Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2023-36033

Published: 14/11/2023 Updated: 20/11/2023
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Windows Server 2016

Vulnerability Summary

Windows DWM Core Library Elevation of Privilege Vulnerability

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows server 2016 -

microsoft windows server 2019 -

microsoft windows server 2022 -

microsoft windows 10 1809

microsoft windows 10 21h2

microsoft windows 10 22h2

microsoft windows 11 21h2

microsoft windows 11 22h2

microsoft windows 11 23h2

Github Repositories

https://github.com/CraigDonkin/Microsoft-CVE-Lookup

This script looks up CVE numbers you receive from nessus/qualys output and checks them against the Microsoft API to retrieve information such as if there has been exploitation or public details.

Microsoft-CVE-Lookup This script looks up CVE numbers you receive from nessus/qualys output and checks them against the Microsoft API to retrieve information such as if there has been exploitation or public details Help Retrieve information for a CVE from Microsoft API cve_number CVE number to retrieve information for, example CVE-2024-123

Recent Articles

Microsoft fixes Windows zero-day exploited in QakBot malware attacks
BleepingComputer • Sergiu Gatlan • 14 May 2024

Microsoft fixes Windows zero-day exploited in QakBot malware attacks By Sergiu Gatlan May 14, 2024 02:18 PM 0 ​Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems. Tracked as CVE-2024-30051, this privilege escalation bug is caused by a heap-based buffer overflow in the DWM (Desktop Window Manager) core library. Following successful exploitation, attackers can gain SYSTEM privileges. Desktop Window Manager ...

Read more...
Another month, another bunch of fixes for Microsoft security bugs exploited in the wild
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Plus: VMware closes critical hole, Adobe fixes a whopping 76 flaws

Patch Tuesday Heads up: Microsoft's November Patch Tuesday includes fixes for about 60 vulnerabilities – including three that have already been found and abused in the wild. First of that trio is CVE-2023-36033: a Windows Desktop Manager (WDM) Core Library elevation-of-privilege vulnerability. This one, an "important" 7.8-of-10-CVSS-rated bug, is not only listed as exploited by miscreants, the method of exploitation also been publicly disclosed.  "An attacker who successfully exploited th...

Read more...

References

NVD-CWE-noinfohttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36033https://nvd.nist.govhttps://github.com/CraigDonkin/Microsoft-CVE-Lookuphttps://www.theregister.co.uk/2023/11/15/november_2023_patch_tuesday/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook