Rewterz Threat Alert – AsyncRAT – Active IOCs
January 17, 2023Rewterz Threat Alert – Ekipa RAT – Active IOCs
January 18, 2023Rewterz Threat Alert – AsyncRAT – Active IOCs
January 17, 2023Rewterz Threat Alert – Ekipa RAT – Active IOCs
January 18, 2023Severity
High
Analysis Summary
CVE-2023-21563 CVSS:6.8
Microsoft Windows could allow a physical attacker to bypass security restrictions, cause by a flaw in BitLocker component. An attacker could exploit this vulnerability to bypass security feature to cause impact on confidentiality, integrity and availability.
CVE-2023-21536 CVSS:4.7
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Event Tracing for Windows component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information from Kernel memory and then use this information to launch further attacks against the affected system.
CVE-2023-21547 CVSS:7.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Internet Key Exchange (IKE) Protocol. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-21724 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the DWM Core Library component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-21537 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Message Queuing (MSMQ) component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-21732 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the ODBC Driver. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-21681 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the WDAC OLE DB provider for SQL Server. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-21725 CVSS:6.3
Microsoft Windows Defender could allow a local authenticated attacker to gain elevated privileges on the system. By winning a race condition, an authenticated attacker could exploit this vulnerability to gain SYSTEM privileges.
CVE-2023-21779 CVSS:7.3
Microsoft Visual Studio Code could allow a remote authenticated attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-21768 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Ancillary Function Driver for WinSock component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-21525 CVSS:5.3
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Remote Procedure Call Runtime. A remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-21752 CVSS:7.1
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Backup Service component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2022-41114 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Bind Filter Driver component. By winning a race condition, an authenticated attacker could exploit this vulnerability to gain administrative privileges.
CVE-2023-21739 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Bluetooth Driver component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-21560 CVSS:6.6
Microsoft Windows could allow a physical authenticated attacker to bypass security restrictions, cause by a flaw in Boot Manager component. An attacker could exploit this vulnerability to bypass the BitLocker Device Encryption feature.
Impact
- Code Execution
- Privilege Escalation
- Denial of Service
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-21563
- CVE-2023-21536
- CVE-2023-21547
- CVE-2023-21724
- CVE-2023-21537
- CVE-2023-21732
- CVE-2023-21681
- CVE-2023-21725
- CVE-2023-21779
- CVE-2023-21768
- CVE-2023-21525
- CVE-2023-21752
- CVE-2022-41114
- CVE-2023-21739
- CVE-2023-21560
Affected Vendors
Microsoft
Affected Products
- Microsoft Windows 7 SP1 x32
- Microsoft Windows 7 SP1 x64
- Microsoft Windows Server 2012
- Microsoft Windows 8.1 x32
- Microsoft Windows 8.1 x64
- Microsoft Windows Server 2012 R2
- Microsoft Windows RT 8.1
- Microsoft Windows 10 x32
- Microsoft Windows 10 x64
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
- Microsoft Windows 10 1809 for 32-bit Systems
- Microsoft Windows 10 1809 for x64-based Systems
- Microsoft Windows 10 1809 for ARM64-based Systems
- Microsoft Windows 10 1607 for 32-bit Systems
- Microsoft Windows 10 1607 for x64-based Systems
- Microsoft Windows 10 20H2 for 32-bit Systems
- Microsoft Windows 10 20H2 for ARM64-based Systems
- Microsoft Windows 10 20H2 for x64-based Systems
- Microsoft Windows Server (Server Core installation) 2019
- Microsoft Windows Server (Server Core installation) 2016
- Microsoft Windows Server (Server Core installation) 2012 R2
- Microsoft Windows Server (Server Core installation) 2012
- Microsoft Windows Server for X64-based systems 2008 R2 SP1
- Microsoft Windows Server for X64-based systems (Server Core installation) 2008 SP2
- Microsoft Windows Server for 32-bit systems (Server Core installation) 2008 SP2
- Microsoft Windows Server for 32-bit systems 2008 SP2
- Microsoft Windows Server for X64-based systems (Server Core installation) 2008 R2 SP1
- Microsoft Windows Server 2022Microsoft Windows Server (Server Core installation) 2022
- Microsoft Windows Server for X64-based systems 2008 SP2
- Microsoft Windows 10 21H2 for 32-bit Systems
- Microsoft Windows 10 21H2 for ARM64-based Systems
- Microsoft Windows 10 21H2 for x64-based Systems
- Microsoft Windows 11 22H2 for ARM64-based Systems
- Microsoft Windows 11 22H2 for x64-based Systems
- Microsoft Windows 10 22H2 for 32-bit Systems
- Microsoft Windows 10 22H2 for ARM64-based Systems
- Microsoft Windows 10 22H2 for x64-based Systems
- Microsoft Windows Server 2022 Datacenter: Azure Edition
- Microsoft Windows 11 21H2 for ARM64-based Systems
- Microsoft Windows 11 21H2 for x64-based Systems
- Microsoft Windows 10 21H1 for 32-bit Systems
- Microsoft Windows 10 21H1 for ARM64-based Systems
- Microsoft Windows 10 21H1 for x64-based Systems
- Microsoft Windows 11 x64Microsoft Windows 11 ARM64
- Microsoft Windows Server 2022 Azure Edition Core Hotpatch
- Microsoft Windows Server (Server Core installation) 22H2
- Microsoft Windows Server for X64-based systems (Server Core installation) 2008 R2
- Microsoft Malware Protection EngineMicrosoft Visual Studio Code
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.