CVE-2023-35360 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-35360
Windows Kernel Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35360 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-591: Sensitive Data Storage in Improperly Locked Memory •
CVE-2023-35358 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-35358
Windows Kernel Elevation of Privilege Vulnerability The Microsoft Windows Kernel may reference rolled-back transacted keys through differencing hives. • http://packetstormsecurity.com/files/174117/Microsoft-Windows-Kernel-Unsafe-Reference.html https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35358 • CWE-125: Out-of-bounds Read •
CVE-2023-35357 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-35357
Windows Kernel Elevation of Privilege Vulnerability The Microsoft Windows Kernel may reference unbacked layered keys through registry virtualization. • http://packetstormsecurity.com/files/174116/Microsoft-Windows-Kernel-Unsafe-Reference.html https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35357 • CWE-125: Out-of-bounds Read •
CVE-2023-35356 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-35356
Windows Kernel Elevation of Privilege Vulnerability The Microsoft Windows Kernel CmDeleteLayeredKey may delete predefined tombstone keys, leading to security descriptor use-after-free. • http://packetstormsecurity.com/files/174115/Microsoft-Windows-Kernel-Arbitrary-Read.html http://packetstormsecurity.com/files/174118/Microsoft-Windows-Kernel-Security-Descriptor-Use-After-Free.html http://packetstormsecurity.com/files/176451/Microsoft-Windows-Registry-Predefined-Keys-Privilege-Escalation.html https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35356 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2023-35353 – Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-35353
Connected User Experiences and Telemetry Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35353 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •