Msrc Windows 10 vulnerabilities

CVE-2024-38068 [HIGH] CWE-400 Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability Windows Online Certificate Status Protocol (OCSP): Windows Online Certificate Status Protocol (OCSP) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Referenc

CVE-2024-37972 [HIGH] CWE-121 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited t

CVE-2024-38052 [HIGH] CWE-20 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft Streaming Service: Microsoft Streaming Service Microsoft: Microsoft Customer Action Required: Yes Impact: Eleva

CVE-2024-38025 [HIGH] CWE-122 Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, a victim machine must be running a performance counter collection tool such as Performance Monitor to collect performance counter data from an attacker machine. An attacker with local admin authority on the atta

CVE-2024-37973 [HIGH] CWE-674 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vulnerability. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Se

CVE-2024-38028 [HIGH] CWE-125 Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, a victim machine must be running a performance counter collection tool such as Performance Monitor to collect performance counter data from an attacker machine. An attacker with local admin authority on the atta

CVE-2024-30081 [HIGH] CWE-200 Windows NTLM Spoofing Vulnerability Windows NTLM Spoofing Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. Windows NTLM: Windows NTLM Microsoft: Microsoft Customer Action Required: Yes Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Le

CVE-2024-38104 [HIGH] CWE-822 Windows Fax Service Remote Code Execution Vulnerability Windows Fax Service Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated attacker with normal user privileges that has already compromised a fax server, to which the victim is connected, can exploit this vulnerability to execute arbitrary code on the victim machine. Windows Fax and Scan Service: Windows Fax and Scan Service Microsoft: Microsoft Customer

CVE-2024-37989 [HIGH] CWE-130 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vuln

CVE-2024-38050 [HIGH] CWE-191 Windows Workstation Service Elevation of Privilege Vulnerability Windows Workstation Service Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? If successfully exploited, this vulnerability could case attacker-controlled data on the heap to overwrite critical structures of the service, leading to arbitrary memory write or control flow hijacking, resulting in privilege escalation W

CVE-2024-37974 [HIGH] CWE-191 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vulnerability. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized a

CVE-2024-38064 [HIGH] CWE-908 Windows TCP/IP Information Disclosure Vulnerability Windows TCP/IP Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows TCP/IP: Windows TCP/IP Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Softw

CVE-2024-38022 [HIGH] CWE-59 Windows Image Acquisition Elevation of Privilege Vulnerability Windows Image Acquisition Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploi

CVE-2024-38060 [HIGH] CWE-122 Windows Imaging Component Remote Code Execution Vulnerability Windows Imaging Component Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated attacker could exploit the vulnerability by uploading a malicious TIFF file to a server. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does

CVE-2024-39684 [HIGH] CWE-190 Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could gain high privileges, which inc

CVE-2024-38066 [HIGH] CWE-416 Windows Win32k Elevation of Privilege Vulnerability Windows Win32k Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Win32K - GRFX: Windows Win32K - GRFX Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploite

CVE-2024-37971 [HIGH] CWE-121 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vulnerability. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized a

CVE-2024-38051 [HIGH] CWE-122 Windows Graphics Component Remote Code Execution Vulnerability Windows Graphics Component Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example

CVE-2024-37970 [HIGH] CWE-121 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vulnerability. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized a

CVE-2024-38033 [HIGH] CWE-20 PowerShell Elevation of Privilege Vulnerability PowerShell Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? An authorized attacker with standard user privileges could place a malicious file and then wait for the privileged victim to run the calling command. FAQ: What privileges could be gained by an attacker who successfully