March 24, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2023-24892 – CVE-2023-23384 – Microsoft SQL Server Vulnerability
March 16, 2023Rewterz Threat Advisory – CVE-2023-23397 – Microsoft Outlook Vulnerability
March 16, 2023Rewterz Threat Advisory – CVE-2023-24892 – CVE-2023-23384 – Microsoft SQL Server Vulnerability
March 16, 2023Rewterz Threat Advisory – CVE-2023-23397 – Microsoft Outlook Vulnerability
March 16, 2023
Severity
High
Analysis Summary
CVE-2023-24859 CVSS:7.5
Microsoft Excel is vulnerable to a denial of service, caused by a flaw in the Internet Key Exchange (IKE) Extension. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-23399 CVSS:7.8
Microsoft Excel could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-23398 CVSS:7.1
Microsoft Excel could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass security features to cause an impact on confidentiality, integrity and availability.
CVE-2023-23396 CVSS:5.5
Microsoft Excel is vulnerable to a denial of service. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Impact
- Code Execution
- Denial of Service
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-24859
- CVE-2023-23399
- CVE-2023-23398
- CVE-2023-23396
Affected Vendors
Microsoft
Affected Products
- Microsoft Windows Server 2012
- Microsoft Windows Server 2016
- Microsoft Windows Server version 20H2
- Microsoft Windows 10 20H2 for 32-bit Systems
- Microsoft Windows 10 20H2 for ARM64-based Systems
- Microsoft Windows Server (Server Core installation) 2012 R2
- Microsoft Windows Server (Server Core installation) 2016
- Microsoft Windows Server for X64-based systems 2008 R2 SP1
- Microsoft Windows Server for X64-based systems (Server Core installation) 2008 SP2
- Microsoft Windows Server for 32-bit systems (Server Core installation) 2008 SP2
- Microsoft Windows Server for 32-bit systems 2008 SP2
- Microsoft Windows Server for X64-based systems (Server Core installation) 2008 R2 SP1
- Microsoft Windows 10 21H1 for 32-bit Systems
- Microsoft Windows 10 21H1 for ARM64-based Systems
- Microsoft Windows 10 21H1 for x64-based Systems
- Microsoft Windows Server for X64-based systems 2008 SP2
- Microsoft Windows 10 21H2 for 32-bit Systems
- Microsoft Windows 10 21H2 for ARM64-based Systems
- Microsoft Office Online Server
- Microsoft Office 2019 x32
- Microsoft Office 2019 x64
- Microsoft Office 2019 Mac
- Microsoft SharePoint Server 2019
- Microsoft 365 Apps for Enterprise x32
- Microsoft 365 Apps for Enterprise x64
- Microsoft Office LTSC 2021 x32
- Microsoft Office LTSC 2021 x64
- Microsoft Office LTSC for Mac 2021
- Microsoft Windows Server (Server Core installation) 20H2
- Microsoft Excel 2013 SP1 x32
- Microsoft Excel 2013 SP1 x64
- Microsoft Excel 2013 SP1 RT
- Microsoft Excel 2016 x32
- Microsoft Excel 2016 x64
- Microsoft Excel 2016 Click-to-Run x32
- Microsoft Excel 2016 Click-to-Run x64
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.