Microsoft Security Bulletin Coverage for August 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of August 2023. A list of issues reported, along with SonicWall coverage information, is as follows:
CVE-2023-35359 Windows Kernel Elevation of Privilege Vulnerability
ASPY 467: Exploit-exe exe.MP_334
CVE-2023-35380 Windows Kernel Elevation of Privilege Vulnerability
ASPY 465: Exploit-exe exe.MP_332
CVE-2023-35382 Windows Kernel Elevation of Privilege Vulnerability
ASPY 466: Exploit-exe exe.MP_333
CVE-2023-35384 Windows HTML Platforms Security Feature Bypass Vulnerability
IPS 15908: Windows HTML Platforms Security Feature Bypass (CVE-2023-35384)
CVE-2023-35386 Windows Kernel Elevation of Privilege Vulnerability
ASPY 469: Exploit-exe exe.MP_336
CVE-2023-36900 Windows Common Log File System Driver Elevation of Privilege Vulnerability
ASPY 470: Exploit-exe exe.MP_337
The following vulnerabilities do not have exploits in the wild :
CVE-2023-21709 Microsoft Exchange Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-29328 Microsoft Teams Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-29330 Microsoft Teams Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-35368 Microsoft Exchange Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-35371 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-35372 Microsoft Office Visio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-35376 Microsoft Message Queuing Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-35377 Microsoft Message Queuing Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-35378 Windows Projected File System Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-35379 Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-35381 Windows Fax Service Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-35383 Microsoft Message Queuing Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-35385 Microsoft Message Queuing Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-35387 Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-35388 Microsoft Exchange Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-35389 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-35390 .NET and Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-35391 ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-35393 Azure Apache Hive Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-35394 Azure HDInsight Jupyter Notebook Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-36865 Microsoft Office Visio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-36866 Microsoft Office Visio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-36869 Azure DevOps Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-36873 .NET Framework Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-36876 Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-36877 Azure Apache Oozie Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-36881 Azure Apache Ambari Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-36882 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-36889 Windows Group Policy Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-36890 Microsoft SharePoint Server Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-36891 Microsoft SharePoint Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-36892 Microsoft SharePoint Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-36893 Microsoft Outlook Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-36894 Microsoft SharePoint Server Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-36895 Microsoft Outlook Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-36896 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-36897 Visual Studio Tools for Office Runtime Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-36898 Tablet Windows User Interface Application Core Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-36899 ASP.NET Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-36903 Windows System Assessment Tool Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-36904 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-36905 Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-36906 Windows Cryptographic Services Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-36907 Windows Cryptographic Services Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-36908 Windows Hyper-V Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-36909 Microsoft Message Queuing Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-36910 Microsoft Message Queuing Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-36911 Microsoft Message Queuing Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-36912 Microsoft Message Queuing Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-36913 Microsoft Message Queuing Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-36914 Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-38154 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-38167 Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-38169 Microsoft OLE DB Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-38170 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-38172 Microsoft Message Queuing Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-38175 Microsoft Windows Defender Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-38176 Azure Arc-Enabled Servers Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-38178 .NET Core and Visual Studio Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-38180 .NET and Visual Studio Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-38181 Microsoft Exchange Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-38182 Microsoft Exchange Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-38184 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-38185 Microsoft Exchange Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-38186 Windows Mobile Device Management Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-38188 Azure Apache Hadoop Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-38254 Microsoft Message Queuing Denial of Service Vulnerability
There are no known exploits in the wild.