Vulnerability-Lookup

CVE-2023-21725 (GCVE-0-2023-21725)

Vulnerability from cvelistv5 – Published: 2023-01-10 00:00 – Updated: 2025-01-01 00:35

Title

Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability

Summary

Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability

Severity ?

6.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Assigner

microsoft

References

URL

Tags

https://msrc.microsoft.com/update-guide/vulnerabi…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Microsoft	Windows Malicious Software Removal Tool	Affected: 5.0.0 , < 5.109.19957.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21725",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-16T15:18:05.987900Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-16T15:18:12.705Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:51:49.434Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Windows Malicious Software Removal Tool",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "5.109.19957.1",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:windows_malicious_software_removal_tool:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.109.19957.1",
                  "versionStartIncluding": "5.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-01-10T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T00:35:49.484Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725"
        }
      ],
      "title": "Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-21725",
    "datePublished": "2023-01-10T00:00:00",
    "dateReserved": "2022-12-13T00:00:00",
    "dateUpdated": "2025-01-01T00:35:49.484Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725\", \"name\": \"Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T09:51:49.434Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-21725\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-16T15:18:05.987900Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-16T15:18:09.261Z\"}}], \"cna\": {\"title\": \"Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Windows Malicious Software Removal Tool\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.0.0\", \"lessThan\": \"5.109.19957.1\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\", \"32-bit Systems\"]}], \"datePublic\": \"2023-01-10T08:00:00+00:00\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725\", \"name\": \"Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-59\", \"description\": \"CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:windows_malicious_software_removal_tool:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.109.19957.1\", \"versionStartIncluding\": \"5.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2025-01-01T00:35:49.484Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-21725\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-01T00:35:49.484Z\", \"dateReserved\": \"2022-12-13T00:00:00\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2023-01-10T00:00:00\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2023-AVI-0022

Vulnerability from certfr_avis - Published: 2023-01-11 - Updated: 2023-01-11

De multiples vulnérabilités ont été corrigées dans Microsoft Windows. Elles permettent à un attaquant de provoquer un déni de service, une élévation de privilèges, un contournement de la fonctionnalité de sécurité, une atteinte à la confidentialité des données et une exécution de code à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Server 2022
Microsoft	Windows	Windows Server 2012
Microsoft	Windows	Windows 10 pour systèmes x64
Microsoft	Windows	Windows 10 Version 1809 pour systèmes x64
Microsoft	Windows	Windows Server 2019 (Server Core installation)
Microsoft	Windows	Windows Server 2019
Microsoft	Windows	Windows Server 2012 R2
Microsoft	Windows	Windows Malicious Software Removal Tool 32 bits
Microsoft	Windows	Windows Server 2022 (Server Core installation)
Microsoft	Windows	Windows 10 Version 1607 pour systèmes 32 bits
Microsoft	Windows	Windows 10 Version 21H2 pour systèmes ARM64
Microsoft	Windows	Windows Server 2008 pour systèmes x64 Service Pack 2
Microsoft	Windows	Windows 10 Version 1809 pour systèmes ARM64
Microsoft	Windows	Windows 10 Version 1809 pour systèmes 32 bits
Microsoft	Windows	Windows 11 version 21H2 pour systèmes x64
Microsoft	Windows	Windows 10 Version 20H2 pour systèmes x64
Microsoft	Windows	Windows Server 2016 (Server Core installation)
Microsoft	Windows	Windows 10 Version 22H2 pour systèmes x64
Microsoft	Windows	Windows RT 8.1
Microsoft	Windows	Windows 7 pour systèmes x64 Service Pack 1
Microsoft	Windows	Windows 11 version 21H2 pour systèmes ARM64
Microsoft	Windows	Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation)
Microsoft	Windows	Windows 10 Version 20H2 pour systèmes 32 bits
Microsoft	Windows	Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation)
Microsoft	Windows	Windows 10 Version 1607 pour systèmes x64
Microsoft	Windows	Windows Server 2012 (Server Core installation)
Microsoft	Windows	Windows 10 Version 21H2 pour systèmes 32 bits
Microsoft	Windows	Windows 10 Version 21H2 pour systèmes x64
Microsoft	Windows	Windows Server 2008 pour systèmes 32 bits Service Pack 2
Microsoft	Windows	Windows Malicious Software Removal Tool 64 bits
Microsoft	Windows	Windows Server 2008 R2 pour systèmes x64 Service Pack 1
Microsoft	Windows	Windows 10 Version 22H2 pour systèmes 32 bits
Microsoft	Windows	Windows 11 Version 22H2 pour systèmes ARM64
Microsoft	Windows	Windows 8.1 pour systèmes x64
Microsoft	Windows	Windows Server 2016
Microsoft	Windows	Windows 10 Version 20H2 pour systèmes ARM64
Microsoft	Windows	Windows 8.1 pour systèmes 32 bits
Microsoft	Windows	Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation)
Microsoft	Windows	Windows Server 2012 R2 (Server Core installation)
Microsoft	Windows	Windows 10 pour systèmes 32 bits
Microsoft	Windows	Windows 7 pour systèmes 32 bits Service Pack 1
Microsoft	Windows	Windows 10 Version 22H2 pour systèmes ARM64
Microsoft	Windows	Windows 11 Version 22H2 pour systèmes x64

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 10 janvier 2023	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2023-21549 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21753 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21758 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21773 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21560 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21755 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21749 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21765 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21726 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21776 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21728 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21557 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21563 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21680 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21539 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21678 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21681 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21551 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21682 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21766 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21759 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21532 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21558 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21561 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21739 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21675 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21525 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21536 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21750 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21679 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21732 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21535 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21552 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21768 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21730 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21546 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21559 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21772 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21543 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21748 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21527 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21547 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21550 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21754 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21524 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21683 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21747 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21733 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21746 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21724 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21548 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21537 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21677 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21725 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21760 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21767 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21542 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21752 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21674 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21556 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21774 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21540 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21676 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21757 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21541 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21555 du 10 janvier 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-21771 du 10 janvier 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Server 2022",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Malicious Software Removal Tool 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes ARM64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes ARM64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 version 21H2 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 20H2 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows RT 8.1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 7 pour syst\u00e8mes x64 Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 version 21H2 pour syst\u00e8mes ARM64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 20H2 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Malicious Software Removal Tool 64 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 22H2 pour syst\u00e8mes ARM64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 8.1 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 20H2 pour syst\u00e8mes ARM64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 8.1 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 7 pour syst\u00e8mes 32 bits Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes ARM64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 22H2 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-21527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21527"
    },
    {
      "name": "CVE-2023-21525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21525"
    },
    {
      "name": "CVE-2023-21760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21760"
    },
    {
      "name": "CVE-2023-21556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21556"
    },
    {
      "name": "CVE-2023-21724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21724"
    },
    {
      "name": "CVE-2023-21766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21766"
    },
    {
      "name": "CVE-2023-21532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21532"
    },
    {
      "name": "CVE-2023-21563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21563"
    },
    {
      "name": "CVE-2023-21726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21726"
    },
    {
      "name": "CVE-2023-21755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21755"
    },
    {
      "name": "CVE-2023-21678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21678"
    },
    {
      "name": "CVE-2023-21753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21753"
    },
    {
      "name": "CVE-2023-21754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21754"
    },
    {
      "name": "CVE-2023-21550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21550"
    },
    {
      "name": "CVE-2023-21747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21747"
    },
    {
      "name": "CVE-2023-21536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21536"
    },
    {
      "name": "CVE-2023-21730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21730"
    },
    {
      "name": "CVE-2023-21541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21541"
    },
    {
      "name": "CVE-2023-21546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21546"
    },
    {
      "name": "CVE-2023-21535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21535"
    },
    {
      "name": "CVE-2023-21732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21732"
    },
    {
      "name": "CVE-2023-21772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21772"
    },
    {
      "name": "CVE-2023-21774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21774"
    },
    {
      "name": "CVE-2023-21750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21750"
    },
    {
      "name": "CVE-2023-21547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21547"
    },
    {
      "name": "CVE-2023-21746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21746"
    },
    {
      "name": "CVE-2023-21540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21540"
    },
    {
      "name": "CVE-2023-21771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21771"
    },
    {
      "name": "CVE-2023-21767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21767"
    },
    {
      "name": "CVE-2023-21681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21681"
    },
    {
      "name": "CVE-2023-21560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21560"
    },
    {
      "name": "CVE-2023-21776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21776"
    },
    {
      "name": "CVE-2023-21758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21758"
    },
    {
      "name": "CVE-2023-21561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21561"
    },
    {
      "name": "CVE-2023-21759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21759"
    },
    {
      "name": "CVE-2023-21524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21524"
    },
    {
      "name": "CVE-2023-21749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21749"
    },
    {
      "name": "CVE-2023-21548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21548"
    },
    {
      "name": "CVE-2023-21683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21683"
    },
    {
      "name": "CVE-2023-21552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21552"
    },
    {
      "name": "CVE-2023-21677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21677"
    },
    {
      "name": "CVE-2023-21674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21674"
    },
    {
      "name": "CVE-2023-21543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21543"
    },
    {
      "name": "CVE-2023-21675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21675"
    },
    {
      "name": "CVE-2023-21558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21558"
    },
    {
      "name": "CVE-2023-21539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21539"
    },
    {
      "name": "CVE-2023-21768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21768"
    },
    {
      "name": "CVE-2023-21537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21537"
    },
    {
      "name": "CVE-2023-21725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21725"
    },
    {
      "name": "CVE-2023-21680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21680"
    },
    {
      "name": "CVE-2023-21679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21679"
    },
    {
      "name": "CVE-2023-21773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21773"
    },
    {
      "name": "CVE-2023-21752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21752"
    },
    {
      "name": "CVE-2023-21748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21748"
    },
    {
      "name": "CVE-2023-21682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21682"
    },
    {
      "name": "CVE-2023-21739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21739"
    },
    {
      "name": "CVE-2023-21555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21555"
    },
    {
      "name": "CVE-2023-21757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21757"
    },
    {
      "name": "CVE-2023-21542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21542"
    },
    {
      "name": "CVE-2023-21733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21733"
    },
    {
      "name": "CVE-2023-21765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21765"
    },
    {
      "name": "CVE-2023-21728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21728"
    },
    {
      "name": "CVE-2023-21559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21559"
    },
    {
      "name": "CVE-2023-21551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21551"
    },
    {
      "name": "CVE-2023-21549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21549"
    },
    {
      "name": "CVE-2023-21557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21557"
    },
    {
      "name": "CVE-2023-21676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21676"
    }
  ],
  "initial_release_date": "2023-01-11T00:00:00",
  "last_revision_date": "2023-01-11T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21549 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21549"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21753 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21753"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21758 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21758"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21773 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21773"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21560 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21560"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21755 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21755"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21749 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21749"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21765 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21765"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21726 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21726"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21776 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21776"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21728 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21728"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21557 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21557"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21563 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21563"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21680 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21680"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21539 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21539"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21678 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21678"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21681 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21681"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21551 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21551"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21682 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21682"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21766 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21766"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21759 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21759"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21532 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21532"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21558 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21558"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21561 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21561"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21739 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21739"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21675 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21675"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21525 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21525"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21536 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21536"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21750 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21750"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21679 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21679"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21732 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21732"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21535 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21535"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21552 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21552"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21768 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21768"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21730 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21730"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21546 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21546"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21559 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21559"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21772 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21772"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21543 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21543"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21748 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21748"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21527 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21527"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21547 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21547"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21550 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21550"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21754 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21754"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21524 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21524"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21683 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21683"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21747 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21747"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21733 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21733"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21746 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21746"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21724 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21724"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21548 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21548"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21537 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21537"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21677 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21677"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21725 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21760 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21760"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21767 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21767"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21542 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21542"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21752 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21752"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21674 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21674"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21556 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21556"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21774 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21774"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21540 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21540"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21676 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21676"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21757 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21757"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21541 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21541"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21555 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21555"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21771 du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21771"
    }
  ],
  "reference": "CERTFR-2023-AVI-0022",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-01-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Windows\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un d\u00e9ni de service, une \u00e9l\u00e9vation de privil\u00e8ges, un\ncontournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une ex\u00e9cution de code \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 janvier 2023",
      "url": "https://msrc.microsoft.com/update-guide/"
    }
  ]
}

CERTFR-2024-AVI-0151

Vulnerability from certfr_avis - Published: 2024-02-21 - Updated: 2025-01-28

De multiples vulnérabilités ont été découvertes dans Joomla!. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Joomla!	Joomla!	Joomla! CMS versions 5.x antérieures à 5.0.3
Joomla!	Joomla!	Joomla! CMS versions 4.x antérieures à 4.4.3
Joomla!	Joomla!	Joomla! CMS versions antérieures à 3.10.15-elts

References

Title

Publication Time

Tags

Bulletin de sécurité Joomla! 20240202	2024-02-20	vendor-advisory
Bulletin de sécurité Joomla! 20240203	2024-02-20	vendor-advisory
Bulletin de sécurité Joomla! 20240204	2024-02-20	vendor-advisory
Bulletin de sécurité Joomla!	2024-02-20	vendor-advisory
Bulletin de sécurité Joomla! 20240201	2024-02-20	vendor-advisory
Bulletin de sécurité Joomla! 20240205	2024-02-20	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Joomla! CMS versions 5.x ant\u00e9rieures \u00e0 5.0.3",
      "product": {
        "name": "Joomla!",
        "vendor": {
          "name": "Joomla!",
          "scada": false
        }
      }
    },
    {
      "description": "Joomla! CMS versions 4.x ant\u00e9rieures \u00e0 4.4.3",
      "product": {
        "name": "Joomla!",
        "vendor": {
          "name": "Joomla!",
          "scada": false
        }
      }
    },
    {
      "description": "Joomla! CMS versions ant\u00e9rieures \u00e0 3.10.15-elts",
      "product": {
        "name": "Joomla!",
        "vendor": {
          "name": "Joomla!",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-21725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21725"
    },
    {
      "name": "CVE-2023-21724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21724"
    },
    {
      "name": "CVE-2023-21726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21726"
    },
    {
      "name": "CVE-2023-21722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21722"
    },
    {
      "name": "CVE-2023-21725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21725"
    },
    {
      "name": "CVE-2023-21723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21723"
    }
  ],
  "initial_release_date": "2024-02-21T00:00:00",
  "last_revision_date": "2025-01-28T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0151",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-02-21T00:00:00.000000"
    },
    {
      "description": "Ajout de l\u0027identifiant CVE-2024-21725",
      "revision_date": "2025-01-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Joomla!. Elles\npermettent \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9 et une injection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Joomla!",
  "vendor_advisories": [
    {
      "published_at": "2024-02-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Joomla! 20240202",
      "url": "https://developer.joomla.org/security-centre/926-20240202-core-open-redirect-in-installation-application.html"
    },
    {
      "published_at": "2024-02-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Joomla! 20240203",
      "url": "https://developer.joomla.org/security-centre/927-20240203-core-xss-in-media-selection-fields.html"
    },
    {
      "published_at": "2024-02-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Joomla! 20240204",
      "url": "https://developer.joomla.org/security-centre/928-20240204-core-xss-in-mail-address-outputs.html"
    },
    {
      "published_at": "2024-02-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Joomla!",
      "url": "https://www.joomla.org/announcements/release-news/5904-joomla-5-0-3-and-4-4-3-security-and-bug-fix-release.html"
    },
    {
      "published_at": "2024-02-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Joomla! 20240201",
      "url": "https://developer.joomla.org/security-centre/925-20240201-core-insufficient-session-expiration-in-mfa-management-views.html"
    },
    {
      "published_at": "2024-02-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Joomla! 20240205",
      "url": "https://developer.joomla.org/security-centre/929-20240205-core-inadequate-content-filtering-within-the-filter-code.html"
    }
  ]
}

FKIE_CVE-2023-21725

Vulnerability from fkie_nvd - Published: 2023-01-10 22:15 - Updated: 2024-11-21 07:43

Severity ?

6.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

Summary

Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability

References

	URL	Tags
	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725
	af854a3a-2127-422b-91ae-364da2661108	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725

Impacted products

	Vendor	Product	Version
	microsoft	windows_malicious_software_removal_tool	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:windows_malicious_software_removal_tool:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8786B1AE-05E7-4B55-8D9A-63D4D280A18E",
              "versionEndExcluding": "5.109",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad que permite realizar una escalada de privilegios a trav\u00e9s de la herramienta de eliminaci\u00f3n de software malicioso de Windows (MSRT)"
    }
  ],
  "id": "CVE-2023-21725",
  "lastModified": "2024-11-21T07:43:30.890",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.2,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-01-10T22:15:16.997",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2023-18286

Vulnerability from cnvd - Published: 2023-03-17

Title

Microsoft Windows Malicious Software Removal Tool权限提升漏洞

Description

Microsoft Windows是一款由美国微软公司开发的窗口化操作系统。 Microsoft Windows Malicious Software Removal Tool存在权限提升漏洞。攻击者可利用该漏洞提升权限。

Severity

中

Patch Name

Microsoft Windows Malicious Software Removal Tool权限提升漏洞的补丁

Patch Description

Microsoft Windows是一款由美国微软公司开发的窗口化操作系统。 Microsoft Windows Malicious Software Removal Tool存在权限提升漏洞。攻击者可利用该漏洞提升权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21725

Reference

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21725

Impacted products

Name
Microsoft Windows Malicious Software Removal Tool

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-21725",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-21725"
    }
  },
  "description": "Microsoft Windows\u662f\u4e00\u6b3e\u7531\u7f8e\u56fd\u5fae\u8f6f\u516c\u53f8\u5f00\u53d1\u7684\u7a97\u53e3\u5316\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nMicrosoft Windows Malicious Software Removal Tool\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21725",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-18286",
  "openTime": "2023-03-17",
  "patchDescription": "Microsoft Windows\u662f\u4e00\u6b3e\u7531\u7f8e\u56fd\u5fae\u8f6f\u516c\u53f8\u5f00\u53d1\u7684\u7a97\u53e3\u5316\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nMicrosoft Windows Malicious Software Removal Tool\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Windows Malicious Software Removal Tool\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Microsoft Windows Malicious Software Removal Tool"
  },
  "referenceLink": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21725",
  "serverity": "\u4e2d",
  "submitTime": "2023-01-13",
  "title": "Microsoft Windows Malicious Software Removal Tool\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

GSD-2023-21725

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability

Aliases

CVE-2023-21725

Aliases

CVE-2023-21725

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-21725",
    "id": "GSD-2023-21725"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-21725"
      ],
      "details": "Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability",
      "id": "GSD-2023-21725",
      "modified": "2023-12-13T01:20:25.848669Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2023-21725",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Windows Malicious Software Removal Tool",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "5.0.0",
                          "version_value": "5.109.19957.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Elevation of Privilege"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725",
            "refsource": "MISC",
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:windows_malicious_software_removal_tool:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.109",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2023-21725"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-362"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725",
              "refsource": "MISC",
              "tags": [],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.0,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2023-04-27T19:15Z",
      "publishedDate": "2023-01-10T22:15Z"
    }
  }
}

GHSA-V62V-5W8R-W42V

Vulnerability from github – Published: 2023-01-11 00:30 – Updated: 2023-01-11 00:30

Details

Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability.

Severity ?

6.3 (Medium)


                  
                    CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-21725"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-10T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability.",
  "id": "GHSA-v62v-5w8r-w42v",
  "modified": "2023-01-11T00:30:47Z",
  "published": "2023-01-11T00:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21725"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21725"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2023-21725

Vulnerability from fstec - Published: 10.01.2023

Title

Уязвимость средства удаления вредоносных программ Malicious Software Removal Tool (MSRT), связанная с ошибками синхронизации при использовании общего ресурса, позволяющая нарушителю повысить свои привилегии

Description

Уязвимость средства удаления вредоносных программ Malicious Software Removal Tool (MSRT) связана с ошибками синхронизации при использовании общего ресурса. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии

Severity ?


                    
                      AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

Vendor

Microsoft Corp

Software Name

Malicious Software Removal Tool

Software Version

- (Malicious Software Removal Tool)

Possible Mitigations

Использование рекомендаций: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725

Reference

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725 https://nvd.nist.gov/vuln/detail/CVE-2023-21725

CWE

CWE-362

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:H/Au:S/C:N/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Malicious Software Removal Tool)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439: \nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.01.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "18.01.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "18.01.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-00198",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-21725",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Malicious Software Removal Tool",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c Malicious Software Removal Tool (MSRT), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u043e\u0431\u0449\u0435\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043e\u0431\u0449\u0435\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0435\u0439 (\u00ab\u0421\u0438\u0442\u0443\u0430\u0446\u0438\u044f \u0433\u043e\u043d\u043a\u0438\u00bb) (CWE-362)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c Malicious Software Removal Tool (MSRT) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u043e\u0431\u0449\u0435\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u043e\u043a\u0430\u043c\u0438 \u0438 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21725",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-362",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,3)"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-21725 (GCVE-0-2023-21725)

CERTFR-2023-AVI-0022

Solution

CERTFR-2024-AVI-0151

Solution

FKIE_CVE-2023-21725

CNVD-2023-18286

GSD-2023-21725

GHSA-V62V-5W8R-W42V

CVE-2023-21725

Tags

Sightings

Nomenclature