Frontline.Cloud will include the Microsoft Patch Tuesday checks in the NIRV 4.32.0 and Frontline Agent 2.2 releases.

  • Microsoft addressed 33 vulnerabilities in this release, including 4 rated as Critical and 8 Remote Code Execution vulnerabilities.
CVE/AdvisoryTitleTagMicrosoft Severity RatingBase ScoreMicrosoft ImpactExploitedPublicly Disclosed
CVE-2023-36696Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityWindows Cloud Files Mini Filter DriverImportant7.8Elevation of PrivilegeNoNo
CVE-2023-36391Local Security Authority Subsystem Service Elevation of Privilege VulnerabilityWindows Local Security Authority Subsystem Service (LSASS)Important7.8Elevation of PrivilegeNoNo
CVE-2023-36020Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityMicrosoft DynamicsImportant7.6SpoofingNoNo
CVE-2023-36009Microsoft Word Information Disclosure VulnerabilityMicrosoft Office WordImportant5.5Information DisclosureNoNo
CVE-2023-36011Win32k Elevation of Privilege VulnerabilityWindows Win32KImportant7.8Elevation of PrivilegeNoNo
CVE-2023-35625Azure Machine Learning Compute Instance for SDK Users Information Disclosure VulnerabilityAzure Machine LearningImportant4.7Information DisclosureNoNo
CVE-2023-21740Windows Media Remote Code Execution VulnerabilityWindows MediaImportant7.8Remote Code ExecutionNoNo
CVE-2023-36019Microsoft Power Platform Connector Spoofing VulnerabilityMicrosoft Power Platform ConnectorCritical9.6SpoofingNoNo
CVE-2023-36010Microsoft Defender Denial of Service VulnerabilityWindows DefenderImportant7.5Denial of ServiceNoNo
CVE-2023-36012DHCP Server Service Information Disclosure VulnerabilityWindows DHCP ServerImportant5.3Information DisclosureNoNo
CVE-2023-36003XAML Diagnostics Elevation of Privilege VulnerabilityXAML DiagnosticsImportant6.7Elevation of PrivilegeNoNo
CVE-2023-36004Windows DPAPI (Data Protection Application Programming Interface) Spoofing VulnerabilityWindows DPAPI (Data Protection Application Programming Interface)Important7.5SpoofingNoNo
CVE-2023-36005Windows Telephony Server Elevation of Privilege VulnerabilityWindows Telephony ServerImportant7.5Elevation of PrivilegeNoNo
CVE-2023-36006Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityMicrosoft WDAC OLE DB provider for SQLImportant8.8Remote Code ExecutionNoNo
CVE-2023-35638DHCP Server Service Denial of Service VulnerabilityWindows DHCP ServerImportant7.5Denial of ServiceNoNo
CVE-2023-35639Microsoft ODBC Driver Remote Code Execution VulnerabilityWindows ODBC DriverImportant8.8Remote Code ExecutionNoNo
CVE-2023-35641Internet Connection Sharing (ICS) Remote Code Execution VulnerabilityWindows Internet Connection Sharing (ICS)Critical8.8Remote Code ExecutionNoNo
CVE-2023-35642Internet Connection Sharing (ICS) Denial of Service VulnerabilityWindows Internet Connection Sharing (ICS)Important6.5Denial of ServiceNoNo
CVE-2023-35643DHCP Server Service Information Disclosure VulnerabilityWindows DHCP ServerImportant7.5Information DisclosureNoNo
CVE-2023-35644Windows Sysmain Service Elevation of PrivilegeWindows Kernel-Mode DriversImportant7.8Elevation of PrivilegeNoNo
CVE-2023-35628Windows MSHTML Platform Remote Code Execution VulnerabilityWindows MSHTML PlatformCritical8.1Remote Code ExecutionNoNo
CVE-2023-35629Microsoft USBHUB 3.0 Device Driver Remote Code Execution VulnerabilityWindows USB Mass Storage Class DriverImportant6.8Remote Code ExecutionNoNo
CVE-2023-35630Internet Connection Sharing (ICS) Remote Code Execution VulnerabilityWindows Internet Connection Sharing (ICS)Critical8.8Remote Code ExecutionNoNo
CVE-2023-35631Win32k Elevation of Privilege VulnerabilityWindows Win32KImportant7.8Elevation of PrivilegeNoNo
CVE-2023-35632Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityWindows Internet Connection Sharing (ICS)Important7.8Elevation of PrivilegeNoNo
CVE-2023-35633Windows Kernel Elevation of Privilege VulnerabilityWindows KernelImportant7.8Elevation of PrivilegeNoNo
CVE-2023-35634Windows Bluetooth Driver Remote Code Execution VulnerabilityMicrosoft Bluetooth DriverImportant8Remote Code ExecutionNoNo
CVE-2023-35635Windows Kernel Denial of Service VulnerabilityWindows KernelImportant5.5Denial of ServiceNoNo
CVE-2023-35636Microsoft Outlook Information Disclosure VulnerabilityMicrosoft Office OutlookImportant6.5Information DisclosureNoNo
CVE-2023-35619Microsoft Outlook for Mac Spoofing VulnerabilityMicrosoft Office OutlookImportant5.3SpoofingNoNo
CVE-2023-35621Microsoft Dynamics 365 Finance and Operations Denial of Service VulnerabilityMicrosoft DynamicsImportant7.5Denial of ServiceNoNo
CVE-2023-35622Windows DNS Spoofing VulnerabilityMicrosoft Windows DNSImportant7.5SpoofingNoNo
CVE-2023-35624Azure Connected Machine Agent Elevation of Privilege VulnerabilityAzure Connected Machine AgentImportant7.3Elevation of PrivilegeNoNo
        

Quickly Find and Fix Your Most At-Risk Weaknesses

Watch this demo to see how Frontline VM can help.

Watch now

Mieng Lim

Vice President, Product Management
View Profile