Multiple vulnerabilities in Microsoft Windows Kernel



Published: 2023-09-12
Risk Low
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2023-38150
CVE-2023-36803
CVE-2023-38139
CVE-2023-38140
CVE-2023-38141
CVE-2023-38142
CWE-ID CWE-264
CWE-200
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
Windows
Operating systems & Components / Operating system

Windows Server
Operating systems & Components / Operating system

Vendor Microsoft

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU80661

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2023-38150

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Kernel, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 10 - 11 22H2

CPE2.3 External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38150


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Information disclosure

EUVDB-ID: #VU80666

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2023-36803

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in Windows Kernel. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 10 - 11 22H2

Windows Server: 2016 - 2022 20H2

CPE2.3 External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36803


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU80665

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2023-38139

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Kernel, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 10 - 11 22H2

Windows Server: 2008 - 2022 20H2

CPE2.3 External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38139


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Information disclosure

EUVDB-ID: #VU80664

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2023-38140

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in Windows Kernel. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 10 - 11 22H2

Windows Server: 2016 - 2022 20H2

CPE2.3 External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38140


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU80663

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2023-38141

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Kernel, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 10 - 11 22H2

Windows Server: 2008 - 2022 20H2

CPE2.3 External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38141


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU80662

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2023-38142

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Kernel, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 10 - 11 22H2

Windows Server: 2008 - 2022 20H2

CPE2.3 External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38142


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###