CVE-2023-41763

Vulnerability updated a month ago (2024-11-29T13:43:56.931Z)

Download STIX

Preview STIX

CVE-2023-41763 is a significant software vulnerability, identified as an elevation of privilege flaw, found within Microsoft's Skype for Business. This zero-day vulnerability allows malicious actors to gain unauthorized access and control over affected systems, posing a severe risk to the integrity, confidentiality, and availability of data and services. The vulnerability was actively exploited before its identification, leading to urgent calls for mitigation. Microsoft promptly addressed this issue by releasing patches for CVE-2023-41763 along with two other critical vulnerabilities affecting WordPad (CVE-2023-36563) and a DDoS attack method known as "HTTP/2 Rapid Reset" (CVE-2023-44487). These patches were released on the same day that the Cybersecurity and Infrastructure Security Agency (CISA) added these flaws to the Known Exploited Vulnerabilities (KEV) catalog. This swift response aimed to prevent further exploitation of these vulnerabilities by threat actors. In addition to Microsoft's remediation efforts, it is crucial for organizations and individual users to apply these patches immediately to protect their systems from potential attacks. Continued vigilance in updating software and maintaining robust security protocols will be key in preventing future exploits associated with similar vulnerabilities.

Description last updated: 2024-05-04T16:49:42.526Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
CVE-2023-36563 is a possible alias for CVE-2023-41763. CVE-2023-36563 is a critical information disclosure vulnerability discovered in Microsoft WordPad. The flaw, categorized as a zero-day bug, was one of the twelve vulnerabilities rated as 'Critical' among 104 issues addressed by Microsoft. The vulnerability was exploited actively in the wild, affecti	3
CVE-2023-44487 is a possible alias for CVE-2023-41763. CVE-2023-44487 is a high-severity vulnerability discovered in web servers supporting HTTP/2, which allows threat actors to exploit the 'stream multiplexing' feature. This flaw enables attackers to send repeated requests and cancel them immediately, leading to a 'Rapid Reset' attack causing Denial of	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Skype

Vulnerability

Microsoft

Zero Day

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The Http/2 Rapid Reset Vulnerability is associated with CVE-2023-41763. The HTTP/2 Rapid Reset is a software vulnerability (CVE-2023-44487) that was discovered during testing and later disclosed by Cloudflare. This flaw in the design or implementation of HTTP/2 protocol allows for a type of Distributed Denial-of-Service (DDoS) attack, specifically at layer 7. The vulner	Unspecified	2

Source Document References

Information about the CVE-2023-41763 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Microsoft Patch Tuesday, October 2023 Security Update Review \| Qualys Security Blog
CERT-EU	a year ago	Microsoft Fixes Exploited Zero-Days in WordPad, Skype for Business
CERT-EU	a year ago	CISA Adds Five Known Vulnerabilities to Catalog \| CISA
Krebs on Security	a year ago	Patch Tuesday, October 2023 Edition
CERT-EU	a year ago	November 2023 Patch Tuesday forecast: Year 21 begins - Help Net Security
CERT-EU	a year ago	Apple Released Security Update to Fix Vulnerability Affecting Multiple Apple Products – Global Security Mag Online
CrowdStrike	a year ago	October 2023 Patch Tuesday: Updates and Analysis
Checkpoint	a year ago	16th October – Threat Intelligence Report - Check Point Research
CERT-EU	a year ago	Microsoft’s October 2023 Patch Tuesday Addresses 3 Zero-Days, 104 Vulnerabilities
CERT-EU	a year ago	Microsoft addresses three zero-days for October’s Patch Tuesday
CERT-EU	a year ago	Cyber Security Week in Review: October 13, 2023
CERT-EU	a year ago	Adobe, Cisco IOS, Skype, WordPad, and HTTP/2 Rapid Reset Flaws Actively Exploited
CERT-EU	a year ago	Microsoft’s October security update for multiple high-risk product vulnerabilities
CERT-EU	a year ago	GovCERT.HK - Security Alerts
BankInfoSecurity	a year ago	Microsoft Fixes Three Zero Days
Securityaffairs	a year ago	CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog
CERT-EU	a year ago	October 2023 Patch Tuesday Includes Three Zero-Days Flaws
CERT-EU	a year ago	Microsoft's October Patch Tuesday update resolves three zero-days
CERT-EU	a year ago	Microsoft’s October 2023 Patch Tuesday fixes over 100 flaws, 2 zero-days
CERT-EU	a year ago	CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability