Patch Tuesday Update – October 2023
2023-10-11 05:9:32 Author: securityboulevard.com(查看原文) 阅读量:10 收藏
2023-10-11 05:9:32 Author: securityboulevard.com(查看原文) 阅读量:10 收藏
| CVE/Advisory | Title | Tag | Microsoft Severity Rating | Base Score | Microsoft Impact | Exploited | Publicly Disclosed |
| CVE-2023-35349 | Microsoft Message Queuing Remote Code Execution Vulnerability | Windows Message Queuing | Critical | 9.8 | Remote Code Execution | No | No |
| CVE-2023-36902 | Windows Runtime Remote Code Execution Vulnerability | Windows Client/Server Runtime Subsystem | Important | 7 | Remote Code Execution | No | No |
| CVE-2023-38171 | Microsoft QUIC Denial of Service Vulnerability | Microsoft QUIC | Important | 7.5 | Denial of Service | No | No |
| CVE-2023-36737 | Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | Azure | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-41763 | Skype for Business Elevation of Privilege Vulnerability | Skype for Business | Important | 5.3 | Elevation of Privilege | Yes | Yes |
| CVE-2023-41765 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Windows Layer 2 Tunneling Protocol | Critical | 8.1 | Remote Code Execution | No | No |
| CVE-2023-41766 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | Client Server Run-time Subsystem (CSRSS) | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-41767 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Windows Layer 2 Tunneling Protocol | Critical | 8.1 | Remote Code Execution | No | No |
| CVE-2023-41768 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Windows Layer 2 Tunneling Protocol | Critical | 8.1 | Remote Code Execution | No | No |
| CVE-2023-41769 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Windows Layer 2 Tunneling Protocol | Critical | 8.1 | Remote Code Execution | No | No |
| CVE-2023-41770 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Windows Layer 2 Tunneling Protocol | Critical | 8.1 | Remote Code Execution | No | No |
| CVE-2023-41771 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Windows Layer 2 Tunneling Protocol | Critical | 8.1 | Remote Code Execution | No | No |
| CVE-2023-41772 | Win32k Elevation of Privilege Vulnerability | Windows Win32K | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-41773 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Windows Layer 2 Tunneling Protocol | Critical | 8.1 | Remote Code Execution | No | No |
| CVE-2023-41774 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Windows Layer 2 Tunneling Protocol | Critical | 8.1 | Remote Code Execution | No | No |
| CVE-2023-36732 | Win32k Elevation of Privilege Vulnerability | Windows Win32K | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-36731 | Win32k Elevation of Privilege Vulnerability | Windows Win32K | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-36730 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | SQL Server | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2023-36729 | Named Pipe File System Elevation of Privilege Vulnerability | Windows Named Pipe File System | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-36728 | Microsoft SQL Server Denial of Service Vulnerability | SQL Server | Important | 5.5 | Denial of Service | No | No |
| CVE-2023-36726 | Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability | Windows IKE Extension | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-36725 | Windows Kernel Elevation of Privilege Vulnerability | Windows NT OS Kernel | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-36724 | Windows Power Management Service Information Disclosure Vulnerability | Windows Power Management Service | Important | 5.5 | Information Disclosure | No | No |
| CVE-2023-36723 | Windows Container Manager Service Elevation of Privilege Vulnerability | Windows Container Manager Service | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-36722 | Active Directory Domain Services Information Disclosure Vulnerability | Active Directory Domain Services | Important | 4.4 | Information Disclosure | No | No |
| CVE-2023-36721 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Windows Error Reporting | Important | 7 | Elevation of Privilege | No | No |
| CVE-2023-36720 | Windows Mixed Reality Developer Tools Denial of Service Vulnerability | Windows Mixed Reality Developer Tools | Important | 7.5 | Denial of Service | No | No |
| CVE-2023-36718 | Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability | Windows Virtual Trusted Platform Module | Critical | 7.8 | Remote Code Execution | No | No |
| CVE-2023-36717 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability | Windows TPM | Important | 6.5 | Denial of Service | No | No |
| CVE-2023-36713 | Windows Common Log File System Driver Information Disclosure Vulnerability | Windows Common Log File System Driver | Important | 5.5 | Information Disclosure | No | No |
| CVE-2023-36712 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-36711 | Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | Windows Runtime C++ Template Library | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-36710 | Windows Media Foundation Core Remote Code Execution Vulnerability | Microsoft Windows Media Foundation | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2023-36709 | Microsoft AllJoyn API Denial of Service Vulnerability | Windows AllJoyn API | Important | 7.5 | Denial of Service | No | No |
| CVE-2023-36707 | Windows Deployment Services Denial of Service Vulnerability | Windows Deployment Services | Important | 6.5 | Denial of Service | No | No |
| CVE-2023-36706 | Windows Deployment Services Information Disclosure Vulnerability | Windows Deployment Services | Important | 6.5 | Information Disclosure | No | No |
| CVE-2023-36704 | Windows Setup Files Cleanup Remote Code Execution Vulnerability | Windows Setup Files Cleanup | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2023-36703 | DHCP Server Service Denial of Service Vulnerability | Windows DHCP Server | Important | 7.5 | Denial of Service | No | No |
| CVE-2023-36702 | Microsoft DirectMusic Remote Code Execution Vulnerability | Windows Microsoft DirectMusic | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2023-36701 | Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability | Windows Resilient File System (ReFS) | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-36698 | Windows Kernel Security Feature Bypass Vulnerability | Windows Kernel | Important | 3.6 | Security Feature Bypass | No | No |
| CVE-2023-36697 | Microsoft Message Queuing Remote Code Execution Vulnerability | Windows Message Queuing | Critical | 6.8 | Remote Code Execution | No | No |
| CVE-2023-36606 | Microsoft Message Queuing Denial of Service Vulnerability | Windows Message Queuing | Important | 7.5 | Denial of Service | No | No |
| CVE-2023-36605 | Windows Named Pipe Filesystem Elevation of Privilege Vulnerability | Windows Named Pipe File System | Important | 7.4 | Elevation of Privilege | No | No |
| CVE-2023-36603 | Windows TCP/IP Denial of Service Vulnerability | Windows TCP/IP | Important | 7.5 | Denial of Service | No | No |
| CVE-2023-36602 | Windows TCP/IP Denial of Service Vulnerability | Windows TCP/IP | Important | 7.5 | Denial of Service | No | No |
| CVE-2023-36598 | Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability | SQL Server | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2023-36596 | Remote Procedure Call Information Disclosure Vulnerability | Windows Remote Procedure Call | Important | 6.5 | Information Disclosure | No | No |
| CVE-2023-36594 | Windows Graphics Component Elevation of Privilege Vulnerability | Microsoft Graphics Component | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-36593 | Microsoft Message Queuing Remote Code Execution Vulnerability | Windows Message Queuing | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2023-36592 | Microsoft Message Queuing Remote Code Execution Vulnerability | Windows Message Queuing | Important | 7.3 | Remote Code Execution | No | No |
| CVE-2023-36591 | Microsoft Message Queuing Remote Code Execution Vulnerability | Windows Message Queuing | Important | 7.3 | Remote Code Execution | No | No |
| CVE-2023-36590 | Microsoft Message Queuing Remote Code Execution Vulnerability | Windows Message Queuing | Important | 7.3 | Remote Code Execution | No | No |
| CVE-2023-36589 | Microsoft Message Queuing Remote Code Execution Vulnerability | Windows Message Queuing | Important | 7.3 | Remote Code Execution | No | No |
| CVE-2023-36585 | Active Template Library Denial of Service Vulnerability | Windows Active Template Library | Important | 7.5 | Denial of Service | No | No |
| CVE-2023-36584 | Windows Mark of the Web Security Feature Bypass Vulnerability | Windows Mark of the Web (MOTW) | Important | 5.4 | Security Feature Bypass | No | No |
| CVE-2023-36583 | Microsoft Message Queuing Remote Code Execution Vulnerability | Windows Message Queuing | Important | 7.3 | Remote Code Execution | No | No |
| CVE-2023-36582 | Microsoft Message Queuing Remote Code Execution Vulnerability | Windows Message Queuing | Important | 7.3 | Remote Code Execution | No | No |
| CVE-2023-36581 | Microsoft Message Queuing Denial of Service Vulnerability | Windows Message Queuing | Important | 7.5 | Denial of Service | No | No |
| CVE-2023-36579 | Microsoft Message Queuing Denial of Service Vulnerability | Windows Message Queuing | Important | 7.5 | Denial of Service | No | No |
| CVE-2023-36578 | Microsoft Message Queuing Remote Code Execution Vulnerability | Windows Message Queuing | Important | 7.3 | Remote Code Execution | No | No |
| CVE-2023-36577 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Microsoft WDAC OLE DB provider for SQL | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2023-36576 | Windows Kernel Information Disclosure Vulnerability | Windows Kernel | Important | 5.5 | Information Disclosure | No | No |
| CVE-2023-36575 | Microsoft Message Queuing Remote Code Execution Vulnerability | Windows Message Queuing | Important | 7.3 | Remote Code Execution | No | No |
| CVE-2023-36574 | Microsoft Message Queuing Remote Code Execution Vulnerability | Windows Message Queuing | Important | 7.3 | Remote Code Execution | No | No |
| CVE-2023-36573 | Microsoft Message Queuing Remote Code Execution Vulnerability | Windows Message Queuing | Important | 7.3 | Remote Code Execution | No | No |
| CVE-2023-36572 | Microsoft Message Queuing Remote Code Execution Vulnerability | Windows Message Queuing | Important | 7.3 | Remote Code Execution | No | No |
| CVE-2023-36571 | Microsoft Message Queuing Remote Code Execution Vulnerability | Windows Message Queuing | Important | 7.3 | Remote Code Execution | No | No |
| CVE-2023-36570 | Microsoft Message Queuing Remote Code Execution Vulnerability | Windows Message Queuing | Important | 7.3 | Remote Code Execution | No | No |
| CVE-2023-36569 | Microsoft Office Elevation of Privilege Vulnerability | Microsoft Office | Important | 8.4 | Elevation of Privilege | No | No |
| CVE-2023-36568 | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | Microsoft Office | Important | 7 | Elevation of Privilege | No | No |
| CVE-2023-36567 | Windows Deployment Services Information Disclosure Vulnerability | Windows Deployment Services | Important | 7.5 | Information Disclosure | No | No |
| CVE-2023-36564 | Windows Search Security Feature Bypass Vulnerability | Microsoft Windows Search Component | Important | 6.5 | Security Feature Bypass | No | No |
| CVE-2023-36563 | Microsoft WordPad Information Disclosure Vulnerability | Microsoft WordPad | Important | 6.5 | Information Disclosure | Yes | Yes |
| CVE-2023-36561 | Azure DevOps Server Elevation of Privilege Vulnerability | Azure DevOps | Important | 7.3 | Elevation of Privilege | No | No |
| CVE-2023-36557 | PrintHTML API Remote Code Execution Vulnerability | Windows HTML Platform | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2023-36438 | Windows TCP/IP Information Disclosure Vulnerability | Windows TCP/IP | Important | 7.5 | Information Disclosure | No | No |
| CVE-2023-36435 | Microsoft QUIC Denial of Service Vulnerability | Microsoft QUIC | Important | 7.5 | Denial of Service | No | No |
| CVE-2023-36434 | Windows IIS Server Elevation of Privilege Vulnerability | Windows IIS | Important | 9.8 | Elevation of Privilege | No | No |
| CVE-2023-36433 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | Microsoft Dynamics | Important | 6.5 | Information Disclosure | No | No |
| CVE-2023-36431 | Microsoft Message Queuing Denial of Service Vulnerability | Windows Message Queuing | Important | 7.5 | Denial of Service | No | No |
| CVE-2023-36429 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | Microsoft Dynamics | Important | 6.5 | Information Disclosure | No | No |
| CVE-2023-36420 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | SQL Server | Important | 7.3 | Remote Code Execution | No | No |
| CVE-2023-36419 | Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege Vulnerability | Azure | Important | 8.8 | Elevation of Privilege | No | No |
| CVE-2023-36417 | Microsoft SQL ODBC Driver Remote Code Execution Vulnerability | SQL Server | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2023-44487 | MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack | HTTP/2 | Important | N/A | Denial of Service | Yes | No |
| CVE-2023-29348 | Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability | Windows RDP | Important | 6.5 | Information Disclosure | No | No |
| CVE-2023-38166 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Windows Layer 2 Tunneling Protocol | Critical | 8.1 | Remote Code Execution | No | No |
| CVE-2023-38159 | Windows Graphics Component Elevation of Privilege Vulnerability | Microsoft Graphics Component | Important | 7 | Elevation of Privilege | No | No |
| CVE-2023-36790 | Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability | Windows RDP | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-36789 | Skype for Business Remote Code Execution Vulnerability | Skype for Business | Important | 7.2 | Remote Code Execution | No | No |
| CVE-2023-36786 | Skype for Business Remote Code Execution Vulnerability | Skype for Business | Important | 7.2 | Remote Code Execution | No | No |
| CVE-2023-36785 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | SQL Server | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2023-36780 | Skype for Business Remote Code Execution Vulnerability | Skype for Business | Important | 7.2 | Remote Code Execution | No | No |
| CVE-2023-36778 | Microsoft Exchange Server Remote Code Execution Vulnerability | Microsoft Exchange Server | Important | 8 | Remote Code Execution | No | No |
| CVE-2023-36776 | Win32k Elevation of Privilege Vulnerability | Windows Win32K | Important | 7 | Elevation of Privilege | No | No |
| CVE-2023-36743 | Win32k Elevation of Privilege Vulnerability | Windows Win32K | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-36566 | Microsoft Common Data Model SDK Denial of Service Vulnerability | Microsoft Common Data Model SDK | Important | 6.5 | Denial of Service | No | No |
| CVE-2023-36565 | Microsoft Office Graphics Elevation of Privilege Vulnerability | Microsoft Office | Important | 7 | Elevation of Privilege | No | No |
| CVE-2023-36436 | Windows MSHTML Platform Remote Code Execution Vulnerability | Windows HTML Platform | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2023-36418 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Azure Real Time Operating System | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2023-36416 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Microsoft Dynamics | Important | 6.1 | Spoofing | No | No |
| CVE-2023-36415 | Azure Identity SDK Remote Code Execution Vulnerability | Azure SDK | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2023-36414 | Azure Identity SDK Remote Code Execution Vulnerability | Azure SDK | Important | 8.8 | Remote Code Execution | No | No |
文章来源: https://securityboulevard.com/2023/10/patch-tuesday-update-october-2023/
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh