CVE-2023-28249 – Windows Boot Manager Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-28249
Windows Boot Manager Security Feature Bypass Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28249 • CWE-863: Incorrect Authorization •
CVE-2023-28272 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-28272
Windows Kernel Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28272 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2023-28271 – Windows Kernel Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-28271
Windows Kernel Memory Information Disclosure Vulnerability The Windows Kernel suffers from a disclosure of kernel pointers and uninitialized memory through registry KTM transaction log files. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28271 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-28248 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-28248
Windows Kernel Elevation of Privilege Vulnerability In Windows Registry, security descriptors are shared by multiple keys, and thus reference counted via the _CM_KEY_SECURITY.ReferenceCount field. It is critical for system security that the kernel correctly keeps track of the references, so that the sum of the ReferenceCount fields is equal to the number of keys in the hive at all times (with small exceptions for things like transacted and not yet committed operations etc.). If the ReferenceCount of any descriptor drops below the true number of its active references, it may result in a use-after-free condition and memory corruption. Similarly, if the field becomes inadequately large, it may be possible to overflow it and also trigger a use-after-free. A bug of the latter type is described in this report. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28248 • CWE-190: Integer Overflow or Wraparound •
CVE-2023-28269 – Windows Boot Manager Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-28269
Windows Boot Manager Security Feature Bypass Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28269 • CWE-122: Heap-based Buffer Overflow •