Msrc Windows 10 vulnerabilities

CVE-2024-43560 [HIGH] CWE-122 Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Storage Port Driver: Windows Storage Port Driver Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of

CVE-2024-43562 [HIGH] CWE-125 Windows Network Address Translation (NAT) Denial of Service Vulnerability Windows Network Address Translation (NAT) Denial of Service Vulnerability Windows Network Address Translation (NAT): Windows Network Address Translation (NAT) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/sit

CVE-2024-43583 [HIGH] CWE-250 Winlogon Elevation of Privilege Vulnerability Winlogon Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: Are there any further actions I need to take to be protected from this vulnerability? Yes. To address this vulnerability, ensure that a Microsoft first-party Input Method Editor (IME)

CVE-2024-43514 [HIGH] CWE-415 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows NTFS: Windows NTFS Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publ

CVE-2024-43572 [HIGH] CWE-707 Microsoft Management Console Remote Code Execution Vulnerability Microsoft Management Console Remote Code Execution Vulnerability FAQ: What does the security update provide to mitigate the risks associated with this vulnerability? The security update will prevent untrusted Microsoft Saved Console (MSC) files from being opened to protect customers against the risks associated with this vulnerability. FAQ: According to the CVSS metric, the attack vector is local (AV

CVE-2024-38149 [HIGH] CWE-400 BranchCache Denial of Service Vulnerability BranchCache Denial of Service Vulnerability BranchCache: BranchCache Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5044277 Reference: https://support.microsoft.com/help/5044277 Reference: https://catalog.update.micr

CVE-2024-43563 [HIGH] CWE-591 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Ancillary Function Driver for WinSock: Windows Ancillary Function Driver for WinSock Microsoft: Microsoft

CVE-2024-43532 [HIGH] CWE-636 Remote Registry Service Elevation of Privilege Vulnerability Remote Registry Service Elevation of Privilege Vulnerability FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker could execute a specially crafted malicious script which executes an RPC call to an RPC host. This could result in elevation of privilege on the server. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerabilit

CVE-2024-43556 [HIGH] CWE-416 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit

CVE-2024-43501 [HIGH] CWE-59 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Common Log File System Driver: Windows Common Log File System Driver Microsoft: Microsoft Customer Action Required: Yes I

CVE-2024-43519 [HIGH] CWE-197 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using th

CVE-2024-43515 [HIGH] CWE-400 Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability Internet Small Computer Systems Interface (iSCSI): Internet Small Computer Systems Interface (iSCSI) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference: https://cat

CVE-2024-43534 [MEDIUM] CWE-125 Windows Graphics Component Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malic

CVE-2024-37982 [MEDIUM] CWE-822 Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Windows EFI Partition: Windows EFI Partition Microsoft: Microsoft Customer Action Required: Yes Impact: Security

CVE-2024-43573 [MEDIUM] CWE-79 Windows MSHTML Platform Spoofing Vulnerability Windows MSHTML Platform Spoofing Vulnerability FAQ: The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows except Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012. Why are IE Cumulative updates listed for Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Micr

CVE-2024-43513 [MEDIUM] CWE-693 BitLocker Security Feature Bypass Vulnerability BitLocker Security Feature Bypass Vulnerability FAQ: Is there a prerequisite for installing the security update? Yes. For Windows Server 2012 R2 only, to apply this update, you must have KB2919355 installed. FAQ: Are there additional steps that I need to take to be protected from this vulnerability? Depending on the version of Windows you are running, you might need to take additional steps to update Windows Recove

CVE-2024-43547 [MEDIUM] CWE-325 Windows Kerberos Information Disclosure Vulnerability Windows Kerberos Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process. FAQ: According to the CVSS metric, the attack complexity is high (AC:H

CVE-2024-37976 [MEDIUM] CWE-190 Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Windows EFI Partition: Windows EFI Partition Microsoft: Microsoft Customer Action Required: Yes Impact: Security

CVE-2024-43554 [MEDIUM] CWE-212 Windows Kernel-Mode Driver Information Disclosure Vulnerability Windows Kernel-Mode Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Windows Kernel-Mode Drivers:

CVE-2024-43570 [MEDIUM] CWE-416 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerabil