104 Microsoft Windows OS vulnerabilities

Notable Critical Microsoft Vulnerabilities

⭕ Critical | Layer 2 Tunneling Protocol Remote Code Execution Vulnerabilities

CVE-2023-41770, CVE-2023-41765, CVE-2023-41767, CVE-2023-38166, CVE-2023-41774, CVE-2023-41773, CVE-2023-41771, CVE-2023-41769, CVE-2023-41768 are critical vulnerability affecting Windows Layer 2 Tunneling Protocol (L2TP) which serves as an enhancement to the Point-to-Point Tunneling Protocol (PPTP) used by ISPs and VPNs. L2TP is responsible for security and privacy by enabling a tunnel for Layer2 traffic over a Layer 3 network. This vulnerability can be exploited by an unauthenticated attacker who could send a specially crafted connection request to a RAS server and perform remote code execution on the server.

⭕ Critical | Microsoft Message Queuing Remote Code Execution Vulnerabilities

CVE-2023-35349,CVE-2023-36697 are Remote Code Execution (RCE) vulnerabilities targeting the Message Queuing (MSMQ) protocol developed by Microsoft to ensure reliable communication between computers across different networks. Successful exploitation of the vulnerability may allow an attacker to perform remote code execution on the target server.

October's Patch Tuesday Addressing Zero-day Flaws

HTTP/2 ‘Reset Flood’ Denial of Service

CVE-2023-44487 is an HTTP/2 vulnerability that could allow an unauthenticated attacker to initiate a denial of service attack against HTTP/2 servers. This issue has been actively exploited in August 2023 in a series of DDoS attacks reported by Cloudflare. However, this is not strictly related to Microsoft products, but patches were released for Windows servers. Microsoft has also given a workaround to mitigate the vulnerability.

Microsoft WordPad Information Disclosure Vulnerability

CVE-2023-36563 is an information disclosure vulnerability in WordPad that could allow remote code execution and disclosure of NTLM password hashes. An attacker must log on to the system and run a specially crafted application to exploit the vulnerability. An attacker must also convince a user to click a malicious link and open the specially crafted file. This is the third WordPad vulnerability exploited in 2023 for NTLM hash theft.

CISA has added the vulnerability to its Known Exploited Vulnerabilities Catalog and requested users to patch it before October 31, 2023.

Skype for Business Elevation of Privilege Vulnerability

CVE-2023-41763 is an Elevation of Privilege vulnerability identified in Skype for Business servers. Microsoft has fixed this vulnerability which has been actively exploited. An attacker could exploit this vulnerability by sending a specially crafted network call to the target server. Successful exploitation may allow an attacker to parse an HTTP request to an arbitrary address that may disclose IP addresses, ports and other sensitive info to the attacker.

Full list of CVEs listed in this patch

‍Active Directory Domain Services Information Disclosure Vulnerability

CVE-2023-36722

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

CVE-2023-41766

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2023-36577

Windows Media Foundation Core Remote Code Execution Vulnerability

CVE-2023-36710

Windows Search Security Feature Bypass Vulnerability

CVE-2023-36564

Microsoft WordPad Information Disclosure Vulnerability

CVE-2023-36563

Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability

CVE-2023-36598

Active Template Library Denial of Service Vulnerability

CVE-2023-36585

Microsoft AllJoyn API Denial of Service Vulnerability

CVE-2023-36709

Windows Runtime Remote Code Execution Vulnerability

CVE-2023-36902

Windows Common Log File System Driver Information Disclosure Vulnerability

CVE-2023-36713

Windows Container Manager Service Elevation of Privilege Vulnerability

CVE-2023-36723

Windows Deployment Services Denial of Service Vulnerability

CVE-2023-36707

Windows Deployment Services Information Disclosure Vulnerability

CVE-2023-36567

Windows Deployment Services Information Disclosure Vulnerability

CVE-2023-36706

DHCP Server Service Denial of Service Vulnerability

CVE-2023-36703

Windows Error Reporting Service Elevation of Privilege Vulnerability

CVE-2023-36721

Windows MSHTML Platform Remote Code Execution Vulnerability

CVE-2023-36436

PrintHTML API Remote Code Execution Vulnerability

CVE-2023-36557

Windows IIS Server Elevation of Privilege Vulnerability

CVE-2023-36434

Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability

CVE-2023-36726

Windows Kernel Information Disclosure Vulnerability

CVE-2023-36576

Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-36712

Windows Kernel Security Feature Bypass Vulnerability

CVE-2023-36698

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

CVE-2023-41770

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

CVE-2023-41765

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

CVE-2023-41767

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

CVE-2023-38166

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

CVE-2023-41774

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

CVE-2023-41773

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

CVE-2023-41771

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

CVE-2023-41769

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

CVE-2023-41768

Windows Mark of the Web Security Feature Bypass Vulnerability

CVE-2023-36584

Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-36571

Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-36570

Microsoft Message Queuing Denial of Service Vulnerability

CVE-2023-36431

Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-35349

Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-36591

Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-36590

Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-36589

Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-36583

Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-36592

Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-36697

Microsoft Message Queuing Denial of Service Vulnerability

CVE-2023-36606

Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-36593

Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-36582

Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-36574

Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-36575

Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-36573

Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-36572

Microsoft Message Queuing Denial of Service Vulnerability

CVE-2023-36581

Microsoft Message Queuing Denial of Service Vulnerability

CVE-2023-36579

Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-36578

Microsoft DirectMusic Remote Code Execution Vulnerability

CVE-2023-36702

Windows Mixed Reality Developer Tools Denial of Service Vulnerability

CVE-2023-36720

Named Pipe File System Elevation of Privilege Vulnerability

CVE-2023-36729

Windows Named Pipe Filesystem Elevation of Privilege Vulnerability

CVE-2023-36605

Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-36725

Windows Power Management Service Information Disclosure Vulnerability

CVE-2023-36724

Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability

CVE-2023-36790

Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability

CVE-2023-29348

Remote Procedure Call Information Disclosure Vulnerability

CVE-2023-36596

Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability

CVE-2023-36701

Windows Runtime C++ Template Library Elevation of Privilege Vulnerability

CVE-2023-36711

Windows Setup Files Cleanup Remote Code Execution Vulnerability

CVE-2023-36704

Windows TCP/IP Information Disclosure Vulnerability

CVE-2023-36438

Windows TCP/IP Denial of Service Vulnerability

CVE-2023-36603

Windows TCP/IP Denial of Service Vulnerability

CVE-2023-36602

Windows Virtual Trusted Platform Module Denial of Service Vulnerability

CVE-2023-36717

Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability

CVE-2023-36718

Win32k Elevation of Privilege Vulnerability

CVE-2023-36731

Win32k Elevation of Privilege Vulnerability

CVE-2023-36732

Win32k Elevation of Privilege Vulnerability

CVE-2023-36776

Win32k Elevation of Privilege Vulnerability

CVE-2023-36743

Win32k Elevation of Privilege Vulnerability

CVE-2023-41772

‍

Runecast covers all 81 of the vulnerabilities that affect Windows operating systems, all mentioned below:

Runecast protects you against all of these vulnerabilities

‍

At Runecast we ensure that all OS vulnerabilities are covered, so you can focus on mitigating threats and ensuring your system is running safe and secure. We keep you updated about the latest vulnerabilities, exploits and security compliance research and pride ourselves on responding quickly and decisively to key news in the IT Security and Operations spaces.

Runecast is an AI-powered platform that gives you complete visibility and proactive control over potential vulnerabilities in your environment. It provides best practices, risk-based vulnerability management, and security and continuous compliance audits to ensure that every aspect of your environment is protected.

Additionally, Runecast provides explicit instructions and generates custom remediation scripts, to help IT teams maintain continuous compliance within the environment. The Runecast platform can be deployed to AWS, Azure, Kubernetes, and VMware environments and can operate entirely on-premises or via our new SaaS offering.

‍

Meet other Runecasters here:

Behind-the-Scenes: Meet Stephen Gow

This is some text inside of a div block.

Behind-the-Scenes: Meet Silvio Progonati

This is some text inside of a div block.

Runecast Behind the Scenes with Jakub Prasek

This is some text inside of a div block.

Runecast Behind the Scenes with Yassine Hakimi

This is some text inside of a div block.

Runecast Behind the Scenes with Zuzana Belehradova

This is some text inside of a div block.

Written by

Adrian Borlea

Adrian is Windows Security Researcher at Runecast and an IT enthusiast with over 10 years of experience. He has worked as a Network and Systems Administrator for various companies and sectors, involved in complex projects starting from infrastructure planning, implementation, troubleshooting and continuous improvement processes.

In the last few years, Adrian has been involved in cyber-security projects, working with multiple tools for vulnerability management, compliance, IDS/IPS, GDPR compliance and infrastructure monitoring against cyber-attacks.

‍

→ Read more from this author

Run Secure and Compliant Workloads Anywhere

Let Runecast detect and assess risks, so you can be fully compliant in minutes.

Get Free Trial

In this article:

Notable Critical Microsoft Vulnerabilities

⭕ Critical | Layer 2 Tunneling Protocol Remote Code Execution Vulnerabilities

⭕ Critical | Microsoft Message Queuing Remote Code Execution Vulnerabilities

October's Patch Tuesday Addressing Zero-day Flaws

HTTP/2 ‘Reset Flood’ Denial of Service

Microsoft WordPad Information Disclosure Vulnerability

Skype for Business Elevation of Privilege Vulnerability

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack

Windows Graphics Component Elevation of Privilege Vulnerability

Windows Graphics Component Elevation of Privilege Vulnerability

Microsoft QUIC Denial of Service Vulnerability

Microsoft QUIC Denial of Service Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Windows Media Foundation Core Remote Code Execution Vulnerability

Windows Search Security Feature Bypass Vulnerability

Microsoft WordPad Information Disclosure Vulnerability

Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability

Active Template Library Denial of Service Vulnerability

Microsoft AllJoyn API Denial of Service Vulnerability

Windows Runtime Remote Code Execution Vulnerability

Windows Common Log File System Driver Information Disclosure Vulnerability

Windows Container Manager Service Elevation of Privilege Vulnerability

Windows Deployment Services Denial of Service Vulnerability

Windows Deployment Services Information Disclosure Vulnerability

Windows Deployment Services Information Disclosure Vulnerability

DHCP Server Service Denial of Service Vulnerability

Windows Error Reporting Service Elevation of Privilege Vulnerability

Windows MSHTML Platform Remote Code Execution Vulnerability

PrintHTML API Remote Code Execution Vulnerability

Windows IIS Server Elevation of Privilege Vulnerability

Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability

Windows Kernel Information Disclosure Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Security Feature Bypass Vulnerability

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Windows Mark of the Web Security Feature Bypass Vulnerability

Microsoft Message Queuing Remote Code Execution Vulnerability

Microsoft Message Queuing Remote Code Execution Vulnerability

Microsoft Message Queuing Denial of Service Vulnerability

Microsoft Message Queuing Remote Code Execution Vulnerability

Microsoft Message Queuing Remote Code Execution Vulnerability

Microsoft Message Queuing Remote Code Execution Vulnerability

Microsoft Message Queuing Remote Code Execution Vulnerability

Microsoft Message Queuing Remote Code Execution Vulnerability

Microsoft Message Queuing Remote Code Execution Vulnerability

Microsoft Message Queuing Remote Code Execution Vulnerability

Microsoft Message Queuing Denial of Service Vulnerability

Microsoft Message Queuing Remote Code Execution Vulnerability

Microsoft Message Queuing Remote Code Execution Vulnerability

Microsoft Message Queuing Remote Code Execution Vulnerability

Microsoft Message Queuing Remote Code Execution Vulnerability

Microsoft Message Queuing Remote Code Execution Vulnerability

Microsoft Message Queuing Remote Code Execution Vulnerability

Microsoft Message Queuing Denial of Service Vulnerability

Microsoft Message Queuing Denial of Service Vulnerability

Microsoft Message Queuing Remote Code Execution Vulnerability

Microsoft DirectMusic Remote Code Execution Vulnerability

Windows Mixed Reality Developer Tools Denial of Service Vulnerability

Named Pipe File System Elevation of Privilege Vulnerability

Windows Named Pipe Filesystem Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Windows Power Management Service Information Disclosure Vulnerability

Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability

Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability

Remote Procedure Call Information Disclosure Vulnerability

Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability

Windows Runtime C++ Template Library Elevation of Privilege Vulnerability

Windows Setup Files Cleanup Remote Code Execution Vulnerability

Windows TCP/IP Information Disclosure Vulnerability

Windows TCP/IP Denial of Service Vulnerability