Report Name: Microsoft Patch Tuesday, December 2023Generated: 2024-01-29 19:24:06
| Product Name | Prevalence | U | C | H | M | L | A | Comment |
|---|---|---|---|---|---|---|---|---|
| AMD Processor | 0.9 | 1 | 1 | Processor | ||||
| Windows Kernel | 0.9 | 1 | 1 | 2 | Windows Kernel | |||
| Windows Win32k | 0.9 | 2 | 2 | The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management. | ||||
| Chromium | 0.8 | 1 | 4 | 8 | 13 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | ||
| Microsoft Defender | 0.8 | 1 | 1 | Anti-malware component of Microsoft Windows | ||||
| Microsoft Edge | 0.8 | 2 | 3 | 5 | Web browser | |||
| Microsoft PowerShell | 0.8 | 1 | 1 | PowerShell or Microsoft PowerShell (formerly Windows PowerShell) is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language | ||||
| Windows Ancillary Function Driver for WinSock | 0.8 | 1 | 1 | Windows component | ||||
| Windows Bluetooth Driver | 0.8 | 1 | 1 | Windows component | ||||
| Windows Cloud Files Mini Filter Driver | 0.8 | 1 | 1 | Windows component | ||||
| Windows DNS | 0.8 | 1 | 1 | Windows component | ||||
| Windows DPAPI (Data Protection Application Programming Interface) | 0.8 | 1 | 1 | Windows component | ||||
| Windows MSHTML Platform | 0.8 | 1 | 1 | Windows component | ||||
| Windows Media | 0.8 | 1 | 1 | Windows component | ||||
| Windows Telephony Server | 0.8 | 1 | 1 | Windows component | ||||
| Microsoft Outlook | 0.6 | 1 | 1 | Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft 365 software suites | ||||
| Microsoft Word | 0.6 | 1 | 1 | Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product. | ||||
| Azure Connected Machine Agent | 0.5 | 1 | 1 | Azure Connected Machine Agent | ||||
| Azure Machine Learning Compute Instance for SDK Users | 0.5 | 1 | 1 | Azure Machine Learning Compute Instance for SDK Users | ||||
| DHCP Server Service | 0.5 | 3 | 3 | DHCP Server Service | ||||
| Dynamics 365 | 0.5 | 1 | 1 | Product detected by a:microsoft:dynamics_365 (exists in CPE dict) | ||||
| Internet Connection Sharing (ICS) | 0.5 | 2 | 1 | 3 | Internet Connection Sharing (ICS) | |||
| Local Security Authority Subsystem Service | 0.5 | 1 | 1 | Local Security Authority Subsystem Service | ||||
| Microsoft Dynamics 365 Finance and Operations | 0.5 | 1 | 1 | Microsoft Dynamics 365 Finance and Operations | ||||
| Microsoft ODBC Driver | 0.5 | 1 | 1 | Microsoft ODBC Driver | ||||
| Microsoft Outlook for Mac | 0.5 | 1 | 1 | Microsoft Outlook for Mac | ||||
| Microsoft Power Platform Connector | 0.5 | 1 | 1 | Microsoft Power Platform Connector | ||||
| Microsoft USBHUB 3.0 Device Driver | 0.5 | 1 | 1 | Microsoft USBHUB 3.0 Device Driver | ||||
| Microsoft WDAC OLE DB provider for SQL Server | 0.5 | 1 | 1 | Microsoft WDAC OLE DB provider for SQL Server | ||||
| Windows 10 1809 | 0.5 | 1 | 1 | Product detected by o:microsoft:windows_10_1809 (exists in CPE dict) | ||||
| XAML Diagnostics | 0.5 | 1 | 1 | XAML Diagnostics |
| Vulnerability Type | Criticality | U | C | H | M | L | A |
|---|---|---|---|---|---|---|---|
| Remote Code Execution | 1.0 | 8 | 1 | 9 | |||
| Security Feature Bypass | 0.9 | 1 | 1 | ||||
| Elevation of Privilege | 0.85 | 6 | 5 | 11 | |||
| Information Disclosure | 0.83 | 1 | 7 | 8 | |||
| Cross Site Scripting | 0.8 | 1 | 1 | ||||
| Denial of Service | 0.7 | 5 | 5 | ||||
| Incorrect Calculation | 0.5 | 1 | 1 | 2 | |||
| Memory Corruption | 0.5 | 4 | 6 | 10 | |||
| Spoofing | 0.4 | 6 | 6 |
| Source | U | C | H | M | L | A |
|---|---|---|---|---|---|---|
| MS PT Extended | 1 | 7 | 11 | 19 | ||
| Qualys | 7 | 6 | 13 | |||
| Tenable | 3 | 3 | 6 | |||
| Rapid7 | 3 | 1 | 4 | |||
| ZDI | 1 | 2 | 3 |
1. 
Incorrect Calculation - Chromium (CVE-2023-6345) - Critical [663]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object, cisa_kev object), AttackerKB, NVD:CISAKEV websites | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Incorrect Calculation | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 1.0 | 10 | CVSS Base Score is 9.6. According to NVD data source | |
| 0.9 | 10 | EPSS Probability is 0.04266, EPSS Percentile is 0.91458 |
MS PT Extended: CVE-2023-6345 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
2. 
Elevation of Privilege - XAML Diagnostics (CVE-2023-36003) - High [580]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Vulnerability in Microsoft, [githubexploit] Exploit for Vulnerability in Microsoft) | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | XAML Diagnostics | |
| 0.7 | 10 | CVSS Base Score is 6.7. According to Microsoft data source | |
| 0.5 | 10 | EPSS Probability is 0.00162, EPSS Percentile is 0.52881 |
3. 
Remote Code Execution - Windows MSHTML Platform (CVE-2023-35628) - High [490]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 8.1. According to Microsoft data source | |
| 0.7 | 10 | EPSS Probability is 0.00479, EPSS Percentile is 0.73334 |
Qualys: CVE-2023-35628: Windows MSHTML Platform Remote Code Execution Vulnerability Windows MSHTML is a browser engine that renders web pages frequently connected to Internet Explorer. Even though the Internet Explorer (IE) 11 desktop application has reached the end of support, MSHTML vulnerabilities are still relevant today and are being patched by Microsoft. An attacker may exploit the vulnerability by sending a specially crafted email, which triggers when it is retrieved and processed by the Outlook client. The vulnerability can be exploited even BEFORE the email is viewed in the Preview Pane. An attacker may use complex memory-shaping techniques to attack affected instances.
Tenable: CVE-2023-35628 | Windows MSHTML Platform Remote Code Execution Vulnerability
Tenable: CVE-2023-35628 is a RCE vulnerability affecting the Windows MSHTML platform. The vulnerability was assigned a CVSSv3 score of 8.1 and is rated as “Exploitation More Likely.” According to Microsoft, an attacker could exploit this vulnerability by sending a specifically crafted email which will automatically be processed when it is retrieved by Microsoft Outlook. Exploitation occurs before the email is viewed in the Preview Pane. While this is a critical vulnerability, Microsoft does note that successful exploitation would require the attacker to use “complex memory shaping techniques,” which may limit the successful use of this vulnerability to very skilled attackers.
Rapid7: CVE-2023-35628 describes a critical RCE vulnerability in the MSHTML proprietary browser engine still used by Outlook, among others, to render HTML content. Of particular note: the most concerning exploitation scenario leads to exploitation as soon as Outlook retrieves and processes the specially crafted malicious email. This means that exploitation could occur before the user interacts with the email in any way; not even the Preview Pane is required in this scenario. Other attack vectors exist: the user could also click a malicious link received via email, instant message, or other medium. Assets where Internet Explorer 11 has been fully disabled are still vulnerable until patched; the MSHTML engine remains installed within Windows regardless of the status of IE11.
ZDI: CVE-2023-35628 – Windows MSHTML Platform Remote Code Execution Vulnerability. This patch corrects a bug that could allow a remote, unauthenticated attacker to execute arbitrary code on affected systems just by sending a specially crafted e-mail to the target. This usually means the Preview Pane is an attack vector, but that’s not the case here. Instead, the code execution occurs when Outlook retrieves and processes the mail, which occurs BEFORE the Preview Pane. No doubt ransomware gangs will attempt to create a reliable exploit for this vulnerability. They may run into some problems as exploitation does require memory-shaping techniques.
4. Remote Code Execution - Microsoft ODBC Driver (CVE-2023-35639) - High [476]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft ODBC Driver | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.9 | 10 | EPSS Probability is 0.01462, EPSS Percentile is 0.85379 |
5. Remote Code Execution - Microsoft WDAC OLE DB provider for SQL Server (CVE-2023-36006) - High [476]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft WDAC OLE DB provider for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.9 | 10 | EPSS Probability is 0.01462, EPSS Percentile is 0.85379 |
6. Remote Code Execution - Windows Bluetooth Driver (CVE-2023-35634) - High [454]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 8.0. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00113, EPSS Percentile is 0.44743 |
7. Remote Code Execution - Windows Media (CVE-2023-21740) - High [454]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00113, EPSS Percentile is 0.44743 |
8. Elevation of Privilege - Microsoft Edge (CVE-2023-35618) - High [451]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Web browser | |
| 1.0 | 10 | CVSS Base Score is 9.6. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00106, EPSS Percentile is 0.42711 |
MS PT Extended: CVE-2023-35618 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
9. Elevation of Privilege - Windows Kernel (CVE-2023-35633) - High [444]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Kernel | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00097, EPSS Percentile is 0.40136 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2023-35633 is an elevation of privilege vulnerability in Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35632 is an elevation of privilege vulnerability in Windows Ancillary Function Driver (AFD) for Winsock. The driver connects a computer to the internet. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2023-36011 and CVE-2023-35631 are elevation of privilege vulnerabilities in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35644 is an elevation of privilege vulnerability in Windows Sysmain Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36005 is an elevation of privilege vulnerability in Windows Telephony Server. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to execute code in the security context of the “NT AUTHORITY\Network Service” account. CVE-2023-36391 is an elevation of privilege vulnerability in the Local Security Authority Subsystem Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36696 is an elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
10. Remote Code Execution - Microsoft Edge (CVE-2023-36008) - High [430]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Web browser | |
| 0.7 | 10 | CVSS Base Score is 6.6. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00077, EPSS Percentile is 0.31705 |
MS PT Extended: CVE-2023-36008 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
11. Elevation of Privilege - Windows Telephony Server (CVE-2023-36005) - High [427]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00111, EPSS Percentile is 0.44091 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2023-35633 is an elevation of privilege vulnerability in Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35632 is an elevation of privilege vulnerability in Windows Ancillary Function Driver (AFD) for Winsock. The driver connects a computer to the internet. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2023-36011 and CVE-2023-35631 are elevation of privilege vulnerabilities in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35644 is an elevation of privilege vulnerability in Windows Sysmain Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36005 is an elevation of privilege vulnerability in Windows Telephony Server. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to execute code in the security context of the “NT AUTHORITY\Network Service” account. CVE-2023-36391 is an elevation of privilege vulnerability in the Local Security Authority Subsystem Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36696 is an elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
12. Remote Code Execution - Internet Connection Sharing (ICS) (CVE-2023-35630) - High [416]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Internet Connection Sharing (ICS) | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00113, EPSS Percentile is 0.44743 |
Qualys: CVE-2023-35630: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability Internet Connection Sharing (ICS) is a Windows service that enables one Internet-connected computer to share its Internet connection with other computers on a local area network (LAN). An attacker can only attack systems connected to the same network segment as them. Attacks cannot be carried out across multiple networks (such as a WAN). To exploit this vulnerability, an attacker must modify an option->length field in a DHCPv6 DHCPV6_MESSAGE_INFORMATION_REQUEST input message.
Tenable: CVE-2023-35641 and CVE-2023-35630 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
Tenable: CVE-2023-35641 and CVE-2023-35630 are RCE vulnerabilities affecting the Internet Connection Sharing service in Windows, a service that allows an internet connected device to share its connection with other devices on a local area network. Both vulnerabilities were assigned CVSSv3 scores of 8.8 and a maximum severity rating of critical.
Tenable: Exploitation of CVE-2023-35641, which Microsoft rated as “Exploitation More Likely,” can be achieved by sending a specially crafted DHCP message to a server running the ICS service. Exploitation of CVE-2023-35630, which Microsoft rated as “Exploitation Less Likely,” requires an attacker to modify the length field in a DHCPv6 message. Both of these vulnerabilities are credited to researchers at Kunlun Lab and an anonymous researcher.
Rapid7: This month also brings patches for a pair of critical RCE vulnerabilities in Internet Connection Sharing. CVE-2023-35630 and CVE-2023-35641 share a number of similarities: a base CVSS v3.1 score of 8.8, Microsoft critical severity ranking, low attack complexity, and presumably execution in SYSTEM context on the target machine, although the advisories do not specify execution context. Description of the exploitation method does differ between the two, however.
Rapid7: CVE-2023-35630 requires the attacker to modify an option->length field in a DHCPv6 DHCPV6_MESSAGE_INFORMATION_REQUEST input message. Exploitation of CVE-2023-35641 is also via a maliciously crafted DHCP message to an ICS server, but the advisory gives no further clues.
13. Remote Code Execution - Internet Connection Sharing (ICS) (CVE-2023-35641) - High [416]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Internet Connection Sharing (ICS) | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00113, EPSS Percentile is 0.44743 |
Qualys: CVE-2023-35641: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability An attacker can only attack systems connected to the same network segment as them. Attacks cannot be carried out across multiple networks (for example, a WAN). An attacker may exploit this vulnerability by sending a specially crafted DHCP message to a server that runs the Internet Connection Sharing service.
Tenable: CVE-2023-35641 and CVE-2023-35630 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
Tenable: CVE-2023-35641 and CVE-2023-35630 are RCE vulnerabilities affecting the Internet Connection Sharing service in Windows, a service that allows an internet connected device to share its connection with other devices on a local area network. Both vulnerabilities were assigned CVSSv3 scores of 8.8 and a maximum severity rating of critical.
Tenable: Exploitation of CVE-2023-35641, which Microsoft rated as “Exploitation More Likely,” can be achieved by sending a specially crafted DHCP message to a server running the ICS service. Exploitation of CVE-2023-35630, which Microsoft rated as “Exploitation Less Likely,” requires an attacker to modify the length field in a DHCPv6 message. Both of these vulnerabilities are credited to researchers at Kunlun Lab and an anonymous researcher.
Rapid7: This month also brings patches for a pair of critical RCE vulnerabilities in Internet Connection Sharing. CVE-2023-35630 and CVE-2023-35641 share a number of similarities: a base CVSS v3.1 score of 8.8, Microsoft critical severity ranking, low attack complexity, and presumably execution in SYSTEM context on the target machine, although the advisories do not specify execution context. Description of the exploitation method does differ between the two, however.
Rapid7: CVE-2023-35630 requires the attacker to modify an option->length field in a DHCPv6 DHCPV6_MESSAGE_INFORMATION_REQUEST input message. Exploitation of CVE-2023-35641 is also via a maliciously crafted DHCP message to an ICS server, but the advisory gives no further clues.
Rapid7: A broadly similar ICS vulnerability in September 2023 led to RCE in a SYSTEM context on the ICS server. In all three cases, a mitigating factor is the requirement for the attack to be launched from the same network segment as the ICS server. It seems improbable that either of this month’s ICS vulnerabilities are exploitable against a target on which ICS is not running; Microsoft did not explicitly deny the possibility, but a subsequent update to the advisory for CVE-2023-35641 does clarify that exploitation requires that ICS is enabled.
Rapid7: 2023-12-14: Microsoft updated the advisory for CVE-2023-35641 to confirm that ICS must be enabled for exploitation to be possible.
14. Elevation of Privilege - Windows Win32k (CVE-2023-35631) - High [408]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management. | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00048, EPSS Percentile is 0.14272 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2023-35633 is an elevation of privilege vulnerability in Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35632 is an elevation of privilege vulnerability in Windows Ancillary Function Driver (AFD) for Winsock. The driver connects a computer to the internet. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2023-36011 and CVE-2023-35631 are elevation of privilege vulnerabilities in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35644 is an elevation of privilege vulnerability in Windows Sysmain Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36005 is an elevation of privilege vulnerability in Windows Telephony Server. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to execute code in the security context of the “NT AUTHORITY\Network Service” account. CVE-2023-36391 is an elevation of privilege vulnerability in the Local Security Authority Subsystem Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36696 is an elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
15. Elevation of Privilege - Windows Win32k (CVE-2023-36011) - High [408]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management. | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00048, EPSS Percentile is 0.14272 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2023-35633 is an elevation of privilege vulnerability in Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35632 is an elevation of privilege vulnerability in Windows Ancillary Function Driver (AFD) for Winsock. The driver connects a computer to the internet. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2023-36011 and CVE-2023-35631 are elevation of privilege vulnerabilities in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35644 is an elevation of privilege vulnerability in Windows Sysmain Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36005 is an elevation of privilege vulnerability in Windows Telephony Server. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to execute code in the security context of the “NT AUTHORITY\Network Service” account. CVE-2023-36391 is an elevation of privilege vulnerability in the Local Security Authority Subsystem Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36696 is an elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
16. 
Memory Corruption - Chromium (CVE-2023-5997) - High [401]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.6 | 10 | EPSS Probability is 0.0018, EPSS Percentile is 0.55365 |
MS PT Extended: CVE-2023-5997 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
17. Memory Corruption - Chromium (CVE-2023-6112) - High [401]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.6 | 10 | EPSS Probability is 0.0018, EPSS Percentile is 0.55365 |
MS PT Extended: CVE-2023-6112 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
18. Memory Corruption - Chromium (CVE-2023-6346) - High [401]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.6 | 10 | EPSS Probability is 0.00208, EPSS Percentile is 0.58793 |
MS PT Extended: CVE-2023-6346 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
19. Memory Corruption - Chromium (CVE-2023-6348) - High [401]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.6 | 10 | EPSS Probability is 0.00229, EPSS Percentile is 0.61115 |
MS PT Extended: CVE-2023-6348 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
20. 
Information Disclosure - Microsoft PowerShell (CVE-2023-36013) - High [400]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | PowerShell or Microsoft PowerShell (formerly Windows PowerShell) is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00069, EPSS Percentile is 0.28605 |
MS PT Extended: CVE-2023-36013 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
21. Elevation of Privilege - Windows Ancillary Function Driver for WinSock (CVE-2023-35632) - Medium [392]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00048, EPSS Percentile is 0.14272 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2023-35633 is an elevation of privilege vulnerability in Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35632 is an elevation of privilege vulnerability in Windows Ancillary Function Driver (AFD) for Winsock. The driver connects a computer to the internet. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2023-36011 and CVE-2023-35631 are elevation of privilege vulnerabilities in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35644 is an elevation of privilege vulnerability in Windows Sysmain Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36005 is an elevation of privilege vulnerability in Windows Telephony Server. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to execute code in the security context of the “NT AUTHORITY\Network Service” account. CVE-2023-36391 is an elevation of privilege vulnerability in the Local Security Authority Subsystem Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36696 is an elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
22. Elevation of Privilege - Windows Cloud Files Mini Filter Driver (CVE-2023-36696) - Medium [392]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00048, EPSS Percentile is 0.14272 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2023-35633 is an elevation of privilege vulnerability in Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35632 is an elevation of privilege vulnerability in Windows Ancillary Function Driver (AFD) for Winsock. The driver connects a computer to the internet. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2023-36011 and CVE-2023-35631 are elevation of privilege vulnerabilities in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35644 is an elevation of privilege vulnerability in Windows Sysmain Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36005 is an elevation of privilege vulnerability in Windows Telephony Server. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to execute code in the security context of the “NT AUTHORITY\Network Service” account. CVE-2023-36391 is an elevation of privilege vulnerability in the Local Security Authority Subsystem Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36696 is an elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Tenable: CVE-2023-36696 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Tenable: CVE-2023-36696 is an EoP vulnerability in the Microsoft Windows Cloud Files Mini Filter Driver (cldflt.sys). It was assigned a CVSSv3 score of 7.8 and is rated as important and “Exploitation More Likely.” An attacker could exploit this vulnerability as part of post-compromise activity to elevate privileges to SYSTEM.
23. Remote Code Execution - Microsoft USBHUB 3.0 Device Driver (CVE-2023-35629) - Medium [392]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft USBHUB 3.0 Device Driver | |
| 0.7 | 10 | CVSS Base Score is 6.8. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00113, EPSS Percentile is 0.44743 |
24. 
Denial of Service - Microsoft Defender (CVE-2023-36010) - Medium [389]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Anti-malware component of Microsoft Windows | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00069, EPSS Percentile is 0.28482 |
25. Memory Corruption - Chromium (CVE-2023-6347) - Medium [389]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.5 | 10 | EPSS Probability is 0.00175, EPSS Percentile is 0.54729 |
MS PT Extended: CVE-2023-6347 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
26. Memory Corruption - Chromium (CVE-2023-6350) - Medium [389]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.5 | 10 | EPSS Probability is 0.00175, EPSS Percentile is 0.54769 |
MS PT Extended: CVE-2023-6350 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
27. Memory Corruption - Chromium (CVE-2023-6351) - Medium [389]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.5 | 10 | EPSS Probability is 0.00175, EPSS Percentile is 0.54769 |
MS PT Extended: CVE-2023-6351 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
28. Memory Corruption - Chromium (CVE-2023-6508) - Medium [389]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.5 | 10 | EPSS Probability is 0.00127, EPSS Percentile is 0.47292 |
MS PT Extended: CVE-2023-6508 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
29. Memory Corruption - Chromium (CVE-2023-6509) - Medium [389]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.5 | 10 | EPSS Probability is 0.00127, EPSS Percentile is 0.47292 |
MS PT Extended: CVE-2023-6509 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
30. Memory Corruption - Chromium (CVE-2023-6510) - Medium [389]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.5 | 10 | EPSS Probability is 0.00127, EPSS Percentile is 0.47292 |
MS PT Extended: CVE-2023-6510 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
31. 
Security Feature Bypass - Chromium (CVE-2023-6511) - Medium [389]
Description: Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.4 | 10 | CVSS Base Score is 4.3. According to NVD data source | |
| 0.4 | 10 | EPSS Probability is 0.00108, EPSS Percentile is 0.43449 |
MS PT Extended: CVE-2023-6511 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
32. Information Disclosure - Microsoft Outlook (CVE-2023-35636) - Medium [379]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.6 | 14 | Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft 365 software suites | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00106, EPSS Percentile is 0.42684 |
ZDI: CVE-2023-35636 – Microsoft Outlook Information Disclosure Vulnerability. This Outlook bug does not have a Preview Pane attack vector. However, if exploited, the vulnerability allows the disclosure of NTLM hashes. These hashes could be used to spoof other users and gain further access within an enterprise. Earlier this year, Microsoft called a similar bug Elevation of Privilege (EoP) rather than Info Disclosure. Regardless of how you categorize it, threat actors find these types of bugs enticing and use them frequently.
33. Information Disclosure - Microsoft Edge (CVE-2023-36880) - Medium [376]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Web browser | |
| 0.5 | 10 | CVSS Base Score is 4.8. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00063, EPSS Percentile is 0.25172 |
MS PT Extended: CVE-2023-36880 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
34. Information Disclosure - DHCP Server Service (CVE-2023-35643) - Medium [374]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.5 | 14 | DHCP Server Service | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00114, EPSS Percentile is 0.44855 |
35. Denial of Service - Windows Kernel (CVE-2023-35635) - Medium [370]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.9 | 14 | Windows Kernel | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00058, EPSS Percentile is 0.22655 |
36. Information Disclosure - Microsoft Edge (CVE-2023-38174) - Medium [364]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Web browser | |
| 0.4 | 10 | CVSS Base Score is 4.3. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00063, EPSS Percentile is 0.25172 |
MS PT Extended: CVE-2023-38174 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
37. 
Spoofing - Windows DPAPI (Data Protection Application Programming Interface) (CVE-2023-36004) - Medium [347]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00091, EPSS Percentile is 0.38131 |
38. 
Cross Site Scripting - Dynamics 365 (CVE-2023-36020) - Medium [345]
Description: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.8 | 15 | Cross Site Scripting | |
| 0.5 | 14 | Product detected by a:microsoft:dynamics_365 (exists in CPE dict) | |
| 0.8 | 10 | CVSS Base Score is 7.6. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.1592 |
39. Information Disclosure - Microsoft Word (CVE-2023-36009) - Medium [343]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.6 | 14 | Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product. | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00052, EPSS Percentile is 0.18086 |
40. Elevation of Privilege - Azure Connected Machine Agent (CVE-2023-35624) - Medium [342]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Azure Connected Machine Agent | |
| 0.7 | 10 | CVSS Base Score is 7.3. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00053, EPSS Percentile is 0.185 |
41. Elevation of Privilege - Local Security Authority Subsystem Service (CVE-2023-36391) - Medium [342]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Local Security Authority Subsystem Service | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00048, EPSS Percentile is 0.14272 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2023-35633 is an elevation of privilege vulnerability in Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35632 is an elevation of privilege vulnerability in Windows Ancillary Function Driver (AFD) for Winsock. The driver connects a computer to the internet. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2023-36011 and CVE-2023-35631 are elevation of privilege vulnerabilities in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35644 is an elevation of privilege vulnerability in Windows Sysmain Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36005 is an elevation of privilege vulnerability in Windows Telephony Server. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to execute code in the security context of the “NT AUTHORITY\Network Service” account. CVE-2023-36391 is an elevation of privilege vulnerability in the Local Security Authority Subsystem Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36696 is an elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
42. Elevation of Privilege - Windows 10 1809 (CVE-2023-35644) - Medium [342]
Description: Windows Sysmain Service
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Product detected by o:microsoft:windows_10_1809 (exists in CPE dict) | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00048, EPSS Percentile is 0.14272 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2023-35633 is an elevation of privilege vulnerability in Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35632 is an elevation of privilege vulnerability in Windows Ancillary Function Driver (AFD) for Winsock. The driver connects a computer to the internet. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2023-36011 and CVE-2023-35631 are elevation of privilege vulnerabilities in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35644 is an elevation of privilege vulnerability in Windows Sysmain Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36005 is an elevation of privilege vulnerability in Windows Telephony Server. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to execute code in the security context of the “NT AUTHORITY\Network Service” account. CVE-2023-36391 is an elevation of privilege vulnerability in the Local Security Authority Subsystem Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36696 is an elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
43. Denial of Service - DHCP Server Service (CVE-2023-35638) - Medium [339]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.5 | 14 | DHCP Server Service | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00069, EPSS Percentile is 0.28482 |
44. Denial of Service - Microsoft Dynamics 365 Finance and Operations (CVE-2023-35621) - Medium [339]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.5 | 14 | Microsoft Dynamics 365 Finance and Operations | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00069, EPSS Percentile is 0.28482 |
45. Spoofing - Chromium (CVE-2023-6512) - Medium [335]
Description: Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
| 0.4 | 10 | EPSS Probability is 0.00086, EPSS Percentile is 0.35836 |
MS PT Extended: CVE-2023-6512 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
46. Spoofing - Windows DNS (CVE-2023-35622) - Medium [335]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00073, EPSS Percentile is 0.30009 |
47. Information Disclosure - DHCP Server Service (CVE-2023-36012) - Medium [326]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.5 | 14 | DHCP Server Service | |
| 0.5 | 10 | CVSS Base Score is 5.3. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00063, EPSS Percentile is 0.25172 |
48. Incorrect Calculation - AMD Processor (CVE-2023-20588) - Medium [322]
Description: {'ms_cve_data_all': 'AMD: CVE-2023-20588 AMD Speculative Leaks Security Notice', 'nvd_cve_data_all': ' A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.\xa0 ', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': '\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.\xa0\n\n\n\n\n\n\n\n', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Incorrect Calculation | |
| 0.9 | 14 | Processor | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
| 0.1 | 10 | EPSS Probability is 0.00048, EPSS Percentile is 0.1422 |
Qualys: AMD: CVE-2023-20588 AMD Speculative Leaks Security Notice The vulnerability was first discovered in August 2023. As per AMD Security Bulletin, “This is a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality.” Microsoft has addressed the flaw in the Security Update Guide because the latest builds of Windows enable mitigation and provide protection against the vulnerability.
Tenable: Microsoft patched 33 CVEs in its December 2023 Patch Tuesday release, with four rated critical and 29 rated as important. Our count omitted CVE-2023-20588, a CVE assigned by AMD to address speculative leaks in some AMD processors. A separate advisory from AMD is available with more information on the vulnerability.
Rapid7: This month’s lone zero-day vulnerability is CVE-2023-20588, which describes a potential information disclosure due to a flaw in certain AMD processor models as listed on the AMD advisory. AMD states that a divide-by-zero on these processor models could potentially return speculative data. AMD believes the potential impact of the vulnerability is low since local access is required; however, Microsoft ranks severity as important under its own proprietary severity scale. The vulnerability is patched at the OS level in all supported versions of Windows, even as far back as Windows Server 2008 for Azure-hosted assets participating in the Extended Security Update (ESU) program.
49. Denial of Service - Internet Connection Sharing (ICS) (CVE-2023-35642) - Medium [315]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.5 | 14 | Internet Connection Sharing (ICS) | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00059, EPSS Percentile is 0.22985 |
50. Spoofing - Microsoft Power Platform Connector (CVE-2023-36019) - Medium [309]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.5 | 14 | Microsoft Power Platform Connector | |
| 1.0 | 10 | CVSS Base Score is 9.6. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00073, EPSS Percentile is 0.30009 |
Qualys: CVE-2023-36019: Microsoft Power Platform Connector Spoofing Vulnerability Microsoft Power Platform connector is a proxy or wrapper around an API that allows users to communicate with the underlying service of Microsoft Power Automate, Microsoft Power Apps, and Azure Logic Apps. It enables users to link their accounts and create apps and processes using a library of prebuilt actions and triggers. To exploit the vulnerability, an attacker must convince a user to click on a specially crafted URL that can be compromised by the attacker.
Tenable: Microsoft’s December 2023 Patch Tuesday Addresses 33 CVEs (CVE-2023-36019)
Tenable: CVE-2023-36019 | Microsoft Power Platform Connector Spoofing Vulnerability
Tenable: CVE-2023-36019 is a spoofing vulnerability in the Microsoft Power Platform Connector. It was assigned a CVSSv3 score of 9.6 and is rated “Exploitation Less Likely” according to Microsoft’s Exploitability Index. This vulnerability relates to custom connectors, specifically the per-connector redirect URI. Microsoft says that an attacker could exploit this vulnerability to spoof a legitimate link or file to direct a victim to a malicious link or application.
Tenable: CVE-2023-36019 shares some similarities in areas of research into Microsoft Power Platform conducted by researchers here at Tenable. In July, Tenable Research disclosed a vulnerability allowing unauthorized access to cross-tenant applications in Microsoft Power Platform. The issue was reported to Microsoft, who implemented solutions to address the issue. Additional vulnerabilities affecting Microsoft Power Apps were also reported to Microsoft earlier this year, including stored cross-site scripting (XSS) and multiple input-validation vulnerabilities. For more information on vulnerabilities discovered by Tenable, please review our Tenable Research Advisories.
ZDI: CVE-2023-36019 – Microsoft Power Platform Connector Spoofing Vulnerability. This is the highest-rated CVSS this month at 9.6 and acts more like a code execution bug than a spoofing bug. The vulnerability exists on the web server. However, if an affected system follows a specially crafted link, a malicious script will execute on the client’s browser. Microsoft also notified affected users of this bug via the Microsoft 365 Admin Center. If you’re running the Admin Center, be sure to read the bulletin for full details.
51. Information Disclosure - Azure Machine Learning Compute Instance for SDK Users (CVE-2023-35625) - Medium [302]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.5 | 14 | Azure Machine Learning Compute Instance for SDK Users | |
| 0.5 | 10 | CVSS Base Score is 4.7. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00048, EPSS Percentile is 0.14272 |
52. Spoofing - Microsoft Edge (CVE-2023-36026) - Medium [288]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Web browser | |
| 0.4 | 10 | CVSS Base Score is 4.3. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00063, EPSS Percentile is 0.25172 |
MS PT Extended: CVE-2023-36026 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
53. Spoofing - Microsoft Outlook for Mac (CVE-2023-35619) - Medium [250]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.5 | 14 | Microsoft Outlook for Mac | |
| 0.5 | 10 | CVSS Base Score is 5.3. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00063, EPSS Percentile is 0.25172 |
Incorrect Calculation (1)MS PT Extended: CVE-2023-6345 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
Elevation of Privilege (1)Remote Code Execution (9)Qualys: CVE-2023-35628: Windows MSHTML Platform Remote Code Execution Vulnerability Windows MSHTML is a browser engine that renders web pages frequently connected to Internet Explorer. Even though the Internet Explorer (IE) 11 desktop application has reached the end of support, MSHTML vulnerabilities are still relevant today and are being patched by Microsoft. An attacker may exploit the vulnerability by sending a specially crafted email, which triggers when it is retrieved and processed by the Outlook client. The vulnerability can be exploited even BEFORE the email is viewed in the Preview Pane. An attacker may use complex memory-shaping techniques to attack affected instances.
Tenable: CVE-2023-35628 | Windows MSHTML Platform Remote Code Execution Vulnerability
Tenable: CVE-2023-35628 is a RCE vulnerability affecting the Windows MSHTML platform. The vulnerability was assigned a CVSSv3 score of 8.1 and is rated as “Exploitation More Likely.” According to Microsoft, an attacker could exploit this vulnerability by sending a specifically crafted email which will automatically be processed when it is retrieved by Microsoft Outlook. Exploitation occurs before the email is viewed in the Preview Pane. While this is a critical vulnerability, Microsoft does note that successful exploitation would require the attacker to use “complex memory shaping techniques,” which may limit the successful use of this vulnerability to very skilled attackers.
Rapid7: CVE-2023-35628 describes a critical RCE vulnerability in the MSHTML proprietary browser engine still used by Outlook, among others, to render HTML content. Of particular note: the most concerning exploitation scenario leads to exploitation as soon as Outlook retrieves and processes the specially crafted malicious email. This means that exploitation could occur before the user interacts with the email in any way; not even the Preview Pane is required in this scenario. Other attack vectors exist: the user could also click a malicious link received via email, instant message, or other medium. Assets where Internet Explorer 11 has been fully disabled are still vulnerable until patched; the MSHTML engine remains installed within Windows regardless of the status of IE11.
ZDI: CVE-2023-35628 – Windows MSHTML Platform Remote Code Execution Vulnerability. This patch corrects a bug that could allow a remote, unauthenticated attacker to execute arbitrary code on affected systems just by sending a specially crafted e-mail to the target. This usually means the Preview Pane is an attack vector, but that’s not the case here. Instead, the code execution occurs when Outlook retrieves and processes the mail, which occurs BEFORE the Preview Pane. No doubt ransomware gangs will attempt to create a reliable exploit for this vulnerability. They may run into some problems as exploitation does require memory-shaping techniques.
MS PT Extended: CVE-2023-36008 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
Qualys: CVE-2023-35630: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability Internet Connection Sharing (ICS) is a Windows service that enables one Internet-connected computer to share its Internet connection with other computers on a local area network (LAN). An attacker can only attack systems connected to the same network segment as them. Attacks cannot be carried out across multiple networks (such as a WAN). To exploit this vulnerability, an attacker must modify an option->length field in a DHCPv6 DHCPV6_MESSAGE_INFORMATION_REQUEST input message.
Qualys: CVE-2023-35641: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability An attacker can only attack systems connected to the same network segment as them. Attacks cannot be carried out across multiple networks (for example, a WAN). An attacker may exploit this vulnerability by sending a specially crafted DHCP message to a server that runs the Internet Connection Sharing service.
Tenable: CVE-2023-35641 and CVE-2023-35630 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
Tenable: CVE-2023-35641 and CVE-2023-35630 are RCE vulnerabilities affecting the Internet Connection Sharing service in Windows, a service that allows an internet connected device to share its connection with other devices on a local area network. Both vulnerabilities were assigned CVSSv3 scores of 8.8 and a maximum severity rating of critical.
Tenable: Exploitation of CVE-2023-35641, which Microsoft rated as “Exploitation More Likely,” can be achieved by sending a specially crafted DHCP message to a server running the ICS service. Exploitation of CVE-2023-35630, which Microsoft rated as “Exploitation Less Likely,” requires an attacker to modify the length field in a DHCPv6 message. Both of these vulnerabilities are credited to researchers at Kunlun Lab and an anonymous researcher.
Rapid7: This month also brings patches for a pair of critical RCE vulnerabilities in Internet Connection Sharing. CVE-2023-35630 and CVE-2023-35641 share a number of similarities: a base CVSS v3.1 score of 8.8, Microsoft critical severity ranking, low attack complexity, and presumably execution in SYSTEM context on the target machine, although the advisories do not specify execution context. Description of the exploitation method does differ between the two, however.
Rapid7: CVE-2023-35630 requires the attacker to modify an option->length field in a DHCPv6 DHCPV6_MESSAGE_INFORMATION_REQUEST input message. Exploitation of CVE-2023-35641 is also via a maliciously crafted DHCP message to an ICS server, but the advisory gives no further clues.
Rapid7: A broadly similar ICS vulnerability in September 2023 led to RCE in a SYSTEM context on the ICS server. In all three cases, a mitigating factor is the requirement for the attack to be launched from the same network segment as the ICS server. It seems improbable that either of this month’s ICS vulnerabilities are exploitable against a target on which ICS is not running; Microsoft did not explicitly deny the possibility, but a subsequent update to the advisory for CVE-2023-35641 does clarify that exploitation requires that ICS is enabled.
Rapid7: 2023-12-14: Microsoft updated the advisory for CVE-2023-35641 to confirm that ICS must be enabled for exploitation to be possible.
Elevation of Privilege (10)MS PT Extended: CVE-2023-35618 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
Qualys: Other Microsoft Vulnerability Highlights CVE-2023-35633 is an elevation of privilege vulnerability in Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35632 is an elevation of privilege vulnerability in Windows Ancillary Function Driver (AFD) for Winsock. The driver connects a computer to the internet. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2023-36011 and CVE-2023-35631 are elevation of privilege vulnerabilities in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35644 is an elevation of privilege vulnerability in Windows Sysmain Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36005 is an elevation of privilege vulnerability in Windows Telephony Server. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to execute code in the security context of the “NT AUTHORITY\Network Service” account. CVE-2023-36391 is an elevation of privilege vulnerability in the Local Security Authority Subsystem Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36696 is an elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Qualys: Other Microsoft Vulnerability Highlights CVE-2023-35633 is an elevation of privilege vulnerability in Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35632 is an elevation of privilege vulnerability in Windows Ancillary Function Driver (AFD) for Winsock. The driver connects a computer to the internet. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2023-36011 and CVE-2023-35631 are elevation of privilege vulnerabilities in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35644 is an elevation of privilege vulnerability in Windows Sysmain Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36005 is an elevation of privilege vulnerability in Windows Telephony Server. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to execute code in the security context of the “NT AUTHORITY\Network Service” account. CVE-2023-36391 is an elevation of privilege vulnerability in the Local Security Authority Subsystem Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36696 is an elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Qualys: Other Microsoft Vulnerability Highlights CVE-2023-35633 is an elevation of privilege vulnerability in Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35632 is an elevation of privilege vulnerability in Windows Ancillary Function Driver (AFD) for Winsock. The driver connects a computer to the internet. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2023-36011 and CVE-2023-35631 are elevation of privilege vulnerabilities in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35644 is an elevation of privilege vulnerability in Windows Sysmain Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36005 is an elevation of privilege vulnerability in Windows Telephony Server. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to execute code in the security context of the “NT AUTHORITY\Network Service” account. CVE-2023-36391 is an elevation of privilege vulnerability in the Local Security Authority Subsystem Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36696 is an elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Qualys: Other Microsoft Vulnerability Highlights CVE-2023-35633 is an elevation of privilege vulnerability in Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35632 is an elevation of privilege vulnerability in Windows Ancillary Function Driver (AFD) for Winsock. The driver connects a computer to the internet. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2023-36011 and CVE-2023-35631 are elevation of privilege vulnerabilities in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35644 is an elevation of privilege vulnerability in Windows Sysmain Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36005 is an elevation of privilege vulnerability in Windows Telephony Server. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to execute code in the security context of the “NT AUTHORITY\Network Service” account. CVE-2023-36391 is an elevation of privilege vulnerability in the Local Security Authority Subsystem Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36696 is an elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Qualys: Other Microsoft Vulnerability Highlights CVE-2023-35633 is an elevation of privilege vulnerability in Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35632 is an elevation of privilege vulnerability in Windows Ancillary Function Driver (AFD) for Winsock. The driver connects a computer to the internet. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2023-36011 and CVE-2023-35631 are elevation of privilege vulnerabilities in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35644 is an elevation of privilege vulnerability in Windows Sysmain Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36005 is an elevation of privilege vulnerability in Windows Telephony Server. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to execute code in the security context of the “NT AUTHORITY\Network Service” account. CVE-2023-36391 is an elevation of privilege vulnerability in the Local Security Authority Subsystem Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36696 is an elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Tenable: CVE-2023-36696 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Tenable: CVE-2023-36696 is an EoP vulnerability in the Microsoft Windows Cloud Files Mini Filter Driver (cldflt.sys). It was assigned a CVSSv3 score of 7.8 and is rated as important and “Exploitation More Likely.” An attacker could exploit this vulnerability as part of post-compromise activity to elevate privileges to SYSTEM.
Qualys: Other Microsoft Vulnerability Highlights CVE-2023-35633 is an elevation of privilege vulnerability in Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35632 is an elevation of privilege vulnerability in Windows Ancillary Function Driver (AFD) for Winsock. The driver connects a computer to the internet. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2023-36011 and CVE-2023-35631 are elevation of privilege vulnerabilities in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35644 is an elevation of privilege vulnerability in Windows Sysmain Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36005 is an elevation of privilege vulnerability in Windows Telephony Server. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to execute code in the security context of the “NT AUTHORITY\Network Service” account. CVE-2023-36391 is an elevation of privilege vulnerability in the Local Security Authority Subsystem Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36696 is an elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Qualys: Other Microsoft Vulnerability Highlights CVE-2023-35633 is an elevation of privilege vulnerability in Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35632 is an elevation of privilege vulnerability in Windows Ancillary Function Driver (AFD) for Winsock. The driver connects a computer to the internet. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2023-36011 and CVE-2023-35631 are elevation of privilege vulnerabilities in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35644 is an elevation of privilege vulnerability in Windows Sysmain Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36005 is an elevation of privilege vulnerability in Windows Telephony Server. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to execute code in the security context of the “NT AUTHORITY\Network Service” account. CVE-2023-36391 is an elevation of privilege vulnerability in the Local Security Authority Subsystem Service. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36696 is an elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Memory Corruption (10)MS PT Extended: CVE-2023-6346 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
MS PT Extended: CVE-2023-6508 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
MS PT Extended: CVE-2023-6510 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
MS PT Extended: CVE-2023-6509 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
MS PT Extended: CVE-2023-6351 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
MS PT Extended: CVE-2023-6112 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
MS PT Extended: CVE-2023-6348 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
MS PT Extended: CVE-2023-5997 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
MS PT Extended: CVE-2023-6350 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
MS PT Extended: CVE-2023-6347 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
Information Disclosure (8)MS PT Extended: CVE-2023-36013 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
ZDI: CVE-2023-35636 – Microsoft Outlook Information Disclosure Vulnerability. This Outlook bug does not have a Preview Pane attack vector. However, if exploited, the vulnerability allows the disclosure of NTLM hashes. These hashes could be used to spoof other users and gain further access within an enterprise. Earlier this year, Microsoft called a similar bug Elevation of Privilege (EoP) rather than Info Disclosure. Regardless of how you categorize it, threat actors find these types of bugs enticing and use them frequently.
MS PT Extended: CVE-2023-38174 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
MS PT Extended: CVE-2023-36880 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
Denial of Service (5)Security Feature Bypass (1)MS PT Extended: CVE-2023-6511 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
Spoofing (6)MS PT Extended: CVE-2023-6512 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
Qualys: CVE-2023-36019: Microsoft Power Platform Connector Spoofing Vulnerability Microsoft Power Platform connector is a proxy or wrapper around an API that allows users to communicate with the underlying service of Microsoft Power Automate, Microsoft Power Apps, and Azure Logic Apps. It enables users to link their accounts and create apps and processes using a library of prebuilt actions and triggers. To exploit the vulnerability, an attacker must convince a user to click on a specially crafted URL that can be compromised by the attacker.
Tenable: Microsoft’s December 2023 Patch Tuesday Addresses 33 CVEs (CVE-2023-36019)
Tenable: CVE-2023-36019 | Microsoft Power Platform Connector Spoofing Vulnerability
Tenable: CVE-2023-36019 is a spoofing vulnerability in the Microsoft Power Platform Connector. It was assigned a CVSSv3 score of 9.6 and is rated “Exploitation Less Likely” according to Microsoft’s Exploitability Index. This vulnerability relates to custom connectors, specifically the per-connector redirect URI. Microsoft says that an attacker could exploit this vulnerability to spoof a legitimate link or file to direct a victim to a malicious link or application.
Tenable: CVE-2023-36019 shares some similarities in areas of research into Microsoft Power Platform conducted by researchers here at Tenable. In July, Tenable Research disclosed a vulnerability allowing unauthorized access to cross-tenant applications in Microsoft Power Platform. The issue was reported to Microsoft, who implemented solutions to address the issue. Additional vulnerabilities affecting Microsoft Power Apps were also reported to Microsoft earlier this year, including stored cross-site scripting (XSS) and multiple input-validation vulnerabilities. For more information on vulnerabilities discovered by Tenable, please review our Tenable Research Advisories.
ZDI: CVE-2023-36019 – Microsoft Power Platform Connector Spoofing Vulnerability. This is the highest-rated CVSS this month at 9.6 and acts more like a code execution bug than a spoofing bug. The vulnerability exists on the web server. However, if an affected system follows a specially crafted link, a malicious script will execute on the client’s browser. Microsoft also notified affected users of this bug via the Microsoft 365 Admin Center. If you’re running the Admin Center, be sure to read the bulletin for full details.
MS PT Extended: CVE-2023-36026 was published before December 2023 Patch Tuesday from 2023-11-15 to 2023-12-11
Cross Site Scripting (1)Incorrect Calculation (1)Qualys: AMD: CVE-2023-20588 AMD Speculative Leaks Security Notice The vulnerability was first discovered in August 2023. As per AMD Security Bulletin, “This is a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality.” Microsoft has addressed the flaw in the Security Update Guide because the latest builds of Windows enable mitigation and provide protection against the vulnerability.
Tenable: Microsoft patched 33 CVEs in its December 2023 Patch Tuesday release, with four rated critical and 29 rated as important. Our count omitted CVE-2023-20588, a CVE assigned by AMD to address speculative leaks in some AMD processors. A separate advisory from AMD is available with more information on the vulnerability.
Rapid7: This month’s lone zero-day vulnerability is CVE-2023-20588, which describes a potential information disclosure due to a flaw in certain AMD processor models as listed on the AMD advisory. AMD states that a divide-by-zero on these processor models could potentially return speculative data. AMD believes the potential impact of the vulnerability is low since local access is required; however, Microsoft ranks severity as important under its own proprietary severity scale. The vulnerability is patched at the OS level in all supported versions of Windows, even as far back as Windows Server 2008 for Azure-hosted assets participating in the Extended Security Update (ESU) program.