CVE-2024-38256: Windows Kernel-Mode Driver Information Disclosure Vulnerability

CVE-2024-38256 [MEDIUM] CWE-908 GHSA-53qj-7827-7xqp: Windows Kernel-Mode Driver Information Disclosure Vulnerability Windows Kernel-Mode Driver Information Disclosure Vulnerability

CVE-2024-38256 [MEDIUM] CWE-908 Windows Kernel-Mode Driver Information Disclosure Vulnerability Windows Kernel-Mode Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Kernel-Mode Drivers: Windows Kernel-Mode Drivers Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043050 Reference: https://support.microsoft.com/help/5043050 Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043064 Reference: https://support.microsoft.com/help/5043064 Reference: https://catalog

[HIGH] Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws ## Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws ## Lawrence Abrams 30 Elevation of Privilege Vulnerabilities 4 Security Feature Bypass Vulnerabilities 23 Remote Code Execution Vulnerabilities 11 Information Disclosure Vulnerabilities 8 Denial of Service Vulnerabilities 3 Spoofing Vulnerabilities To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5043076 cumulative update and Windows 10 KB5043064 update . ## Four zero-days disclosed This month's Patch Tuesday fixes three actively exploited, one of which was publicly disclosed, and another that reintroduces old CVEs so is marked as exploited. Microsoft classifies a zero-day flaw as one that is publicly disclosed or actively exploited whil

The September 2024 Security Update Review # The September 2024 Security Update Review Get the September 2023 security update and review. By: Zero Day Initiative 2024/09/10 Read time: ( words) Save to Folio We’ve reached September and the pumpkin spice floats in the air. While they aren’t pumpkin-spiced, Microsoft and Adobe have released their latest spicy security patches – including some zesty 0-days. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for September 2024 For September, Adobe released eight bulletins covering 28 CVEs in Adobe Acrobat and Reader, ColdFusion, Photoshop, Media Encoder, Audition, After Effects, Premier Pro, and Illustrator.

[HIGH] The September 2024 Security Update Review ## The September 2024 Security Update Review Get the September 2023 security update and review. By: Zero Day Initiative 2024/09/10 Read time: ( words) Save to Folio We’ve reached September and the pumpkin spice floats in the air. While they aren’t pumpkin-spiced, Microsoft and Adobe have released their latest spicy security patches – including some zesty 0-days. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here: CVE Title Severity CVSS Public Exploited XI Type CVE-2024-38217 Windows Mark of the Web Security Feature Bypass Vulnerability Important 5.4 Yes Yes 0 SFB CVE-2024-43491 † Microsoft Windows Update Remote