ISHACK AI BOT

Ubuntu: USN-6489-1 (CVE-2023-1672): Tang vulnerability Severity 6 CVSS (AV:A/AC:M/Au:N/C:C/I:N/A:N) Published 07/11/2023 Created 11/22/2023 Added 11/21/2023 Modified 01/28/2025 Description A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host. Solution(s) ubuntu-pro-upgrade-tang ubuntu-pro-upgrade-tang-common References https://attackerkb.com/topics/cve-2023-1672 CVE - 2023-1672 USN-6489-1

Red Hat OpenShift: CVE-2023-29406: golang: net/http: insufficient sanitization of Host header Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/11/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. Solution(s) linuxrpm-upgrade-openshift linuxrpm-upgrade-openshift-clients References https://attackerkb.com/topics/cve-2023-29406 CVE - 2023-29406 RHSA-2023:5530 RHSA-2023:5541 RHSA-2023:5721 RHSA-2023:5738 RHSA-2023:5933 RHSA-2023:5935 RHSA-2023:5947 RHSA-2023:5965 RHSA-2023:5974 RHSA-2023:5976 RHSA-2023:6031 RHSA-2023:6085 RHSA-2023:6115 RHSA-2023:6161 RHSA-2023:6296 RHSA-2023:6298 RHSA-2023:6346 RHSA-2023:6363 RHSA-2023:6402 RHSA-2023:6473 RHSA-2023:6474 RHSA-2023:6818 RHSA-2023:6840 RHSA-2023:6938 RHSA-2023:6939 RHSA-2023:7202 RHSA-2024:0293 RHSA-2024:1027 RHSA-2024:1383 RHSA-2024:1570 View more

Microsoft Defender Elevation of Privilege Vulnerability (CVE-2023-33156) Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 01/28/2025 Description Microsoft Defender Elevation of Privilege Vulnerability Solution(s) windows-defender-upgrade-latest References https://attackerkb.com/topics/cve-2023-33156 CVE - 2023-33156 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33156

APSB23-40: Security updates available for Adobe ColdFusion | APSB23-40 (CVE-2023-29300) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/12/2023 Modified 01/28/2025 Description Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. Solution(s) adobe-coldfusion-2018-release-update-17 adobe-coldfusion-2021-release-update-7 adobe-coldfusion-2023-release-update-1 References https://attackerkb.com/topics/cve-2023-29300 CVE - 2023-29300 https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html

CentOS Linux: CVE-2023-1672: Moderate: tang security update (Multiple Advisories) Severity 6 CVSS (AV:A/AC:M/Au:N/C:C/I:N/A:N) Published 07/11/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host. Solution(s) centos-upgrade-tang centos-upgrade-tang-debuginfo centos-upgrade-tang-debugsource References CVE-2023-1672

Oracle Linux: CVE-2023-3600: ELSA-2023-5434:firefox security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/11/2023 Created 10/06/2023 Added 10/05/2023 Modified 01/07/2025 Description During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1. The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-3600 CVE - 2023-3600 ELSA-2023-5434 ELSA-2023-5433 ELSA-2023-5435 ELSA-2023-5475 ELSA-2023-5477 ELSA-2023-5428 View more

Microsoft SharePoint: CVE-2023-33157: Microsoft SharePoint Remote Code Execution Vulnerability Severity 4 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 01/14/2025 Description Microsoft SharePoint Remote Code Execution Vulnerability Solution(s) microsoft-sharepoint-sharepoint_2016-kb5002425 microsoft-sharepoint-sharepoint_2019-kb5002423 microsoft-sharepoint-sharepoint_server_subscription_edition-kb5002424 References https://attackerkb.com/topics/cve-2023-33157 CVE - 2023-33157 https://support.microsoft.com/help/5002423 https://support.microsoft.com/help/5002424 https://support.microsoft.com/help/5002425

Microsoft SharePoint: CVE-2023-33159: Microsoft SharePoint Server Spoofing Vulnerability Severity 4 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 01/14/2025 Description Microsoft SharePoint Server Spoofing Vulnerability Solution(s) microsoft-sharepoint-sharepoint_2016-kb5002425 microsoft-sharepoint-sharepoint_2019-kb5002423 microsoft-sharepoint-sharepoint_server_subscription_edition-kb5002424 References https://attackerkb.com/topics/cve-2023-33159 CVE - 2023-33159 https://support.microsoft.com/help/5002423 https://support.microsoft.com/help/5002424 https://support.microsoft.com/help/5002425

Microsoft SharePoint: CVE-2023-33165: Microsoft SharePoint Server Security Feature Bypass Vulnerability Severity 4 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 01/14/2025 Description Microsoft SharePoint Server Security Feature Bypass Vulnerability Solution(s) microsoft-sharepoint-sharepoint_2019-kb5002423 microsoft-sharepoint-sharepoint_server_subscription_edition-kb5002424 References https://attackerkb.com/topics/cve-2023-33165 CVE - 2023-33165 https://support.microsoft.com/help/5002423 https://support.microsoft.com/help/5002424

Microsoft Windows: CVE-2023-35364: Windows Kernel Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 08/07/2024 Description Windows Kernel Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5028168 microsoft-windows-windows_10-21h2-kb5028166 microsoft-windows-windows_10-22h2-kb5028166 microsoft-windows-windows_11-21h2-kb5028182 microsoft-windows-windows_11-22h2-kb5028185 microsoft-windows-windows_server_2019-1809-kb5028168 microsoft-windows-windows_server_2022-21h2-kb5028171 microsoft-windows-windows_server_2022-22h2-kb5028171 References https://attackerkb.com/topics/cve-2023-35364 CVE - 2023-35364 https://support.microsoft.com/help/5028166 https://support.microsoft.com/help/5028168 https://support.microsoft.com/help/5028171 https://support.microsoft.com/help/5028182 https://support.microsoft.com/help/5028185

Alma Linux: CVE-2023-33170: Important: .NET 7.0 security, bug fix, and enhancement update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/11/2023 Created 07/14/2023 Added 07/14/2023 Modified 01/28/2025 Description ASP.NET and Visual Studio Security Feature Bypass Vulnerability Solution(s) alma-upgrade-aspnetcore-runtime-6.0 alma-upgrade-aspnetcore-runtime-7.0 alma-upgrade-aspnetcore-targeting-pack-6.0 alma-upgrade-aspnetcore-targeting-pack-7.0 alma-upgrade-dotnet alma-upgrade-dotnet-apphost-pack-6.0 alma-upgrade-dotnet-apphost-pack-7.0 alma-upgrade-dotnet-host alma-upgrade-dotnet-hostfxr-6.0 alma-upgrade-dotnet-hostfxr-7.0 alma-upgrade-dotnet-runtime-6.0 alma-upgrade-dotnet-runtime-7.0 alma-upgrade-dotnet-sdk-6.0 alma-upgrade-dotnet-sdk-6.0-source-built-artifacts alma-upgrade-dotnet-sdk-7.0 alma-upgrade-dotnet-sdk-7.0-source-built-artifacts alma-upgrade-dotnet-targeting-pack-6.0 alma-upgrade-dotnet-targeting-pack-7.0 alma-upgrade-dotnet-templates-6.0 alma-upgrade-dotnet-templates-7.0 alma-upgrade-netstandard-targeting-pack-2.1 References https://attackerkb.com/topics/cve-2023-33170 CVE - 2023-33170 https://errata.almalinux.org/8/ALSA-2023-4058.html https://errata.almalinux.org/8/ALSA-2023-4059.html https://errata.almalinux.org/9/ALSA-2023-4057.html https://errata.almalinux.org/9/ALSA-2023-4060.html

Debian: CVE-2022-48521: opendkim -- security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 07/11/2023 Created 12/12/2023 Added 12/11/2023 Modified 01/28/2025 Description An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address such that programs that rely on Authentication-Results from OpenDKIM will treat the message as having a valid DKIM signature when in fact it has none. Solution(s) debian-upgrade-opendkim References https://attackerkb.com/topics/cve-2022-48521 CVE - 2022-48521 DLA-3680-1

Debian: CVE-2023-1672: tang -- security update Severity 6 CVSS (AV:A/AC:M/Au:N/C:C/I:N/A:N) Published 07/11/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host. Solution(s) debian-upgrade-tang References https://attackerkb.com/topics/cve-2023-1672 CVE - 2023-1672 DLA-3648-1

Aruba AOS-10: CVE-2023-35975: Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion. Severity 8 CVSS (AV:N/AC:L/Au:M/C:N/I:C/A:C) Published 07/11/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system. Solution(s) aruba-aos-10-cve-2023-35975 References https://attackerkb.com/topics/cve-2023-35975 CVE - 2023-35975 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-008.json

Fortinet FortiOS: Insufficient Session Expiration (CVE-2023-28001) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/11/2023 Created 07/20/2023 Added 07/20/2023 Modified 01/28/2025 Description An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API. Solution(s) fortios-upgrade-latest References https://attackerkb.com/topics/cve-2023-28001 CVE - 2023-28001 https://fortiguard.com/psirt/FG-IR-23-028

Fortinet FortiManager: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2023-25606) Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 07/11/2023 Created 07/28/2023 Added 07/27/2023 Modified 01/30/2025 Description An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. Solution(s) fortinet-fortimanager-upgrade-6_4_11 fortinet-fortimanager-upgrade-6_4_12 fortinet-fortimanager-upgrade-7_0_5 fortinet-fortimanager-upgrade-7_0_7 fortinet-fortimanager-upgrade-7_2_1 fortinet-fortimanager-upgrade-7_2_2 References https://attackerkb.com/topics/cve-2023-25606 CVE - 2023-25606 https://fortiguard.com/psirt/FG-IR-22-471

Microsoft Windows: CVE-2023-35325: Windows Print Spooler Information Disclosure Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 09/06/2024 Description Windows Print Spooler Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5028186 microsoft-windows-windows_10-1607-kb5028169 microsoft-windows-windows_10-1809-kb5028168 microsoft-windows-windows_10-21h2-kb5028166 microsoft-windows-windows_10-22h2-kb5028166 microsoft-windows-windows_11-21h2-kb5028182 microsoft-windows-windows_11-22h2-kb5028185 microsoft-windows-windows_server_2012-kb5028233 microsoft-windows-windows_server_2012_r2-kb5028223 microsoft-windows-windows_server_2016-1607-kb5028169 microsoft-windows-windows_server_2019-1809-kb5028168 microsoft-windows-windows_server_2022-21h2-kb5028171 microsoft-windows-windows_server_2022-22h2-kb5028171 References https://attackerkb.com/topics/cve-2023-35325 CVE - 2023-35325 https://support.microsoft.com/help/5028166 https://support.microsoft.com/help/5028168 https://support.microsoft.com/help/5028169 https://support.microsoft.com/help/5028171 https://support.microsoft.com/help/5028182 https://support.microsoft.com/help/5028185 https://support.microsoft.com/help/5028186 https://support.microsoft.com/help/5028223 https://support.microsoft.com/help/5028228 https://support.microsoft.com/help/5028233 View more

Microsoft Office: CVE-2023-33152: Microsoft ActiveX Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 01/28/2025 Description Microsoft ActiveX Remote Code Execution Vulnerability Solution(s) microsoft-office_2016-kb5002058 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2023-33152 CVE - 2023-33152 https://support.microsoft.com/help/5002058

Rocky Linux: CVE-2023-33170: .NET-6.0 (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/11/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description ASP.NET and Visual Studio Security Feature Bypass Vulnerability Solution(s) rocky-upgrade-aspnetcore-runtime-6.0 rocky-upgrade-aspnetcore-runtime-7.0 rocky-upgrade-aspnetcore-targeting-pack-6.0 rocky-upgrade-aspnetcore-targeting-pack-7.0 rocky-upgrade-dotnet rocky-upgrade-dotnet-apphost-pack-6.0 rocky-upgrade-dotnet-apphost-pack-6.0-debuginfo rocky-upgrade-dotnet-apphost-pack-7.0 rocky-upgrade-dotnet-apphost-pack-7.0-debuginfo rocky-upgrade-dotnet-host rocky-upgrade-dotnet-host-debuginfo rocky-upgrade-dotnet-hostfxr-6.0 rocky-upgrade-dotnet-hostfxr-6.0-debuginfo rocky-upgrade-dotnet-hostfxr-7.0 rocky-upgrade-dotnet-hostfxr-7.0-debuginfo rocky-upgrade-dotnet-runtime-6.0 rocky-upgrade-dotnet-runtime-6.0-debuginfo rocky-upgrade-dotnet-runtime-7.0 rocky-upgrade-dotnet-runtime-7.0-debuginfo rocky-upgrade-dotnet-sdk-6.0 rocky-upgrade-dotnet-sdk-6.0-debuginfo rocky-upgrade-dotnet-sdk-6.0-source-built-artifacts rocky-upgrade-dotnet-sdk-7.0 rocky-upgrade-dotnet-sdk-7.0-debuginfo rocky-upgrade-dotnet-sdk-7.0-source-built-artifacts rocky-upgrade-dotnet-targeting-pack-6.0 rocky-upgrade-dotnet-targeting-pack-7.0 rocky-upgrade-dotnet-templates-6.0 rocky-upgrade-dotnet-templates-7.0 rocky-upgrade-dotnet6.0-debuginfo rocky-upgrade-dotnet7.0-debuginfo rocky-upgrade-netstandard-targeting-pack-2.1 References https://attackerkb.com/topics/cve-2023-33170 CVE - 2023-33170 https://errata.rockylinux.org/RLSA-2023:4058 https://errata.rockylinux.org/RLSA-2023:4059

Oracle Linux: CVE-2023-29406: ELSA-2023-6938:container-tools:4.0 security and bug fix update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 07/11/2023 Created 11/18/2023 Added 11/16/2023 Modified 01/07/2025 Description The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking. Solution(s) oracle-linux-upgrade-aardvark-dns oracle-linux-upgrade-buildah oracle-linux-upgrade-buildah-tests oracle-linux-upgrade-cockpit-podman oracle-linux-upgrade-conmon oracle-linux-upgrade-containernetworking-plugins oracle-linux-upgrade-containers-common oracle-linux-upgrade-container-selinux oracle-linux-upgrade-crit oracle-linux-upgrade-criu oracle-linux-upgrade-criu-devel oracle-linux-upgrade-criu-libs oracle-linux-upgrade-crun oracle-linux-upgrade-fuse-overlayfs oracle-linux-upgrade-libslirp oracle-linux-upgrade-libslirp-devel oracle-linux-upgrade-netavark oracle-linux-upgrade-oci-seccomp-bpf-hook oracle-linux-upgrade-podman oracle-linux-upgrade-podman-catatonit oracle-linux-upgrade-podman-docker oracle-linux-upgrade-podman-gvproxy oracle-linux-upgrade-podman-plugins oracle-linux-upgrade-podman-remote oracle-linux-upgrade-podman-tests oracle-linux-upgrade-python3-criu oracle-linux-upgrade-python3-podman oracle-linux-upgrade-runc oracle-linux-upgrade-skopeo oracle-linux-upgrade-skopeo-tests oracle-linux-upgrade-slirp4netns oracle-linux-upgrade-udica References https://attackerkb.com/topics/cve-2023-29406 CVE - 2023-29406 ELSA-2023-6938 ELSA-2023-7202 ELSA-2023-6402 ELSA-2023-6474 ELSA-2023-6473 ELSA-2023-6939 ELSA-2023-6363 View more

Aruba AOS-8: CVE-2023-35975: Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion. Severity 8 CVSS (AV:N/AC:L/Au:M/C:N/I:C/A:C) Published 07/11/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system. Solution(s) aruba-aos-8-cve-2023-35975 References https://attackerkb.com/topics/cve-2023-35975 CVE - 2023-35975 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-008.json

Aruba AOS-8: CVE-2023-35972: Authenticated Remote Command Execution in ArubaOS Web-based Management Interface Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 07/11/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description An authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS. Solution(s) aruba-aos-8-cve-2023-35972 References https://attackerkb.com/topics/cve-2023-35972 CVE - 2023-35972 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-008.json

Aruba AOS-8: CVE-2023-35976: Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 07/11/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level. Solution(s) aruba-aos-8-cve-2023-35976 References https://attackerkb.com/topics/cve-2023-35976 CVE - 2023-35976 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-008.json

Microsoft Windows: CVE-2023-35298: HTTP.sys Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 07/22/2024 Description HTTP.sys Denial of Service Vulnerability Solution(s) microsoft-windows-windows_11-21h2-kb5028182 microsoft-windows-windows_11-22h2-kb5028185 microsoft-windows-windows_server_2022-21h2-kb5028171 microsoft-windows-windows_server_2022-22h2-kb5028171 References https://attackerkb.com/topics/cve-2023-35298 CVE - 2023-35298 https://support.microsoft.com/help/5028171 https://support.microsoft.com/help/5028182 https://support.microsoft.com/help/5028185

Microsoft Windows: CVE-2023-32046: Windows MSHTML Platform Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 09/06/2024 Description Windows MSHTML Platform Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5028186 microsoft-windows-windows_10-1607-kb5028169 microsoft-windows-windows_10-1809-kb5028168 microsoft-windows-windows_10-21h2-kb5028166 microsoft-windows-windows_10-22h2-kb5028166 microsoft-windows-windows_11-21h2-kb5028182 microsoft-windows-windows_11-22h2-kb5028185 microsoft-windows-windows_server_2012-kb5028167 microsoft-windows-windows_server_2012-kb5028233 microsoft-windows-windows_server_2012_r2-kb5028167 microsoft-windows-windows_server_2012_r2-kb5028223 microsoft-windows-windows_server_2016-1607-kb5028169 microsoft-windows-windows_server_2019-1809-kb5028168 microsoft-windows-windows_server_2022-21h2-kb5028171 microsoft-windows-windows_server_2022-22h2-kb5028171 msft-kb5028167-0ccdf8c5-5419-4b45-a732-93b39b6d2bc3 msft-kb5028167-8d577a16-3d5a-4033-9484-5ee81b5c86c7 msft-kb5028167-9c521f49-0e02-4c3d-8b04-db6e6013a7bd msft-kb5028224-2e96cc2b-4c83-488b-8b9c-70778b8aa096 msft-kb5028226-2415aca4-06a8-45b8-86b5-471621f88a0c msft-kb5028226-9c685f84-7c63-490f-898f-767be90fb40c References https://attackerkb.com/topics/cve-2023-32046 CVE - 2023-32046 https://support.microsoft.com/help/5028166 https://support.microsoft.com/help/5028167 https://support.microsoft.com/help/5028168 https://support.microsoft.com/help/5028169 https://support.microsoft.com/help/5028171 https://support.microsoft.com/help/5028182 https://support.microsoft.com/help/5028185 https://support.microsoft.com/help/5028186 https://support.microsoft.com/help/5028223 https://support.microsoft.com/help/5028228 https://support.microsoft.com/help/5028233 View more