Microsoft releases 130 fixes this month including 10 Critical and 5 CVSS Rated over 9.0
There are 10 Critical and 120 Important severity fixes this month. Microsoft Windows, Components, Office and Office Components, .NET and Visual Studio, Azure Active Directory and DevOps, Microsoft Dynamics, Printer Drivers, DNS Server and Remote Desktop have all received fixes this month.
An additional Microsoft zero-day vulnerability was released overnight. More details on that vulnerability and the Syxsense remediation can be found here.
Robert Brown, Head of Customer Success for Syxsense, said, “We have 5 patches that resolve vulnerabilities which have a CVSS score of more than 9 (Critical), and if you count all the individual CVSS scores together, July has a combined CVSS score of 861.7 up from 500.2 last month. The average CVSS score was 7.2, which indicates a lot of very high profile and important updates were fixed in this release.”
Based on the Vendor Severity & CVSS Score, we have made a few recommendations below. As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as testing is complete.
CVE-2023-32049 – Windows SmartScreen Security Feature Bypass Vulnerability
This vulnerability was found by the Microsoft Threat Intelligence team. The attacker would be able to bypass the Open File – Security Warning prompt.
Note: The vulnerability is being weaponized.
Syxscore
- Vendor Severity: Important
- CVSS: 8.8
- Weaponized: Yes
- Public Aware: No
- Countermeasure: No
Syxscore Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: None
- User Interaction: Required
- Scope (Jump Point): Unchanged / No
CVE-2023-35311 – Microsoft Outlook Security Feature Bypass Vulnerability
This vulnerability impacts Microsoft Outlook and the user would have to click on a specially crafted URL or email to be compromised by the attacker. The Preview Pane is an attack vector, but additional user interaction is required.
Note: The vulnerability is being weaponized.
Syxscore
- Vendor Severity: Important
- CVSS: 8.8
- Weaponized: Yes
- Public Aware: No
- Countermeasure: No
Syxscore Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: None
- User Interaction: Required
- Scope (Jump Point): Unchanged / No
CVE-2023-33150 – Microsoft Office Security Feature Bypass Vulnerability
In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.
Note: The vulnerability has a Jump Point. In this case, successful exploitation of this vulnerability would allow an attacker to escape the Office Protected View.
Syxscore
- Vendor Severity: Important
- CVSS: 9.6
- Weaponized: No
- Public Aware: No
- Countermeasure: No
Syxscore Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: Low
- User Interaction: Required
- Scope (Jump Point): Changed / Yes
| Reference | Description | Vendor Severity | CVSS Score | Weaponized | Publicly Aware | Countermeasure | Additional Details | Impact | Exploitability Assessment |
| CVE-2023-32049 | Windows SmartScreen Security Feature Bypass Vulnerability | Important | 8.8 | Yes | No | Security Feature Bypass | Exploitation Detected | ||
| CVE-2023-35311 | Microsoft Outlook Security Feature Bypass Vulnerability | Important | 8.8 | Yes | No | Security Feature Bypass | Exploitation Detected | ||
| CVE-2023-32046 | Windows MSHTML Platform Elevation of Privilege Vulnerability | Important | 7.8 | Yes | No | Elevation of Privilege | Exploitation Detected | ||
| CVE-2023-36874 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Important | 7.8 | Yes | No | Elevation of Privilege | Exploitation Detected | ||
| CVE-2023-33150 | Microsoft Office Security Feature Bypass Vulnerability | Important | 9.6 | No | No |
Scope = Changed, Jump Point = True Successful exploitation of this vulnerability would allow an attacker to escape the Office Protected View. |
Security Feature Bypass | Exploitation Less Likely | |
| CVE-2023-32038 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-33134 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation More Likely | ||
| CVE-2023-33159 | Microsoft SharePoint Server Spoofing Vulnerability | Important | 8.8 | No | No | Spoofing | Exploitation Less Likely | ||
| CVE-2023-35300 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.8 | No | No | The authenticated attacker could take advantage of this vulnerability to execute malicious code through the RPC runtime. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2023-35302 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important | 8.8 | No | No |
Option 1 – Disable the Print Spooler service If disabling the Print Spooler service is appropriate for your enterprise, use the following PowerShell commands: Stop-Service -Name Spooler -Force Impact of workaround Disabling the Print Spooler service disables the ability to print both locally and remotely. Option 2 – Disable inbound remote printing through Group Policy You can also configure the settings via Group Policy as follows: Computer Configuration / Administrative Templates / Printers Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks. You must restart the Print Spooler service for the group policy to take effect. |
Remote Code Execution | Exploitation Less Likely | |
| CVE-2023-35303 | USB Audio Class System Driver Remote Code Execution Vulnerability | Important | 8.8 | No | No | Elevation of Privilege | Exploitation Less Likely | ||
| CVE-2023-35322 | Windows Deployment Services Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-35333 | MediaWiki PandocUpload Extension Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-35364 | Windows Kernel Elevation of Privilege Vulnerability | Important | 8.8 | No | No |
Scope = Changed, Jump Point = True In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. |
Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-29347 | Windows Admin Center Spoofing Vulnerability | Important | 8.7 | No | No |
Scope = Changed, Jump Point = True The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. |
Spoofing | Exploitation Less Likely | |
| CVE-2023-33171 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important | 8.2 | No | No |
Scope = Changed, Jump Point = True The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. |
Spoofing | Exploitation Less Likely | |
| CVE-2023-35335 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important | 8.2 | No | No |
Scope = Changed, Jump Point = True The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. |
Spoofing | Exploitation Less Likely | |
| CVE-2023-33127 | .NET and Visual Studio Elevation of Privilege Vulnerability | Important | 8.1 | No | No | Elevation of Privilege | Exploitation Less Likely | ||
| CVE-2023-33170 | ASP.NET and Visual Studio Security Feature Bypass Vulnerability | Important | 8.1 | No | No | Security Feature Bypass | Exploitation Less Likely | ||
| CVE-2023-21756 | Windows Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-32047 | Paint 3D Remote Code Execution Vulnerability | Important | 7.8 | No | No | Remote Code Execution | Exploitation Unlikely | ||
| CVE-2023-32051 | Raw Image Extension Remote Code Execution Vulnerability | Important | 7.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-32053 | Windows Installer Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-32056 | Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-33148 | Microsoft Office Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to local clients only. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-33149 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important | 7.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-33154 | Windows Partition Management Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-33155 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-33158 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-33161 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-35299 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-35304 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-35305 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-35312 | Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain administrator privileges. | Elevation of Privilege | Exploitation More Likely | |
| CVE-2023-35317 | Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain administrator privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-35320 | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-35323 | Windows OLE Remote Code Execution Vulnerability | Important | 7.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-35328 | Windows Transaction Manager Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-35337 | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-35340 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No |
Scope = Changed, Jump Point = True In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. |
Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-35342 | Windows Image Acquisition Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-35343 | Windows Geolocation Service Remote Code Execution Vulnerability | Important | 7.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-35353 | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-35356 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-35357 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-35358 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-35362 | Windows Clip Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-35363 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-35374 | Paint 3D Remote Code Execution Vulnerability | Important | 7.8 | No | No |
You can check the package version in PowerShell: Get-AppxPackage -Name Microsoft.MSPaint |
Remote Code Execution | Exploitation Less Likely | |
| CVE-2023-36867 | Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability | Important | 7.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-32044 | Microsoft Message Queuing Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2023-32045 | Microsoft Message Queuing Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2023-32084 | HTTP.sys Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2023-33163 | Windows Network Load Balancing Remote Code Execution Vulnerability | Important | 7.5 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-35298 | HTTP.sys Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2023-35309 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important | 7.5 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-35325 | Windows Print Spooler Information Disclosure Vulnerability | Important | 7.5 | No | No | Information Disclosure | Exploitation Less Likely | ||
| CVE-2023-35330 | Windows Extended Negotiation Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2023-35338 | Windows Peer Name Resolution Protocol Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2023-35339 | Windows CryptoAPI Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2023-35348 | Active Directory Federation Service Security Feature Bypass Vulnerability | Important | 7.5 | No | No | Scope = Changed, Jump Point = True | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2023-21526 | Windows Netlogon Information Disclosure Vulnerability | Important | 7.4 | No | No | An attacker who successfully exploited this vulnerability could intercept and potentially modify traffic between client and server systems. | Information Disclosure | Exploitation More Likely | |
| CVE-2023-32054 | Volume Shadow Copy Elevation of Privilege Vulnerability | Important | 7.3 | No | No | Elevation of Privilege | Exploitation Less Likely | ||
| CVE-2023-35350 | Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability | Important | 7.2 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-35347 | Microsoft Store Install Service Elevation of Privilege Vulnerability | Important | 7.1 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-32050 | Windows Installer Elevation of Privilege Vulnerability | Important | 7.0 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-33152 | Microsoft ActiveX Remote Code Execution Vulnerability | Important | 7.0 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-35360 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.0 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-35361 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.0 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-32043 | Windows Remote Desktop Security Feature Bypass Vulnerability | Important | 6.8 | No | No | Security Feature Bypass | Exploitation Less Likely | ||
| CVE-2023-33153 | Microsoft Outlook Remote Code Execution Vulnerability | Important | 6.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-35332 | Windows Remote Desktop Protocol Security Feature Bypass | Important | 6.8 | No | No | Security Feature Bypass | Exploitation Less Likely | ||
| CVE-2023-32055 | Active Template Library Elevation of Privilege Vulnerability | Important | 6.7 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-35313 | Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability | Important | 6.7 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-32033 | Microsoft Failover Cluster Remote Code Execution Vulnerability | Important | 6.6 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-35310 | Windows DNS Server Remote Code Execution Vulnerability | Important | 6.6 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-35344 | Windows DNS Server Remote Code Execution Vulnerability | Important | 6.6 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-35345 | Windows DNS Server Remote Code Execution Vulnerability | Important | 6.6 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-35346 | Windows DNS Server Remote Code Execution Vulnerability | Important | 6.6 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-32034 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important | 6.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2023-32035 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important | 6.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2023-32037 | Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability | Important | 6.5 | No | No | Information Disclosure | Exploitation Less Likely | ||
| CVE-2023-32042 | OLE Automation Information Disclosure Vulnerability | Important | 6.5 | No | No | Information Disclosure | Exploitation Less Likely | ||
| CVE-2023-32083 | Microsoft Failover Cluster Information Disclosure Vulnerability | Important | 6.5 | No | No | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | Information Disclosure | Exploitation Less Likely | |
| CVE-2023-33151 | Microsoft Outlook Spoofing Vulnerability | Important | 6.5 | No | No | Spoofing | Exploitation Less Likely | ||
| CVE-2023-33164 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important | 6.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2023-33166 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important | 6.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2023-33167 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important | 6.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2023-33168 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important | 6.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2023-33169 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important | 6.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2023-33172 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important | 6.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2023-33173 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important | 6.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2023-35296 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important | 6.5 | No | No | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | Information Disclosure | Exploitation Less Likely | |
| CVE-2023-35308 | Windows MSHTML Platform Security Feature Bypass Vulnerability | Important | 6.5 | No | No | Security Feature Bypass | Exploitation Less Likely | ||
| CVE-2023-35316 | Remote Procedure Call Runtime Information Disclosure Vulnerability | Important | 6.5 | No | No | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | Information Disclosure | Exploitation Less Likely | |
| CVE-2023-35318 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important | 6.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2023-35319 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important | 6.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2023-35321 | Windows Deployment Services Denial of Service Vulnerability | Important | 6.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2023-35329 | Windows Authentication Denial of Service Vulnerability | Important | 6.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2023-35331 | Windows Local Security Authority (LSA) Denial of Service Vulnerability | Important | 6.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2023-35336 | Windows MSHTML Platform Security Feature Bypass Vulnerability | Important | 6.5 | No | No | Security Feature Bypass | Exploitation Less Likely | ||
| CVE-2023-35351 | Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability | Important | 6.5 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-36868 | Azure Service Fabric on Windows Information Disclosure Vulnerability | Important | 6.5 | No | No | Information Disclosure | Exploitation Less Likely | ||
| CVE-2023-36871 | Azure Active Directory Security Feature Bypass Vulnerability | Important | 6.5 | No | No | Security Feature Bypass | N/A | ||
| CVE-2023-33156 | Microsoft Defender Elevation of Privilege Vulnerability | Important | 6.3 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2023-35341 | Microsoft DirectMusic Information Disclosure Vulnerability | Important | 6.2 | No | No | Information Disclosure | Exploitation Less Likely | ||
| CVE-2023-32039 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. | Information Disclosure | Exploitation Less Likely | |
| CVE-2023-32040 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. | Information Disclosure | Exploitation Less Likely | |
| CVE-2023-32041 | Windows Update Orchestrator Service Information Disclosure Vulnerability | Important | 5.5 | No | No | Information Disclosure | Exploitation Less Likely | ||
| CVE-2023-32085 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | Information Disclosure | Exploitation Less Likely | |
| CVE-2023-33162 | Microsoft Excel Information Disclosure Vulnerability | Important | 5.5 | No | No | Information Disclosure | Exploitation Less Likely | ||
| CVE-2023-33174 | Windows Cryptographic Information Disclosure Vulnerability | Important | 5.5 | No | No | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | Information Disclosure | Exploitation Less Likely | |
| CVE-2023-35306 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. | Information Disclosure | Exploitation Less Likely | |
| CVE-2023-35324 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | Information Disclosure | Exploitation Less Likely | |
| CVE-2023-35326 | Windows CDP User Components Information Disclosure Vulnerability | Important | 5.5 | No | No | Information Disclosure | Exploitation Less Likely | ||
| CVE-2023-36872 | VP9 Video Extensions Information Disclosure Vulnerability | Important | 5.5 | No | No | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | Information Disclosure | Exploitation Less Likely | |
| CVE-2023-32052 | Microsoft Power Apps Spoofing Vulnerability | Important | 5.4 | No | No | Spoofing | Exploitation Less Likely | ||
| CVE-2023-35314 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important | 5.3 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2023-35373 | Mono Authenticode Validation Spoofing Vulnerability | Important | 5.3 | No | No | Spoofing | Exploitation Less Likely | ||
| CVE-2023-33165 | Microsoft SharePoint Server Security Feature Bypass Vulnerability | Important | 4.3 | No | No | Security Feature Bypass | Exploitation Less Likely |
