CVE-2024-37968 — Insufficient Verification of Data Authenticity in Microsoft Windows Server 2008 R2 Service Pack 1

CWE-345 — Insufficient Verification of Data Authenticity5 documents4 sources

Severity

7.5HIGHCNA

No vector

EPSS

8.1%

top 7.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

16

Microsoft Windows Server 2008 R2 Service Pack 1 Microsoft Windows Server 2008 Service Pack 2 Microsoft Windows Server 2012 +13 more

Timeline

PublishedAug 13

Description

Windows DNS Spoofing Vulnerability Windows DNS Spoofing Vulnerability

Affected Packages16 packages

▶CVEListV5microsoft/windows_server_20126.2.9200.0 — 6.2.9200.25031

▶CVEListV5microsoft/windows_server_201610.0.14393.0 — 10.0.14393.7259

▶CVEListV5microsoft/windows_server_201910.0.17763.0 — 10.0.17763.6189

▶CVEListV5microsoft/windows_server_202210.0.20348.0 — 10.0.20348.2655

▶CVEListV5microsoft/windows_server_2012_r26.3.9600.0 — 6.3.9600.22134

🔴Vulnerability Details

1

CVEList

Windows DNS Spoofing Vulnerability↗2024-08-13

▶

📋Vendor Advisories

1

Microsoft

Windows DNS Spoofing Vulnerability↗2024-08-13

▶

🕵️Threat Intelligence

3

Trendmicro

The August 2024 Security Update Review↗2024-08-13

▶

Bleepingcomputer

Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited↗2024-08-13

▶

Trendmicro

The August 2024 Security Update Review↗2024-08-13

▶

CVE-2024-37968 — Microsoft vulnerability | cvebase