Microsoft General Update Vulnerabilities

  1. Current Security Vulnerability Reports
  2. Archive
  3. Microsoft General Update Vulnerabilities

Microsoft General Update Vulnerabilities

On 11th of July, Microsoft has released a report for the following vulnerabilities.

Microsoft General Update Vulnerabilities

Webpage hyperlinks and CVE codes can be found below for the relevant vulnerability. Please check the links below for more information, recommended solutions and mitigations.

Affected Systems

Remote Procedure Call Runtime Remote Code Execution Vulnerability - CVE-2023-35300 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35300 https://nvd.nist.gov/vuln/detail/CVE-2023-35300

Windows Kernel Elevation of Privilege Vulnerability - CVE-2023-35305 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35305 https://nvd.nist.gov/vuln/detail/CVE-2023-35305

Windows Deployment Services Remote Code Execution Vulnerability - CVE-2023-35322 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35322 https://nvd.nist.gov/vuln/detail/CVE-2023-35322

Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability - CVE-2023-35317 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35317 https://nvd.nist.gov/vuln/detail/CVE-2023-35317

Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability - CVE-2023-35315 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35315 https://nvd.nist.gov/vuln/detail/CVE-2023-35315

Windows OCSP SnapIn Remote Code Execution Vulnerability - CVE-2023-35313 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35313 https://nvd.nist.gov/vuln/detail/CVE-2023-35313

Windows Common Log File System Driver Elevation of Privilege Vulnerability - CVE-2023-35299 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35299 https://nvd.nist.gov/vuln/detail/CVE-2023-35299

Windows Installer Elevation of Privilege Vulnerability - CVE-2023-32053 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32053 https://nvd.nist.gov/vuln/detail/CVE-2023-32053

Windows SmartScreen Security Feature Bypass Vulnerability - CVE-2023-32049 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32049 https://nvd.nist.gov/vuln/detail/CVE-2023-32049

Windows MSHTML Platform Elevation of Privilege Vulnerability - CVE-2023-32046 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32046 https://nvd.nist.gov/vuln/detail/CVE-2023-32046

Windows Win32k Elevation of Privilege Vulnerability - CVE-2023-21756 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21756 https://nvd.nist.gov/vuln/detail/CVE-2023-21756

Windows Netlogon Information Disclosure Vulnerability - CVE-2023-21526 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21526 https://nvd.nist.gov/vuln/detail/CVE-2023-21526

Windows Server Service Security Feature Bypass Vulnerability - CVE-2023-32022 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32022 https://nvd.nist.gov/vuln/detail/CVE-2023-32022

Windows RRAS Remote Code Execution Vulnerability - CVE-2023-35367 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35367 https://nvd.nist.gov/vuln/detail/CVE-2023-35367

Windows Error Reporting Service Elevation of Privilege Vulnerability - CVE-2023-36874 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36874 https://nvd.nist.gov/vuln/detail/CVE-2023-36874

Windows Active Directory Certificate Services Remote Code Execution Vulnerability - CVE-2023-35350 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35350 https://nvd.nist.gov/vuln/detail/CVE-2023-35350

Windows Geolocation Service Remote Code Execution Vulnerability - CVE-2023-35343 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35343 https://nvd.nist.gov/vuln/detail/CVE-2023-35343

Windows CryptoAPI Denial of Service Vulnerability - CVE-2023-35339 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35339 https://nvd.nist.gov/vuln/detail/CVE-2023-35339

Windows Peer Name Resolution Protocol Denial of Service Vulnerability - CVE-2023-35338 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35338 https://nvd.nist.gov/vuln/detail/CVE-2023-35338

Windows Extended Negotiation Denial of Service Vulnerability - CVE-2023-35330 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35330 https://nvd.nist.gov/vuln/detail/CVE-2023-35330

IoC’s

-

Recommended Solution(s)

-

Mitigations

Please check the provided links for the each vulnerability.

CVE / CWE

CVE-2023-35300 / CVE-2023-35322 / CVE-2023-35317 / CVE-2023-35315 / CVE-2023-35313 / CVE-2023-35305 / CVE-2023-35299 / CVE-2023-32053 / CVE-2023-32049 / CVE-2023-32046 / CVE-2023-21756 / CVE-2023-21526 / CVE-2023-32022 / CVE-2023-35367 / CVE-2023-36874 / CVE-2023-35350 / CVE-2023-35343 / CVE-2023-35339 / CVE-2023-35338 / CVE-2023-35330

Related Website(s)

-

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.

Current Security Vulnerability Reports

Current Security Vulnerability Reports
SolarWinds Serv-U Remote Code Execution Vulnerability

21/07/2021
Current Security Vulnerability Reports
Microsoft Exchange Server Remote Code Execution Vulnerability-34473

21/07/2021
Current Security Vulnerability Reports
Microsoft Exchange Server Remote Code Execution Vulnerability-31206

21/07/2021
Current Security Vulnerability Reports
VMware VCenter Remote Code Execution Vulnerability

26/05/2021
Current Security Vulnerability Reports
Microsoft Exchange Server Remote Code Execution Vulnerabilities

14/04/2021
Current Security Vulnerability Reports
March 2021 Microsoft Exchange 0-Day Reports

03/03/2021
Current Security Vulnerability Reports
Spectre Vulnerability Exploitation

03/03/2021
Current Security Vulnerability Reports
Masslogger Phishing Campaign

19/02/2021
Current Security Vulnerability Reports
SolarWinds: Raindrop Malware

20/01/2021
Current Security Vulnerability Reports
SolarWinds Orion API Authentication Bypass Vulnerability

28/12/2020
Current Security Vulnerability Reports
SolarWinds Sunburst Attack Campaign

22/12/2020
Current Security Vulnerability Reports
StrongPity Watering Hole

07/07/2020
Current Security Vulnerability Reports
Microsoft SMBv3 Compression Vulnerability

11/03/2020
Current Security Vulnerability Reports
Critical Microsoft Vulnerability – March 2020

11/03/2020
Current Security Vulnerability Reports
MS Exchange Validation Key Remote Code Execution Vulnerability

28/02/2020
İSTANBUL

+90 216 504 53 30

+90 216 504 53 32

info@barikat.com.tr

Aydınevler Mahallesi,İsmet İnönü Cadddesi,Küçükyalı Ofis Park A Blok,No:20/1 Maltepe İstanbul

ANKARA

+90 312 235 44 41

+90 312 235 44 51

info@barikat.com.tr

Mustafa Kemal Mahallesi, Dumlupınar Bulvarı No:164, Kentpark Ofis, Kat:4 Daire:06 Çankaya, 06510 Ankara, Turkey

AMSTERDAM

+90 216 504 53 30

+90 216 504 53 32

info@barikatbv.com

Millenium Tower Floor 29, Radarweg 29 1045 XN Amsterdam, Netherlands

VULNERABILITY NEWSLETTER

You can register to our newsletter on the home page to be instantly informed about security vulnerabilities.

Barikat Cyber Security

© 2021 Barikat Cyber Security All rights reserved.