Skip to main content

Hitachi
Contact UsContact Us

September 21, 2023
Hitachi, Ltd. IT Platform Products Management Division

Hitachi Disk Array Systems have the following vulnerability.

Security Information ID

Hitachi-sec-2023-307

Vulnerability description

ADV230001
Guidance on Microsoft Signed Drivers Being Used Maliciously
ADV230002
Microsoft Guidance for Addressing Security Feature Bypass in Trend Micro EFI Modules
CVE-2023-21526
Windows Net logon Information Disclosure Vulnerability
CVE-2023-21756
Windows Win32k Elevation of Privilege Vulnerability
CVE-2023-32034
Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-32035
Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-32037
Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability
CVE-2023-32038
Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2023-32039
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-32040
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-32041
Windows Update Orchestrator Service Information Disclosure Vulnerability
CVE-2023-32042
OLE Automation Information Disclosure Vulnerability
CVE-2023-32043
Windows Remote Desktop Security Feature Bypass Vulnerability
CVE-2023-32044
Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-32045
Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-32046
Windows MSHTML Platform Elevation of Privilege Vulnerability
CVE-2023-32049
Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-32051
Raw Image Extension Remote Code Execution Vulnerability
CVE-2023-32053
Windows Installer Elevation of Privilege Vulnerability
CVE-2023-32054
Volume Shadow Copy Elevation of Privilege Vulnerability
CVE-2023-32055
Active Template Library Elevation of Privilege Vulnerability
CVE-2023-32056
Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
CVE-2023-32057
Microsoft Message Queuing Remote Code Execution Vulnerability
CVE-2023-32084
HTTP.sys Denial of Service Vulnerability
CVE-2023-32085
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-33154
Windows Partition Management Driver Elevation of Privilege Vulnerability
CVE-2023-33155
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2023-33164
Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33166
Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33167
Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33168
Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33169
Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33172
Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33173
Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33174
Windows Cryptographic Information Disclosure Vulnerability
CVE-2023-35296
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-35297
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2023-35299
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-35300
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2023-35302
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-35303
USB Audio Class System Driver Remote Code Execution Vulnerability
CVE-2023-35304
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35305
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35306
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-35308
Windows MSHTML Platform Security Feature Bypass Vulnerability
CVE-2023-35309
Microsoft Message Queuing Remote Code Execution Vulnerability
CVE-2023-35312
Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability
CVE-2023-35313
Windows Online Certificate Status Protocol (OCSP) Snap In Remote Code Execution Vulnerability
CVE-2023-35314
Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-35315
Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability
CVE-2023-35316
Remote Procedure Call Runtime Information Disclosure Vulnerability
CVE-2023-35318
Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-35319
Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-35320
Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
CVE-2023-35324
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-35325
Windows Print Spooler Information Disclosure Vulnerability
CVE-2023-35326
Windows CDP User Components Information Disclosure Vulnerability
CVE-2023-35328
Windows Transaction Manager Elevation of Privilege Vulnerability
CVE-2023-35329
Windows Authentication Denial of Service Vulnerability
CVE-2023-35330
Windows Extended Negotiation Denial of Service Vulnerability
CVE-2023-35332
Windows Remote Desktop Protocol Security Feature Bypass
CVE-2023-35336
Windows MSHTML Platform Security Feature Bypass Vulnerability
CVE-2023-35337
Win32k Elevation of Privilege Vulnerability
CVE-2023-35338
Windows Peer Name Resolution Protocol Denial of Service Vulnerability
CVE-2023-35339
Windows CryptoAPI Denial of Service Vulnerability
CVE-2023-35340
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
CVE-2023-35341
Microsoft DirectMusic Information Disclosure Vulnerability
CVE-2023-35342
Windows Image Acquisition Elevation of Privilege Vulnerability
CVE-2023-35343
Windows Geolocation Service Remote Code Execution Vulnerability
CVE-2023-35347
Microsoft Install Service Elevation of Privilege Vulnerability
CVE-2023-35353
Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
CVE-2023-35356
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35357
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35358
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35360
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35361
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35362
Windows Clip Service Elevation of Privilege Vulnerability
CVE-2023-35363
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35364
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35365
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2023-35366
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2023-35367
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2023-36871
Azure Active Directory Security Feature Bypass Vulnerability
CVE-2023-36874
Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2023-36884
Office and Windows HTML Remote Code Execution Vulnerability

Affected products

The following table shows the affected products.

[Windows 10 for x64-based Systems (Version1809)]

Product
Name
Hitachi Virtual Storage Platform 5200, 5600, 5200H, 5600H
Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H
Vulnerability
ID
ADV230001, ADV230002, CVE-2023-21526, CVE-2023-21756,
CVE-2023-32034, CVE-2023-32035, CVE-2023-32037, CVE-2023-32038,
CVE-2023-32039, CVE-2023-32040, CVE-2023-32041, CVE-2023-32042,
CVE-2023-32043, CVE-2023-32044, CVE-2023-32045, CVE-2023-32046,
CVE-2023-32049, CVE-2023-32053, CVE-2023-32054, CVE-2023-32055,
CVE-2023-32056, CVE-2023-32057, CVE-2023-32084, CVE-2023-32085,
CVE-2023-33154, CVE-2023-33155, CVE-2023-33164, CVE-2023-33166,
CVE-2023-33167, CVE-2023-33168, CVE-2023-33169, CVE-2023-33172,
CVE-2023-33173, CVE-2023-33174, CVE-2023-35296, CVE-2023-35297,
CVE-2023-35299, CVE-2023-35300, CVE-2023-35302, CVE-2023-35303,
CVE-2023-35304, CVE-2023-35305, CVE-2023-35306, CVE-2023-35308,
CVE-2023-35309, CVE-2023-35312, CVE-2023-35313, CVE-2023-35314,
CVE-2023-35315, CVE-2023-35316, CVE-2023-35318, CVE-2023-35319,
CVE-2023-35320, CVE-2023-35324, CVE-2023-35325, CVE-2023-35326,
CVE-2023-35328, CVE-2023-35329, CVE-2023-35330, CVE-2023-35332,
CVE-2023-35336, CVE-2023-35338, CVE-2023-35339, CVE-2023-35340,
CVE-2023-35341, CVE-2023-35342, CVE-2023-35343, CVE-2023-35353,
CVE-2023-35356, CVE-2023-35357, CVE-2023-35358, CVE-2023-35360,
CVE-2023-35361, CVE-2023-35362, CVE-2023-35363, CVE-2023-35364,
CVE-2023-35365, CVE-2023-35366, CVE-2023-35367, CVE-2023-36871,
CVE-2023-36874

[Windows 10 for x64-based Systems (Version21H2)]

Product
Name
Hitachi Virtual Storage Platform 5200, 5600, 5200H, 5600H
Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H
Vulnerability
ID
ADV230001, ADV230002, CVE-2023-21526, CVE-2023-21756,
CVE-2023-32034, CVE-2023-32035, CVE-2023-32037, CVE-2023-32038,
CVE-2023-32039, CVE-2023-32040, CVE-2023-32041, CVE-2023-32042,
CVE-2023-32043, CVE-2023-32044, CVE-2023-32045, CVE-2023-32046,
CVE-2023-32049, CVE-2023-32053, CVE-2023-32054, CVE-2023-32055,
CVE-2023-32056, CVE-2023-32057, CVE-2023-32085, CVE-2023-33154,
CVE-2023-33155, CVE-2023-33164, CVE-2023-33166, CVE-2023-33167,
CVE-2023-33168, CVE-2023-33169, CVE-2023-33172, CVE-2023-33173,
CVE-2023-33174, CVE-2023-35296, CVE-2023-35297, CVE-2023-35299,
CVE-2023-35300, CVE-2023-35302, CVE-2023-35303, CVE-2023-35304,
CVE-2023-35305, CVE-2023-35306, CVE-2023-35308, CVE-2023-35309,
CVE-2023-35312, CVE-2023-35313, CVE-2023-35314, CVE-2023-35315,
CVE-2023-35316, CVE-2023-35318, CVE-2023-35319, CVE-2023-35320,
CVE-2023-35324, CVE-2023-35325, CVE-2023-35326, CVE-2023-35328,
CVE-2023-35329, CVE-2023-35330, CVE-2023-35332, CVE-2023-35336,
CVE-2023-35337, CVE-2023-35338, CVE-2023-35339, CVE-2023-35340,
CVE-2023-35341, CVE-2023-35342, CVE-2023-35343, CVE-2023-35347,
CVE-2023-35353, CVE-2023-35356, CVE-2023-35357, CVE-2023-35358,
CVE-2023-35360, CVE-2023-35361, CVE-2023-35362, CVE-2023-35363,
CVE-2023-35364, CVE-2023-35365, CVE-2023-35366, CVE-2023-35367,
CVE-2023-36871, CVE-2023-36874
Product
Name
Hitachi Virtual Storage Platform G1000, G1500
Hitachi Virtual Storage Platform F1500
Hitachi Virtual Storage Platform VX7
Vulnerability
ID
ADV230001, ADV230002, CVE-2023-21526, CVE-2023-21756,
CVE-2023-32034, CVE-2023-32035, CVE-2023-32038, CVE-2023-32039,
CVE-2023-32040, CVE-2023-32042, CVE-2023-32043, CVE-2023-32044,
CVE-2023-32045, CVE-2023-32046, CVE-2023-32053, CVE-2023-32054,
CVE-2023-32055, CVE-2023-32057, CVE-2023-32085, CVE-2023-33154,
CVE-2023-33164, CVE-2023-33166, CVE-2023-33167, CVE-2023-33168,
CVE-2023-33169, CVE-2023-33172, CVE-2023-33173, CVE-2023-33174,
CVE-2023-35296, CVE-2023-35297, CVE-2023-35299, CVE-2023-35300,
CVE-2023-35302, CVE-2023-35303, CVE-2023-35306, CVE-2023-35308,
CVE-2023-35309, CVE-2023-35312, CVE-2023-35313, CVE-2023-35314,
CVE-2023-35316, CVE-2023-35318, CVE-2023-35319, CVE-2023-35324,
CVE-2023-35325, CVE-2023-35328, CVE-2023-35329, CVE-2023-35330,
CVE-2023-35332, CVE-2023-35336, CVE-2023-35338, CVE-2023-35339,
CVE-2023-35340, CVE-2023-35341, CVE-2023-35342, CVE-2023-35360,
CVE-2023-35361, CVE-2023-35362, CVE-2023-35365, CVE-2023-35366,
CVE-2023-35367, CVE-2023-36871, CVE-2023-36874

The following products are not affected by the vulnerabilities:

  • Hitachi Virtual Storage Platform E590, E790, E990, E1090, E590H, E790H, E1090H
  • Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900
  • Hitachi Virtual Storage Platform F350, F370, F700, F900
  • Hitachi Virtual Storage Platform G100, G200, G400, G600, G800
  • Hitachi Virtual Storage Platform F400, F600, F800
  • Hitachi Virtual Storage Platform N400, N600, N800
  • Hitachi Universal Storage Platform V
  • Hitachi Universal Storage Platform VM
  • Hitachi Unified Storage 100
  • Hitachi Adaptable Modular Storage
  • Hitachi Workgroup Modular Storage
  • Hitachi Simple Modular Storage
  • Hitachi Virtual Storage Platform
  • Hitachi Virtual Storage Platform VP9500

Action to be taken

Software update.
Please contact your authorized service representative for details on any corrective actions such as software updates and the schedule for their release.

References

Please refer to the Security Update Guide (Microsoft) about the vulnerabilities.

Revision history

  • September 21, 2023: This security information page is published.
  • Hitachi, Ltd. (hereinafter referred to as "Hitachi") tries to provide accurate information about security countermeasures. However, since information about security problems constantly changes, the contents of these Web pages are subject to change without prior notice. When referencing information, please confirm that you are referencing the latest information.
  • The Web pages include information about products that are developed by non-Hitachi software developers. Vulnerability information about those products is based on the information provided or disclosed by those developers. Although Hitachi is careful about the accuracy and completeness of this information, the contents of the Web pages may change depending on the changes made by the developers.
  • The Web pages are intended to provide vulnerability information only, and Hitachi shall not have any legal responsibility for the information contained in them. Hitachi shall not be liable for any consequences arising out of or in connection with the security countermeasures or other actions that you will take or have taken (or not taken) by yourself.
  • The links to other web sites are valid at the time of the release of the page. Although Hitachi makes an effort to maintain the links, Hitachi cannot guarantee their permanent availability.