Posts

Microsoft Security Bulletin Coverage for May 2023

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of May 2023. A list of issues reported, along with SonicWall coverage information, is as follows:

CVE-2023-24902 Win32k Elevation of Privilege Vulnerability
ASPY : 443 Exploit-exe exe.MP_321

CVE-2023-24941 Windows Network File System Remote Code Execution Vulnerability
IPS : 3768 Windows NFS Remote Code Execution (CVE-2023-24941)
IPS : 3826 Windows NFS Remote Code Execution (CVE-2023-24941) 2
IPS : 3836 Windows NFS Remote Code Execution (CVE-2023-24941) 3

CVE-2023-24949 Windows Kernel Elevation of Privilege Vulnerability
ASPY : 444 Exploit-exe exe.MP_322

CVE-2023-24950 Microsoft SharePoint Server Spoofing Vulnerability
IPS : 3769 Microsoft SharePoint Server Spoofing (CVE-2023-24950)

CVE-2023-29324 Windows MSHTML Platform Elevation of Privilege Vulnerability
IPS : 15875 Windows MSHTML Platform Elevation of Privilege (CVE-2023-29324)

CVE-2023-29325 Windows OLE Remote Code Execution Vulnerability
ASPY : 446 Malformed-rtf rtf.MP_33

CVE-2023-29336 Win32k Elevation of Privilege Vulnerability
ASPY : 445 Exploit-exe exe.MP_323

The following vulnerabilities do not have exploits in the wild :
CVE-2023-24881 Microsoft Teams Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-24898 Windows SMB Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-24899 Windows Graphics Component Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-24900 Windows NTLM Security Support Provider Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-24901 Windows NFS Portmapper Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-24903 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24904 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-24905 Remote Desktop Client Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24932 Secure Boot Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-24939 Server for NFS Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-24940 Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-24942 Remote Procedure Call Runtime Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-24943 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24944 Windows Bluetooth Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-24945 Windows iSCSI Target Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-24946 Windows Backup Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-24947 Windows Bluetooth Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24948 Windows Bluetooth Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-24953 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24954 Microsoft SharePoint Server Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-24955 Microsoft SharePoint Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28251 Windows Driver Revocation List Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-28283 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28290 Remote Desktop Protocol Client Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-29333 Microsoft Access Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-29335 Microsoft Word Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-29338 Visual Studio Code Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-29340 AV1 Video Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-29341 AV1 Video Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-29343 SysInternals Sysmon for Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-29344 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.

Microsoft Security Bulletin Coverage for April 2023

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of April 2023. A list of issues reported, along with SonicWall coverage information, is as follows:

CVE-2023-21554 Microsoft Message Queuing Remote Code Execution Vulnerability
IPS 3699: Microsoft Message Queuing RCE (CVE-2023-21554)

CVE-2023-24912 Windows Graphics Component Elevation of Privilege Vulnerability
ASPY 436: Exploit-exe exe.MP_315

CVE-2023-28218 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
ASPY 437: Exploit-exe exe.MP_316

CVE-2023-28219 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
IPS 3701: Windows L2TP Handling RCE (CVE-2023-28219)

CVE-2023-28220 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
IPS 18418: Windows L2TP Handling RCE (CVE-2023-28220)

CVE-2023-28266 Windows Common Log File System Driver Information Disclosure Vulnerability
ASPY 433: Exploit-exe exe.MP_313

CVE-2023-28274 Windows Win32k Elevation of Privilege Vulnerability
ASPY 434: Exploit-exe exe.MP_314

CVE-2023-28252 Windows Common Log File System Driver Elevation of Privilege Vulnerability
This CVE is used in ransomware attacks which is covered by GAV:Nokoyawa.RSM

Adobe Coverage:
CVE-2023-26417 Acrobat Reader arbitrary code execution
ASPY 438: Malformed-pdf pdf.MP_509

CVE-2023-26406 Acrobat Reader security feature bypass
ASPY 435: Malicious-js js.MP_28

The following vulnerabilities do not have exploits in the wild :
CVE-2023-21727 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-21729 Remote Procedure Call Runtime Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-21769 Microsoft Message Queuing Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-23375 Microsoft SQL Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-23384 Microsoft SQL Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24860 Microsoft Defender Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-24883 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-24884 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24885 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24886 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24887 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24893 Visual Studio Code Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24914 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-24924 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24925 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24926 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24927 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24928 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24929 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24931 Windows Secure Channel Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-28216 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28217 Windows Network Address Translation (NAT) Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-28221 Windows Error Reporting Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28222 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28223 Windows Domain Name Service Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28224 Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28225 Windows NTLM Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28226 Windows Enroll Engine Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-28227 Windows Bluetooth Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28228 Windows Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-28229 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28232 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28233 Windows Secure Channel Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-28234 Windows Secure Channel Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-28235 Windows Lock Screen Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-28236 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28237 Windows Kernel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28238 Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28240 Windows Network Load Balancing Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28241 Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-28243 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28244 Windows Kerberos Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28246 Windows Registry Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28247 Windows Network File System Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-28248 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28249 Windows Boot Manager Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-28250 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28251 Windows Driver Revocation List Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-28253 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-28254 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28255 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28256 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28260 .NET DLL Hijacking Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28262 Visual Studio Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28263 Visual Studio Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-28267 Remote Desktop Protocol Client Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-28268 Netlogon RPC Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28269 Windows Boot Manager Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-28270 Windows Lock Screen Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-28271 Windows Kernel Memory Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-28272 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28273 Windows Clip Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28275 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28276 Windows Group Policy Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-28277 Windows DNS Server Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-28278 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28285 Microsoft Office Graphics Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28287 Microsoft Publisher Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28288 Microsoft SharePoint Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-28291 Raw Image Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28292 Raw Image Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28293 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28295 Microsoft Publisher Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28296 Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28297 Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28298 Windows Kernel Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-28299 Visual Studio Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-28300 Azure Service Connector Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-28302 Microsoft Message Queuing Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-28304 Microsoft SQL Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28305 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28306 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28307 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28308 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28309 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2023-28311 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28312 Azure Machine Learning Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-28313 Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2023-28314 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
There are no known exploits in the wild.