Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Microsoft Azure Vulnerabilities
September 13, 2023
Rewterz
Rewterz Threat Advisory – CVE-2023-36766 – Microsoft Excel Vulnerability
September 13, 2023

Rewterz Threat Advisory – Multiple Microsoft Visual Studio Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-36793 CVSS: 7.8

Microsoft Visual Studio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-36759 CVSS: 6.7

Microsoft Visual Studio could allow a local authenticated attacker to gain elevated privileges on the system. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to obtain SYSTEM privileges.

CVE-2023-36742 CVSS: 7.8

Microsoft Visual Studio Code could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-36796 CVSS: 7.8

Microsoft Visual Studio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to execute a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-36794 CVSS: 7.8

Microsoft Visual Studio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-36758 CVSS: 7.8

Microsoft Visual Studio could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially crafted program, an attacker could exploit this vulnerability to obtain SYSTEM privileges.

CVE-2023-36792 CVSS: 7.8

Microsoft Visual Studio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

  • Code Execution
  • Privilege Escalation

Indicators Of Compromise

CVE

  • CVE-2023-36793
  • CVE-2023-36759
  • CVE-2023-36742
  • CVE-2023-36796
  • CVE-2023-36794
  • CVE-2023-36758
  • CVE-2023-36792

Affected Vendors

Microsoft

Affected Products

  • Microsoft Visual Studio Code
  • Microsoft Visual Studio 2022 17.6
  • Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems SP1
  • Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems (Server Core installation) SP1
  • Microsoft .NET Framework 4.8 on Windows Server 2012
  • Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)
  • Microsoft Visual Studio 2019 16.11
  • Microsoft Visual Studio 2017 15.9
  • Microsoft .NET 6.0
  • Microsoft Visual Studio 2022 17.2
  • Microsoft .NET 7.0
  • Microsoft Visual Studio 2022 17.4
  • Microsoft Visual Studio 2015 Update 3
  • Microsoft Visual Studio 2022 17.7
  • Microsoft Visual Studio 2013 Update

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2023-36793

CVE-2023-36759

CVE-2023-36742

CVE-2023-36796

CVE-2023-36794

CVE-2023-36758

CVE-2023-36792