Reference |
Description |
Vendor Severity |
CVSS Score |
Publicly Aware |
Weaponised |
Countermeasure |
Additional Information |
CVE-2023-21674 |
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability |
Important |
8.8 |
No |
Yes |
No |
Scope = Changed / Jump Point = True |
|
A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges. |
CVE-2023-21549 |
Windows Workstation Service Elevation of Privilege Vulnerability |
Important |
8.8 |
Yes |
No |
No |
An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to privileged accounts only. |
CVE-2023-21561 |
Microsoft Cryptographic Services Elevation of Privilege Vulnerability |
Critical |
8.8 |
No |
No |
No |
Scope = Changed / Jump Point = True |
CVE-2023-21732 |
Microsoft ODBC Driver Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
CVE-2023-21744 |
Microsoft SharePoint Server Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
In a network-based attack an attacker would need to have the privileges to create a page on a vulnerable SharePoint server. By creating a site using specific code, the attacker could execute code remotely on the target server. |
CVE-2023-21742 |
Microsoft SharePoint Server Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
In a network-based attack, an authenticated attacker as at least a Site Member could execute code remotely on the SharePoint Server. |
CVE-2023-21681 |
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
CVE-2023-21676 |
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
CVE-2023-21543 |
Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability |
Critical |
8.1 |
No |
No |
No |
|
CVE-2023-21546 |
Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability |
Critical |
8.1 |
No |
No |
No |
|
CVE-2023-21555 |
Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability |
Critical |
8.1 |
No |
No |
No |
|
CVE-2023-21556 |
Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability |
Critical |
8.1 |
No |
No |
No |
|
CVE-2023-21679 |
Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability |
Critical |
8.1 |
No |
No |
No |
|
CVE-2023-21535 |
Windows Secure Socket Tunnelling Protocol (SSTP) Remote Code Execution Vulnerability |
Critical |
8.1 |
No |
No |
No |
|
CVE-2023-21548 |
Windows Secure Socket Tunnelling Protocol (SSTP) Remote Code Execution Vulnerability |
Critical |
8.1 |
No |
No |
No |
|
CVE-2023-21762 |
Microsoft Exchange Server Spoofing Vulnerability |
Important |
8 |
No |
No |
No |
This vulnerability’s attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment. |
CVE-2023-21745 |
Microsoft Exchange Server Spoofing Vulnerability |
Important |
8 |
No |
No |
No |
|
CVE-2023-21551 |
Microsoft Cryptographic Services Elevation of Privilege Vulnerability |
Critical |
7.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
|
Identified by Microsoft Offensive Research and Security Engineering (MORSE). |
CVE-2023-21730 |
Windows Cryptographic Services Remote Code Execution Vulnerability |
Critical |
7.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21780 |
3D Builder Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
These updates are not available immediately and will be provided shortly. |
CVE-2023-21781 |
3D Builder Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
These updates are not available immediately and will be provided shortly. |
CVE-2023-21782 |
3D Builder Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
These updates are not available immediately and will be provided shortly. |
CVE-2023-21784 |
3D Builder Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
These updates are not available immediately and will be provided shortly. |
CVE-2023-21786 |
3D Builder Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
These updates are not available immediately and will be provided shortly. |
CVE-2023-21791 |
3D Builder Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
These updates are not available immediately and will be provided shortly. |
CVE-2023-21793 |
3D Builder Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
These updates are not available immediately and will be provided shortly. |
CVE-2023-21783 |
3D Builder Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
These updates are not available immediately and will be provided shortly. |
CVE-2023-21785 |
3D Builder Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
These updates are not available immediately and will be provided shortly. |
CVE-2023-21787 |
3D Builder Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
These updates are not available immediately and will be provided shortly. |
CVE-2023-21788 |
3D Builder Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
These updates are not available immediately and will be provided shortly. |
CVE-2023-21789 |
3D Builder Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
These updates are not available immediately and will be provided shortly. |
CVE-2023-21790 |
3D Builder Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
These updates are not available immediately and will be provided shortly. |
CVE-2023-21792 |
3D Builder Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
These updates are not available immediately and will be provided shortly. |
CVE-2023-21724 |
Microsoft DWM Core Library Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21764 |
Microsoft Exchange Server Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21763 |
Microsoft Exchange Server Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21537 |
Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21734 |
Microsoft Office Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
|
CVE-2023-21735 |
Microsoft Office Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
|
CVE-2023-21736 |
Microsoft Office Visio Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
|
CVE-2023-21737 |
Microsoft Office Visio Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
|
CVE-2023-21768 |
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21726 |
Windows Credential Manager User Interface Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21558 |
Windows Error Reporting Service Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. |
CVE-2023-21552 |
Windows GDI Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
|
Exploitation More Likely |
CVE-2023-21755 |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21754 |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
|
CVE-2023-21747 |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
|
CVE-2023-21748 |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
|
CVE-2023-21749 |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
|
CVE-2023-21772 |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
|
CVE-2023-21773 |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
|
CVE-2023-21774 |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
|
CVE-2023-21675 |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21524 |
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
|
CVE-2023-21746 |
Windows NTLM Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21767 |
Windows Overlay Filter Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21765 |
Windows Print Spooler Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21678 |
Windows Print Spooler Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21541 |
Windows Task Scheduler Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
Exploitation More Likely |
CVE-2023-21680 |
Windows Win32k Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
|
|
CVE-2023-21538 |
.NET Denial of Service Vulnerability |
Important |
7.5 |
No |
No |
No |
|
CVE-2023-21547 |
Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability |
Important |
7.5 |
No |
No |
No |
|
CVE-2023-21761 |
Microsoft Exchange Server Information Disclosure Vulnerability |
Important |
7.5 |
No |
No |
No |
|
CVE-2023-21539 |
Windows Authentication Remote Code Execution Vulnerability |
Important |
7.5 |
No |
No |
No |
|
CVE-2023-21683 |
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability |
Important |
7.5 |
No |
No |
No |
|
CVE-2023-21677 |
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability |
Important |
7.5 |
No |
No |
No |
|
CVE-2023-21758 |
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability |
Important |
7.5 |
No |
No |
No |
|
CVE-2023-21527 |
Windows iSCSI Service Denial of Service Vulnerability |
Important |
7.5 |
No |
No |
No |
|
CVE-2023-21757 |
Windows Layer 2 Tunnelling Protocol (L2TP) Denial of Service Vulnerability |
Important |
7.5 |
No |
No |
No |
|
CVE-2023-21557 |
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
Important |
7.5 |
No |
No |
No |
|
CVE-2023-21728 |
Windows Net logon Denial of Service Vulnerability |
Important |
7.5 |
No |
No |
No |
|
CVE-2023-21779 |
Visual Studio Code Remote Code Execution Vulnerability |
Important |
7.3 |
No |
No |
No |
|
CVE-2023-21741 |
Microsoft Office Visio Information Disclosure Vulnerability |
Important |
7.1 |
No |
No |
No |
|
CVE-2023-21738 |
Microsoft Office Visio Remote Code Execution Vulnerability |
Important |
7.1 |
No |
No |
No |
|
CVE-2023-21752 |
Windows Backup Service Elevation of Privilege Vulnerability |
Important |
7.1 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21750 |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
7.1 |
No |
No |
No |
|
CVE-2023-21760 |
Windows Print Spooler Elevation of Privilege Vulnerability |
Important |
7.1 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21531 |
Azure Service Fabric Container Elevation of Privilege Vulnerability |
Important |
7 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could elevate their privileges and gain control over the Service Fabric cluster. This vulnerability does not allow the attacker to elevate privileges outside of the compromised cluster. |
CVE-2023-21733 |
Windows Bind Filter Driver Elevation of Privilege Vulnerability |
Important |
7 |
No |
No |
No |
|
CVE-2023-21739 |
Windows Bluetooth Driver Elevation of Privilege Vulnerability |
Important |
7 |
No |
No |
No |
|
CVE-2023-21532 |
Windows GDI Elevation of Privilege Vulnerability |
Important |
7 |
No |
No |
No |
Exploitation More Likely |
CVE-2023-21542 |
Windows Installer Elevation of Privilege Vulnerability |
Important |
7 |
No |
No |
No |
|
CVE-2023-21771 |
Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability |
Important |
7 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21563 |
BitLocker Security Feature Bypass Vulnerability |
Important |
6.8 |
No |
No |
No |
A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data. |
CVE-2023-21560 |
Windows Boot Manager Security Feature Bypass Vulnerability |
Important |
6.6 |
No |
No |
No |
A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data. |
CVE-2023-21725 |
Microsoft Windows Defender Elevation of Privilege Vulnerability |
Important |
6.3 |
No |
No |
No |
|
CVE-2023-21559 |
Windows Cryptographic Services Information Disclosure Vulnerability |
Important |
6.2 |
No |
No |
No |
|
CVE-2023-21753 |
Event Tracing for Windows Information Disclosure Vulnerability |
Important |
5.5 |
No |
No |
No |
|
CVE-2023-21540 |
Windows Cryptographic Information Disclosure Vulnerability |
Important |
5.5 |
No |
No |
No |
|
CVE-2023-21550 |
Windows Cryptographic Information Disclosure Vulnerability |
Important |
5.5 |
No |
No |
No |
|
CVE-2023-21776 |
Windows Kernel Information Disclosure Vulnerability |
Important |
5.5 |
No |
No |
No |
|
CVE-2023-21743 |
Microsoft SharePoint Server Security Feature Bypass Vulnerability |
Critical |
5.3 |
No |
No |
No |
Exploitation More Likely |
CVE-2023-21525 |
Windows Encrypting File System (EFS) Denial of Service Vulnerability |
Important |
5.3 |
No |
No |
No |
|
CVE-2023-21682 |
Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability |
Important |
5.3 |
No |
No |
No |
|
CVE-2023-21536 |
Event Tracing for Windows Information Disclosure Vulnerability |
Important |
4.7 |
No |
No |
No |
|
CVE-2023-21766 |
Windows Overlay Filter Information Disclosure Vulnerability |
Important |
4.7 |
No |
No |
No |
|
CVE-2023-21759 |
Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability |
Important |
3.3 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain access to data related to FIDO keys managed on a vulnerable system. |