April 18, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
May 10, 2023Rewterz Threat Advisory – ICS: Multiple Siemens Products Vulnerabilities
May 10, 2023Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
May 10, 2023Rewterz Threat Advisory – ICS: Multiple Siemens Products Vulnerabilities
May 10, 2023
Severity
High
Analysis Summary
CVE-2023-24904 CVSS:7.1
Microsoft Windows Server could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Installer component. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-29324 CVSS:7.5
Microsoft Windows could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Windows Scripting component. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-24949 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel component. By executing a specially crafted program, an attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-24944 CVSS:6.5
Microsoft Windows could allow a remote attacker within the local network to obtain sensitive information, caused by a flaw in the Bluetooth Driver component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain Kernel memory and use this information to launch further attacks against the affected system.
CVE-2023-24905 CVSS:7.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in Remote Desktop Client component. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-24902 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Win32k component. An attacker could exploit this vulnerability to gain SYSTEM level privileges.
CVE-2023-24946 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Backup Service component. By executing a specially crafted program, an attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-24943 CVSS:9.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Pragmatic General Multicast (PGM) component. By using a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-24945 CVSS:5.5
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the iSCSI Target Service component. By executing a specially crafted program, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-29343 CVSS:7.8
Microsoft Windows SysInternals Sysmon could allow a local authenticated attacker to gain elevated privileges on the system. An authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-24940 CVSS:7.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Pragmatic General Multicast (PGM) component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-24899 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Graphics component. By winning a race condition, an attacker could exploit this vulnerability to obtain limited SYSTEM privileges.
CVE-2023-24947 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Bluetooth Driver component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-28251 CVSS:5.5
Microsoft Windows could allow a local authenticated attacker to bypass security restrictions, caused by a flaw in the Driver Revocation List component. An attacker could exploit this vulnerability to bypass the revocation list feature and obtain access.
CVE-2023-24903 CVSS:8.1
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Secure Socket Tunneling Protocol (SSTP) component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-24898 CVSS:7.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the SMB component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-24932 CVSS:7.2
Microsoft Windows could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the Secure Boot component. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass authentication and obtain administrative access.
CVE-2023-24942 CVSS:7.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Remote Procedure Call Runtime component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-29325 CVSS:8.1
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the OLE component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-28290 CVSS:5.5
Microsoft Windows could allow a remote attacker to obtain sensitive information, caused by a flaw in the Remote Desktop Protocol Client component. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-24900 CVSS:5.9
Microsoft Windows could allow a remote attacker to obtain sensitive information, caused by a flaw in the NTLM Security Support Provider component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-24941 CVSS:9.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Network File System component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-28283 CVSS:8.1
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Lightweight Directory Access Protocol (LDAP) component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Privilege Escalation
- Information Disclosure
- Code Execution
- Denial of Service
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-24904
- CVE-2023-29324
- CVE-2023-24949
- CVE-2023-24944
- CVE-2023-24905
- CVE-2023-24902
- CVE-2023-24946
- CVE-2023-24943
- CVE-2023-24945
- CVE-2023-29343
- CVE-2023-24940
- CVE-2023-24899
- CVE-2023-24947
- CVE-2023-28251
- CVE-2023-24903
- CVE-2023-24898
- CVE-2023-24932
- CVE-2023-24942
- CVE-2023-29325
- CVE-2023-28290
- CVE-2023-24900
- CVE-2023-24941
- CVE-2023-28283
Affected Vendors
Microsoft
Affected Products
- Microsoft Windows Server for X64-based systems 2008 R2 SP1
- Microsoft Windows Server for X64-based systems (Server Core installation) 2008 SP2
- Microsoft Windows Server for 32-bit systems (Server Core installation) 2008 SP2
- Microsoft Windows Server for 32-bit systems 2008 SP2
- Microsoft Windows 11 22H2 for ARM64-based Systems
- Microsoft Windows 11 22H2 for x64-based Systems
- Microsoft Windows 11 21H2 for ARM64-based Systems
- Microsoft Windows 11 21H2 for x64-based Systems
- Microsoft Windows Server 2019
- Microsoft Windows 10 20H2 for 32-bit Systems
- Microsoft Windows 10 20H2 for ARM64-based Systems
- Microsoft Windows 10 20H2 for x64-based Systems
- Microsoft Windows Server 2012
- Microsoft Windows Server 2012 R2
- Microsoft Windows Server 2016
- Microsoft Windows Sysmon
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.
