2 SP1
- Microsoft Windows Server for X64-based systems (Server Core installation) 2008 SP2
- Microsoft Windows Server for 32-bit systems (Server Core installation) 2008 SP2
- Microsoft Windows Server for 32-bit systems 2008 SP2
- Microsoft Windows Server for X64-based systems (Server Core installation) 2008 R2 SP1
- Microsoft Windows Server 2022
- Microsoft Windows Server (Server Core installation) 2022
- Microsoft Windows Server for X64-based systems 2008 SP2
- Microsoft Windows 10 21H2 for 32-bit Systems
- Microsoft Windows 10 21H2 for ARM64-based Systems
- Microsoft Windows 10 21H2 for x64-based Systems
- Microsoft Windows 11 22H2 for ARM64-based Systems
- Microsoft Windows 11 22H2 for x64-based Systems
- Microsoft Windows 10 22H2 for x64-based Systems
- Microsoft Windows 10 22H2 for 32-bit Systems
- Microsoft Windows 10 22H2 for ARM64-based Systems
- Microsoft Windows 11 21H2 for ARM64-based Systems
- Microsoft Windows 11 21H2 for x64-based Systems
- Microsoft Windows 10 21H1 for 32-bit Systems
- Microsoft Windows 10 21H1 for ARM64-based Systems
- Microsoft Windows Search 4.0
- Microsoft Windows Script Host 5.6
- Microsoft Windows 10 2004 for x64-based Systems
- Microsoft Windows 10 1909 for 32-bit Systems
- Microsoft Windows 10 1909 for x64-based Systems
- Microsoft Windows 10 1909 for ARM64-based Systems
- Microsoft Windows Server version 20H2
- Microsoft Windows Server (Server Core installation) 1909
- Microsoft Windows 11 ARM64
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.