Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 21, 2023Severity Medium Analysis Summary Rhadamanthys is a type of malware known as a stealer, which is designed to steal sensitive information from infected computers. It was […]March 21, 2023Severity High Analysis Summary The Mirai botnet is a type of malware that infects Internet of Things (IoT) devices, such as routers, security cameras, and other […]March 21, 2023Severity High Analysis Summary LockBit ransomware takes as little as five minutes to deploy the encryption routine on target systems once it lands on the victim […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 21, 2023Severity Medium Analysis Summary Rhadamanthys is a type of malware known as a stealer, which is designed to steal sensitive information from infected computers. It was […]March 21, 2023Severity High Analysis Summary The Mirai botnet is a type of malware that infects Internet of Things (IoT) devices, such as routers, security cameras, and other […]March 21, 2023Severity High Analysis Summary LockBit ransomware takes as little as five minutes to deploy the encryption routine on target systems once it lands on the victim […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – Multiple Oracle Fusion Middleware Vulnerabilities
January 23, 2023Rewterz Threat Alert – Conti Ransomware – Active IOCs
January 24, 2023
Severity
High
Analysis Summary
CVE-2023-21726 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Credential Manager User Interface component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-21558 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Error Reporting Service component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-21552 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the GDI component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain SYSTEM privileges.
CVE-2023-21532 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the GDI component. By winning a race condition, an authenticated attacker could exploit this vulnerability to gain System privileges.
CVE-2023-21542 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Installer component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-21527 CVSS:7.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the iSCSI Service. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-21524 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Local Security Authority (LSA) component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to impersonate the group Managed Service Account.
CVE-2023-21771 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Local Session Manager (LSM) component. By winning a race condition, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-21728 CVSS:7.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Netlogon component. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-21746 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the NTLM component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2022-41102 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Overlay Filter component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain SYSTEM privileges.
CVE-2023-21682 CVSS:5.3
Microsoft Windows could allow a remiote attacker to obtain sensitive information, caused by a flaw in the Point-to-Point Protocol (PPP) component. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain memory in the process heap and then use this information to launch further attacks against the affected system.
CVE-2023-21765 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-21760 CVSS:7.1
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-21678 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-21759 CVSS:3.3
Microsoft Windows could allow a local authenticated attacker to bypass security restrictions, cause by a flaw in Smart Card Resource Management Server component. An attacker could exploit this vulnerability to access data related to FIDO keys managed on a vulnerable system.
CVE-2023-21541 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Task Scheduler component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain SYSTEM privileges.
CVE-2023-21680 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Win32k component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-21539 CVSS:7.5
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Authentication component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Privilege Escalation
- Information Disclosure
- Security Bypass
- Code Execution
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2023-21726
- CVE-2023-21558
- CVE-2023-21552
- CVE-2023-21532
- CVE-2023-21542
- CVE-2023-21527
- CVE-2023-21524
- CVE-2023-21771
- CVE-2023-21728
- CVE-2023-21746
- CVE-2022-41102
- CVE-2023-21682
- CVE-2023-21765
- CVE-2023-21760
- CVE-2023-21678
- CVE-2023-21759
- CVE-2023-21541
- CVE-2023-21680
- CVE-2023-21539
Affected Vendors
Microsoft
Affected Products
- Microsoft Windows 7 SP1 x32
- Microsoft Windows 7 SP1 x64
- Microsoft Windows Server 2012
- Microsoft Windows 8.1 x32
- Microsoft Windows 8.1 x64
- Microsoft Windows Server 2012 R2
- Microsoft Windows RT 8.1Microsoft Windows 10 x32
- Microsoft Windows 10 x64Microsoft Windows Server 2016
- Microsoft Windows Server 2019
- Microsoft Windows 10 1809 for x64-based Systems
- Microsoft Windows 10 1809 for 32-bit Systems
- Microsoft Windows 10 1809 for ARM64-based Systems
- Microsoft Windows 10 1607 for 32-bit Systems
- Microsoft Windows 10 1607 for x64-based Systems
- Microsoft Windows 10 20H2 for 32-bit Systems
- Microsoft Windows 10 20H2 for ARM64-based Systems
- Microsoft Windows 10 20H2 for x64-based Systems
- Microsoft Windows Server (Server Core installation) 2019
- Microsoft Windows Server (Server Core installation) 2016
- Microsoft Windows Server (Server Core installation) 2012
- Microsoft Windows Server for X64-based systems 2008 R2 SP1
- Microsoft Windows Server for X64-based systems (Server Core installation) 2008 SP2
- Microsoft Windows Server for 32-bit systems (Server Core installation) 2008 SP2
- Microsoft Windows Server for 32-bit systems 2008 SP2
- Microsoft Windows Server for X64-based systems (Server Core installation) 2008 R2 SP1
- Microsoft Windows Server 2022Microsoft Windows Server (Server Core installation) 2022
- Microsoft Windows Server for X64-based systems 2008 SP2
- Microsoft Windows 10 21H2 for 32-bit Systems
- Microsoft Windows 10 21H2 for ARM64-based Systems
- Microsoft Windows 10 21H2 for x64-based Systems
- Microsoft Windows 11 22H2 for ARM64-based Systems
- Microsoft Windows 11 22H2 for x64-based Systems
- Microsoft Windows 10 22H2 for 32-bit Systems
- Microsoft Windows 10 22H2 for ARM64-based Systems
- Microsoft Windows 10 22H2 for x64-based Systems
- Microsoft Windows Server 2022 Datacenter: Azure EditionMicrosoft Windows 11 21H2 for ARM64-based Systems
- Microsoft Windows 11 21H2 for x64-based Systems
- Microsoft Windows Server for X64-based systems (Server Core installation) 2008 R2
- Microsoft Windows Server 2022 Azure Edition Core Hotpatch
- Microsoft Windows 10 21H1 for 32-bit Systems
- Microsoft Windows 10 21H1 for ARM64-based Systems
- Microsoft Windows 10 21H1 for x64-based Systems
- Microsoft Windows 11 x64Microsoft Windows 11 ARM64
- Microsoft Windows Server (Server Core installation) 22H2
- Microsoft Windows Server (Server Core installation) 2012 R2
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.