Windows Kerberos Security Feature Bypass Vulnerability
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to prevent tampering with the SNAME field during ticket exchange, aka "Kerberos SNAME Security Feature Bypass Vulnerability" or Orpheus' Lyre.
Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g., after a reboot). This issue only affects installations on Windows.
Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability
Microsoft SharePoint Elevation of Privilege Vulnerability
Active Directory Domain Services Elevation of Privilege Vulnerability
Active Directory Domain Services Elevation of Privilege Vulnerability
Active Directory Domain Services Elevation of Privilege Vulnerability
Active Directory Domain Services Elevation of Privilege Vulnerability
Microsoft Excel Security Feature Bypass Vulnerability
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Windows Deployment Services Remote Code Execution Vulnerability
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Windows Cryptographic Services Security Feature Bypass Vulnerability
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader. An attacker could craft a malicious attachment to be used in phishing campaigns. The attacker would then have to convince the user to open the specially crafted attachment. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Please see the Security Updates table for the link to the updated app. Alternatively you can download and install the Installer using the links provided in the FAQ section. Please see the Mitigations and Workaround sections for important information about steps you can take to protect your system from this vulnerability. December 27 2023 Update: In recent months, Microsoft Threat Intelligence has seen an increase in activity from threat actors leveraging social engineering and phishing techniques to target Windows OS users and utilizing the ms-appinstaller URI scheme. To address this increase in activity, we have updated the App Installer to disable the ms-appinstaller protocol by default and recommend other potential mitigations.
A race condition was identified through which privilege escalation was possible in certain configurations.
Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a safe extension, as demonstrated by an upload of a .asp:.jpg file that results in creation of an empty .asp file, related to support for the NTFS Alternate Data Streams (ADS) filename syntax. NOTE: it could be argued that this is a vulnerability in the third-party product, not IIS, because the third-party product should be applying its extension restrictions to the portion of the filename before the colon.
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a (1) .asp, (2) .cer, or (3) .asa first extension, followed by a semicolon and a safe extension, as demonstrated by the use of asp.dll to handle a .asp;.jpg file.
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
MediaWiki PandocUpload Extension Remote Code Execution Vulnerability
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access another machine using the original user privileges. The issue has been addressed by changing how NTLM validates network authentication messages.
Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
Azure Service Connector Security Feature Bypass Vulnerability
Microsoft SharePoint Server Spoofing Vulnerability
The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy() operate by "FanTicket" field. It is because of stored data without validation of length.
Windows Kerberos Elevation of Privilege Vulnerability
Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network.
Azure DevOps Server Remote Code Execution Vulnerability
Azure DevOps Server Remote Code Execution Vulnerability
Windows Active Directory Certificate Services Security Feature Bypass
Windows DNS Server Remote Code Execution Vulnerability
Windows Group Policy Elevation of Privilege Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
Active Directory Federation Services Elevation of Privilege Vulnerability
Windows WebBrowser Control Remote Code Execution Vulnerability
Microsoft SQL Server Remote Code Execution Vulnerability
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.