Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
May 10, 2023
Rewterz
Rewterz Threat Advisory – ICS: Multiple Siemens Products Vulnerabilities
May 10, 2023

Rewterz Threat Advisory – Multiple Microsoft Windows Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-24904 CVSS:7.1

Microsoft Windows Server could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Installer component. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-29324 CVSS:7.5

Microsoft Windows could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Windows Scripting component. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-24949 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel component. By executing a specially crafted program, an attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-24944 CVSS:6.5

Microsoft Windows could allow a remote attacker within the local network to obtain sensitive information, caused by a flaw in the Bluetooth Driver component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain Kernel memory and use this information to launch further attacks against the affected system.

CVE-2023-24905 CVSS:7.8

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in Remote Desktop Client component. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-24902 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Win32k component. An attacker could exploit this vulnerability to gain SYSTEM level privileges.

CVE-2023-24946 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Backup Service component. By executing a specially crafted program, an attacker could exploit this vulnerability to obtain SYSTEM privileges.

CVE-2023-24943 CVSS:9.8

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Pragmatic General Multicast (PGM) component. By using a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-24945 CVSS:5.5

Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the iSCSI Target Service component. By executing a specially crafted program, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2023-29343 CVSS:7.8

Microsoft Windows SysInternals Sysmon could allow a local authenticated attacker to gain elevated privileges on the system. An authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.

CVE-2023-24940 CVSS:7.5

Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Pragmatic General Multicast (PGM) component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-24899 CVSS:7

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Graphics component. By winning a race condition, an attacker could exploit this vulnerability to obtain limited SYSTEM privileges.

CVE-2023-24947 CVSS:8.8

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Bluetooth Driver component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-28251 CVSS:5.5

Microsoft Windows could allow a local authenticated attacker to bypass security restrictions, caused by a flaw in the Driver Revocation List component. An attacker could exploit this vulnerability to bypass the revocation list feature and obtain access.

CVE-2023-24903 CVSS:8.1

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Secure Socket Tunneling Protocol (SSTP) component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-24898 CVSS:7.5

Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the SMB component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-24932 CVSS:7.2

Microsoft Windows could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the Secure Boot component. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass authentication and obtain administrative access.

CVE-2023-24942 CVSS:7.5

Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Remote Procedure Call Runtime component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-29325 CVSS:8.1

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the OLE component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-28290 CVSS:5.5

Microsoft Windows could allow a remote attacker to obtain sensitive information, caused by a flaw in the Remote Desktop Protocol Client component. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2023-24900 CVSS:5.9

Microsoft Windows could allow a remote attacker to obtain sensitive information, caused by a flaw in the NTLM Security Support Provider component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2023-24941 CVSS:9.8

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Network File System component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-28283 CVSS:8.1

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Lightweight Directory Access Protocol (LDAP) component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

  • Privilege Escalation
  • Information Disclosure
  • Code Execution
  • Denial of Service
  • Security Bypass

Indicators Of Compromise

CVE

  • CVE-2023-24904
  • CVE-2023-29324
  • CVE-2023-24949
  • CVE-2023-24944
  • CVE-2023-24905
  • CVE-2023-24902
  • CVE-2023-24946
  • CVE-2023-24943
  • CVE-2023-24945
  • CVE-2023-29343
  • CVE-2023-24940
  • CVE-2023-24899
  • CVE-2023-24947
  • CVE-2023-28251
  • CVE-2023-24903
  • CVE-2023-24898
  • CVE-2023-24932
  • CVE-2023-24942
  • CVE-2023-29325
  • CVE-2023-28290
  • CVE-2023-24900
  • CVE-2023-24941
  • CVE-2023-28283

Affected Vendors

Microsoft

Affected Products

  • Microsoft Windows Server for X64-based systems 2008 R2 SP1
  • Microsoft Windows Server for X64-based systems (Server Core installation) 2008 SP2
  • Microsoft Windows Server for 32-bit systems (Server Core installation) 2008 SP2
  • Microsoft Windows Server for 32-bit systems 2008 SP2
  • Microsoft Windows 11 22H2 for ARM64-based Systems
  • Microsoft Windows 11 22H2 for x64-based Systems
  • Microsoft Windows 11 21H2 for ARM64-based Systems
  • Microsoft Windows 11 21H2 for x64-based Systems
  • Microsoft Windows Server 2019
  • Microsoft Windows 10 20H2 for 32-bit Systems
  • Microsoft Windows 10 20H2 for ARM64-based Systems
  • Microsoft Windows 10 20H2 for x64-based Systems
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2016
  • Microsoft Windows Sysmon

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2023-24904

CVE-2023-29324

CVE-2023-24949

CVE-2023-24944

CVE-2023-24905

CVE-2023-24902

CVE-2023-24881

CVE-2023-24946

CVE-2023-24943

CVE-2023-24945

CVE-2023-29343

CVE-2023-24940

CVE-2023-24899

CVE-2023-24947