Today’s Microsoft Security Update addressed 130 vulnerabilities, including 9 that are rated as Critical. This is double the number fixed from last month, June 2023.
Microsoft included two security advisories this month, ADV230001 and ADV230002.
The ADV230001 security advisory addresses some drivers that were certified by the Microsoft’s Windows Hardware Developer Program (MWHDP) that have been used maliciously in post-exploitation activities. Microsoft has suspended the developer accounts related to the affected drivers, marked the drivers as untrusted and revoked the affected driver signing certificates.
Multiple vulnerabilities included in this month's Patch Tuesday are currently being exploited in the wild including one which does not currently have a patch, CVE-2023-36884.
- CVE-2023-32046 requires a specially crafted file to exploit this vulnerability and would grant the attacker the same privileges as the user that executed it.
- CVE-2023-32049 could allow attackers to use this vulnerability to bypass the Open File - Security Warning prompt. User interaction is required for this attack as an attacker would be required to convince a user to click on a malicious URL.
- CVE-2023-36874 is a vulnerability that can be leveraged by an attacker to escalate privileges to that of an administrator.
- CVE-2023-36884 Microsoft is aware of targeted attacks attempting to exploit this vulnerability via a crafted Microsoft Office document to achieve remote code execution. However, for the attack to be successful the attacker would have to trick the victim into opening the malicious file. While this vulnerability does not currently have a patch, Microsoft has provided multiple mitigations until a patch is available. More information on the mitigations can be found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884.
- CVE-2023-35311 is a vulnerability that would allow an attacker to bypass the Microsoft Outlook Security Notice prompt, but does require user interaction to be compromised by the attacker.
Fortra VM will include the Microsoft Patch Tuesday checks in the NIRV 4.24.0 and Agent 1.62.0 releases.
CVE/Advisory | Title | Tag | Microsoft Severity Rating | Base Score | Microsoft Impact | Exploited | Publicly Disclosed |
CVE-2023-21756 | Windows Win32k Elevation of Privilege Vulnerability | Microsoft Graphics Component | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2023-33148 | Microsoft Office Elevation of Privilege Vulnerability | Microsoft Office | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2023-33149 | Microsoft Office Graphics Remote Code Execution Vulnerability | Microsoft Graphics Component | Important | 7.8 | Remote Code Execution | No | No |
CVE-2023-33150 | Microsoft Office Security Feature Bypass Vulnerability | Microsoft Office | Important | 9.6 | Security Feature Bypass | No | No |
CVE-2023-33151 | Microsoft Outlook Spoofing Vulnerability | Microsoft Office Outlook | Important | 6.5 | Spoofing | No | No |
CVE-2023-33152 | Microsoft ActiveX Remote Code Execution Vulnerability | Microsoft Office Access | Important | 7 | Remote Code Execution | No | No |
CVE-2023-33153 | Microsoft Outlook Remote Code Execution Vulnerability | Microsoft Office Outlook | Important | 6.8 | Remote Code Execution | No | No |
CVE-2023-33165 | Microsoft SharePoint Server Security Feature Bypass Vulnerability | Microsoft Office SharePoint | Important | 4.3 | Security Feature Bypass | No | No |
CVE-2023-33166 | Remote Procedure Call Runtime Denial of Service Vulnerability | Windows Remote Procedure Call | Important | 6.5 | Denial of Service | No | No |
CVE-2023-33167 | Remote Procedure Call Runtime Denial of Service Vulnerability | Windows Remote Procedure Call | Important | 6.5 | Denial of Service | No | No |
CVE-2023-33168 | Remote Procedure Call Runtime Denial of Service Vulnerability | Windows Remote Procedure Call | Important | 6.5 | Denial of Service | No | No |
CVE-2023-33169 | Remote Procedure Call Runtime Denial of Service Vulnerability | Windows Remote Procedure Call | Important | 6.5 | Denial of Service | No | No |
CVE-2023-33172 | Remote Procedure Call Runtime Denial of Service Vulnerability | Windows Remote Procedure Call | Important | 6.5 | Denial of Service | No | No |
CVE-2023-33173 | Remote Procedure Call Runtime Denial of Service Vulnerability | Windows Remote Procedure Call | Important | 6.5 | Denial of Service | No | No |
CVE-2023-33174 | Windows Cryptographic Information Disclosure Vulnerability | Windows Cryptographic Services | Important | 5.5 | Information Disclosure | No | No |
CVE-2023-32033 | Microsoft Failover Cluster Remote Code Execution Vulnerability | Windows Cluster Server | Important | 6.6 | Remote Code Execution | No | No |
CVE-2023-32034 | Remote Procedure Call Runtime Denial of Service Vulnerability | Windows Remote Procedure Call | Important | 6.5 | Denial of Service | No | No |
CVE-2023-32035 | Remote Procedure Call Runtime Denial of Service Vulnerability | Windows Remote Procedure Call | Important | 6.5 | Denial of Service | No | No |
CVE-2023-32037 | Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability | Windows Layer 2 Tunneling Protocol | Important | 6.5 | Information Disclosure | No | No |
CVE-2023-32038 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Windows ODBC Driver | Important | 8.8 | Remote Code Execution | No | No |
CVE-2023-32039 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Microsoft Printer Drivers | Important | 5.5 | Information Disclosure | No | No |
CVE-2023-32040 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Microsoft Printer Drivers | Important | 5.5 | Information Disclosure | No | No |
CVE-2023-32041 | Windows Update Orchestrator Service Information Disclosure Vulnerability | Windows Update Orchestrator Service | Important | 5.5 | Information Disclosure | No | No |
CVE-2023-32042 | OLE Automation Information Disclosure Vulnerability | Windows OLE | Important | 6.5 | Information Disclosure | No | No |
CVE-2023-32043 | Windows Remote Desktop Security Feature Bypass Vulnerability | Windows Remote Desktop | Important | 6.8 | Security Feature Bypass | No | No |
CVE-2023-32044 | Microsoft Message Queuing Denial of Service Vulnerability | Windows Message Queuing | Important | 7.5 | Denial of Service | No | No |
CVE-2023-32045 | Microsoft Message Queuing Denial of Service Vulnerability | Windows Message Queuing | Important | 7.5 | Denial of Service | No | No |
CVE-2023-32046 | Windows MSHTML Platform Elevation of Privilege Vulnerability | Windows MSHTML Platform | Important | 7.8 | Elevation of Privilege | Yes | No |
CVE-2023-32047 | Paint 3D Remote Code Execution Vulnerability | Paint 3D | Important | 7.8 | Remote Code Execution | No | No |
ADV230002 | Microsoft Guidance for Addressing Security Feature Bypass in Trend Micro EFI Modules | Windows EFI Partition | Important | N/A | Security Feature Bypass | No | No |
CVE-2023-32049 | Windows SmartScreen Security Feature Bypass Vulnerability | Windows SmartScreen | Important | 8.8 | Security Feature Bypass | Yes | No |
CVE-2023-32050 | Windows Installer Elevation of Privilege Vulnerability | Windows Installer | Important | 7 | Elevation of Privilege | No | No |
CVE-2023-32051 | Raw Image Extension Remote Code Execution Vulnerability | Microsoft Windows Codecs Library | Important | 7.8 | Remote Code Execution | No | No |
CVE-2023-35313 | Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability | Windows Online Certificate Status Protocol (OCSP) SnapIn | Important | 7.8 | Remote Code Execution | No | No |
CVE-2023-35314 | Remote Procedure Call Runtime Denial of Service Vulnerability | Windows Remote Procedure Call | Important | 6.5 | Denial of Service | No | No |
CVE-2023-35315 | Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability | Windows Layer-2 Bridge Network Driver | Critical | 8.8 | Remote Code Execution | No | No |
CVE-2023-35316 | Remote Procedure Call Runtime Information Disclosure Vulnerability | Windows Remote Procedure Call | Important | 6.5 | Information Disclosure | No | No |
CVE-2023-35317 | Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability | Windows Server Update Service | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2023-35318 | Remote Procedure Call Runtime Denial of Service Vulnerability | Windows Remote Procedure Call | Important | 6.5 | Denial of Service | No | No |
CVE-2023-35319 | Remote Procedure Call Runtime Denial of Service Vulnerability | Windows Remote Procedure Call | Important | 6.5 | Denial of Service | No | No |
CVE-2023-35320 | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | Windows Connected User Experiences and Telemetry | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2023-35321 | Windows Deployment Services Denial of Service Vulnerability | Windows Deployment Services | Important | 6.5 | Denial of Service | No | No |
CVE-2023-35322 | Windows Deployment Services Remote Code Execution Vulnerability | Windows Deployment Services | Important | 8.8 | Remote Code Execution | No | No |
CVE-2023-35323 | Windows OLE Remote Code Execution Vulnerability | Windows Online Certificate Status Protocol (OCSP) SnapIn | Important | 7.8 | Remote Code Execution | No | No |
CVE-2023-35324 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Microsoft Printer Drivers | Important | 5.5 | Information Disclosure | No | No |
CVE-2023-35325 | Windows Print Spooler Information Disclosure Vulnerability | Windows Print Spooler Components | Important | 7.5 | Information Disclosure | No | No |
CVE-2023-35326 | Windows CDP User Components Information Disclosure Vulnerability | Windows CDP User Components | Important | 5.5 | Information Disclosure | No | No |
CVE-2023-35328 | Windows Transaction Manager Elevation of Privilege Vulnerability | Windows Transaction Manager | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2023-35329 | Windows Authentication Denial of Service Vulnerability | Windows Authentication Methods | Important | 6.5 | Denial of Service | No | No |
CVE-2023-35330 | Windows Extended Negotiation Denial of Service Vulnerability | Windows SPNEGO Extended Negotiation | Important | 7.5 | Denial of Service | No | No |
CVE-2023-35331 | Windows Local Security Authority (LSA) Denial of Service Vulnerability | Windows Local Security Authority (LSA) | Important | 6.5 | Denial of Service | No | No |
CVE-2023-35332 | Windows Remote Desktop Protocol Security Feature Bypass | Windows Remote Desktop | Important | 6.8 | Security Feature Bypass | No | No |
CVE-2023-35333 | MediaWiki PandocUpload Extension Remote Code Execution Vulnerability | Microsoft Media-Wiki Extensions | Important | 8.8 | Remote Code Execution | No | No |
CVE-2023-35336 | Windows MSHTML Platform Security Feature Bypass Vulnerability | Windows MSHTML Platform | Important | 6.5 | Security Feature Bypass | No | No |
CVE-2023-35337 | Win32k Elevation of Privilege Vulnerability | Windows Win32K | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2023-35338 | Windows Peer Name Resolution Protocol Denial of Service Vulnerability | Windows Peer Name Resolution Protocol | Important | 7.5 | Denial of Service | No | No |
CVE-2023-35339 | Windows CryptoAPI Denial of Service Vulnerability | Windows CryptoAPI | Important | 7.5 | Denial of Service | No | No |
CVE-2023-35340 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | Windows CNG Key Isolation Service | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2023-35341 | Microsoft DirectMusic Information Disclosure Vulnerability | Windows Media | Important | 6.2 | Information Disclosure | No | No |
CVE-2023-35342 | Windows Image Acquisition Elevation of Privilege Vulnerability | Windows Image Acquisition | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2023-35343 | Windows Geolocation Service Remote Code Execution Vulnerability | Windows Geolocation Service | Important | 7.8 | Remote Code Execution | No | No |
CVE-2023-35344 | Windows DNS Server Remote Code Execution Vulnerability | Role: DNS Server | Important | 6.6 | Remote Code Execution | No | No |
CVE-2023-35345 | Windows DNS Server Remote Code Execution Vulnerability | Role: DNS Server | Important | 6.6 | Remote Code Execution | No | No |
CVE-2023-35346 | Windows DNS Server Remote Code Execution Vulnerability | Role: DNS Server | Important | 6.6 | Remote Code Execution | No | No |
CVE-2023-35347 | Microsoft Install Service Elevation of Privilege Vulnerability | Windows App Store | Important | 7.1 | Elevation of Privilege | No | No |
CVE-2023-35348 | Active Directory Federation Service Security Feature Bypass Vulnerability | Azure Active Directory | Important | 7.5 | Security Feature Bypass | No | No |
CVE-2023-35350 | Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability | Windows Active Directory Certificate Services | Important | 7.2 | Remote Code Execution | No | No |
CVE-2023-35351 | Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability | Windows Active Directory Certificate Services | Important | 6.6 | Remote Code Execution | No | No |
CVE-2023-35352 | Windows Remote Desktop Security Feature Bypass Vulnerability | Windows Remote Desktop | Critical | 7.5 | Security Feature Bypass | No | No |
CVE-2023-35353 | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | Windows Connected User Experiences and Telemetry | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2023-35356 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2023-35357 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2023-35358 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2023-35360 | Windows Kernel Elevation of Privilege Vulnerability | Windows NT OS Kernel | Important | 7 | Elevation of Privilege | No | No |
CVE-2023-35361 | Windows Kernel Elevation of Privilege Vulnerability | Windows NT OS Kernel | Important | 7 | Elevation of Privilege | No | No |
CVE-2023-35362 | Windows Clip Service Elevation of Privilege Vulnerability | Windows Clip Service | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2023-35363 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2023-35364 | Windows Kernel Elevation of Privilege Vulnerability | Windows NT OS Kernel | Important | 8.8 | Elevation of Privilege | No | No |
CVE-2023-35365 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Windows Routing and Remote Access Service (RRAS) | Critical | 9.8 | Remote Code Execution | No | No |
CVE-2023-35366 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Windows Routing and Remote Access Service (RRAS) | Critical | 9.8 | Remote Code Execution | No | No |
CVE-2023-35367 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Windows Routing and Remote Access Service (RRAS) | Critical | 9.8 | Remote Code Execution | No | No |
CVE-2023-36872 | VP9 Video Extensions Information Disclosure Vulnerability | Microsoft Windows Codecs Library | Important | 5.5 | Information Disclosure | No | No |
CVE-2023-36874 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Windows Error Reporting | Important | 7.8 | Elevation of Privilege | Yes | No |
CVE-2023-36884 | Office and Windows HTML Remote Code Execution Vulnerability | Microsoft Office | Important | 8.3 | Remote Code Execution | Yes | Yes |
CVE-2023-21526 | Windows Netlogon Information Disclosure Vulnerability | Windows Netlogon | Important | 7.4 | Information Disclosure | No | No |
ADV230001 | Guidance on Microsoft Signed Drivers Being Used Maliciously | Windows Certificates | None | N/A | Defense in Depth | Yes | No |
CVE-2023-29347 | Windows Admin Center Spoofing Vulnerability | Windows Admin Center | Important | 8.7 | Spoofing | No | No |
CVE-2023-33127 | .NET and Visual Studio Elevation of Privilege Vulnerability | .NET and Visual Studio | Important | 8.1 | Elevation of Privilege | No | No |
CVE-2023-33134 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Microsoft Office SharePoint | Important | 8.8 | Remote Code Execution | No | No |
CVE-2023-33154 | Windows Partition Management Driver Elevation of Privilege Vulnerability | Windows Partition Management Driver | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2023-33155 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Windows Cloud Files Mini Filter Driver | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2023-33156 | Microsoft Defender Elevation of Privilege Vulnerability | Windows Defender | Important | 6.3 | Elevation of Privilege | No | No |
CVE-2023-33157 | Microsoft SharePoint Remote Code Execution Vulnerability | Microsoft Office SharePoint | Critical | 8.8 | Remote Code Execution | No | No |
CVE-2023-33158 | Microsoft Excel Remote Code Execution Vulnerability | Microsoft Office Excel | Important | 7.8 | Remote Code Execution | No | No |
CVE-2023-33159 | Microsoft SharePoint Server Spoofing Vulnerability | Microsoft Office SharePoint | Important | 8.8 | Spoofing | No | No |
CVE-2023-33160 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Microsoft Office SharePoint | Critical | 8.8 | Remote Code Execution | No | No |
CVE-2023-33161 | Microsoft Excel Remote Code Execution Vulnerability | Microsoft Office Excel | Important | 7.8 | Remote Code Execution | No | No |
CVE-2023-33162 | Microsoft Excel Information Disclosure Vulnerability | Microsoft Office Excel | Important | 5.5 | Information Disclosure | No | No |
CVE-2023-33163 | Windows Network Load Balancing Remote Code Execution Vulnerability | Windows Network Load Balancing | Important | 7.5 | Remote Code Execution | No | No |
CVE-2023-33164 | Remote Procedure Call Runtime Denial of Service Vulnerability | Windows Remote Procedure Call | Important | 6.5 | Denial of Service | No | No |
CVE-2023-33170 | ASP.NET and Visual Studio Security Feature Bypass Vulnerability | ASP.NET and Visual Studio | Important | 8.1 | Security Feature Bypass | No | No |
CVE-2023-33171 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Microsoft Dynamics | Important | 8.2 | Spoofing | No | No |
CVE-2023-32052 | Microsoft Power Apps Spoofing Vulnerability | Microsoft Power Apps | Important | 5.4 | Spoofing | No | No |
CVE-2023-32053 | Windows Installer Elevation of Privilege Vulnerability | Windows Installer | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2023-32054 | Volume Shadow Copy Elevation of Privilege Vulnerability | Windows Volume Shadow Copy | Important | 7.3 | Elevation of Privilege | No | No |
CVE-2023-32055 | Active Template Library Elevation of Privilege Vulnerability | Windows Active Template Library | Important | 6.7 | Elevation of Privilege | No | No |
CVE-2023-32056 | Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability | Windows Server Update Service | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2023-32057 | Microsoft Message Queuing Remote Code Execution Vulnerability | Windows Message Queuing | Critical | 9.8 | Remote Code Execution | No | No |
CVE-2023-32083 | Microsoft Failover Cluster Information Disclosure Vulnerability | Windows Failover Cluster | Important | 6.5 | Information Disclosure | No | No |
CVE-2023-32084 | HTTP.sys Denial of Service Vulnerability | Windows HTTP.sys | Important | 7.5 | Denial of Service | No | No |
CVE-2023-32085 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Microsoft Printer Drivers | Important | 5.5 | Information Disclosure | No | No |
CVE-2023-35296 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Microsoft Printer Drivers | Important | 6.5 | Information Disclosure | No | No |
CVE-2023-35297 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | Windows PGM | Critical | 7.5 | Remote Code Execution | No | No |
CVE-2023-35298 | HTTP.sys Denial of Service Vulnerability | Windows HTTP.sys | Important | 7.5 | Denial of Service | No | No |
CVE-2023-35299 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Windows Common Log File System Driver | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2023-35300 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Windows Remote Procedure Call | Important | 8.8 | Remote Code Execution | No | No |
CVE-2023-35302 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Microsoft Printer Drivers | Important | 8.8 | Remote Code Execution | No | No |
CVE-2023-35303 | USB Audio Class System Driver Remote Code Execution Vulnerability | Microsoft Windows Codecs Library | Important | 8.8 | Remote Code Execution | No | No |
CVE-2023-35304 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2023-35305 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2023-35306 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Microsoft Printer Drivers | Important | 5.5 | Information Disclosure | No | No |
CVE-2023-35308 | Windows MSHTML Platform Security Feature Bypass Vulnerability | Windows MSHTML Platform | Important | 6.5 | Security Feature Bypass | No | No |
CVE-2023-35309 | Microsoft Message Queuing Remote Code Execution Vulnerability | Windows Message Queuing | Important | 7.5 | Remote Code Execution | No | No |
CVE-2023-35310 | Windows DNS Server Remote Code Execution Vulnerability | Role: DNS Server | Important | 6.6 | Remote Code Execution | No | No |
CVE-2023-35311 | Microsoft Outlook Security Feature Bypass Vulnerability | Microsoft Office Outlook | Important | 8.8 | Security Feature Bypass | Yes | No |
CVE-2023-35312 | Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability | Windows VOLSNAP.SYS | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2023-35335 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Microsoft Dynamics | Important | 8.2 | Spoofing | No | No |
CVE-2023-35373 | Mono Authenticode Validation Spoofing Vulnerability | Mono Authenticode | Important | 5.3 | Spoofing | No | No |
CVE-2023-35374 | Paint 3D Remote Code Execution Vulnerability | Paint 3D | Important | 7.8 | Remote Code Execution | No | No |
CVE-2023-36867 | Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability | Visual Studio Code | Important | 7.8 | Remote Code Execution | No | No |
CVE-2023-36868 | Azure Service Fabric on Windows Information Disclosure Vulnerability | Service Fabric | Important | 6.5 | Information Disclosure | No | No |
CVE-2023-36871 | Azure Active Directory Security Feature Bypass Vulnerability | Azure Active Directory | Important | 6.5 | Security Feature Bypass |
See how Fortra Vulnerability Manager can help your team identify and prioritize vulnerabilities quickly and accelerate your time-to-remediation.
Watch this 3-minute video to learn more.