Msrc Windows 10 Version 1607 vulnerabilities

CVE-2024-43554 [MEDIUM] CWE-212 Windows Kernel-Mode Driver Information Disclosure Vulnerability Windows Kernel-Mode Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Windows Kernel-Mode Drivers:

CVE-2024-43570 [MEDIUM] CWE-416 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerabil

CVE-2024-43520 [MEDIUM] CWE-476 Windows Kernel Denial of Service Vulnerability Windows Kernel Denial of Service Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious input file and convince the user to open said input file. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability? A

CVE-2024-37983 [MEDIUM] CWE-822 Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Windows EFI Partition: Windows EFI Partition Microsoft: Microsoft Customer Action Required: Yes Impact: Security

CVE-2024-38240 [HIGH] CWE-125 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Remote Access Connection Manager Elevation of Privilege Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerab

CVE-2024-38238 [HIGH] CWE-122 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Kernel Streaming Service Driver Elevation of Privilege Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affec

CVE-2024-30073 [HIGH] CWE-41 Windows Security Zone Mapping Security Feature Bypass Vulnerability Windows Security Zone Mapping Security Feature Bypass Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect t

CVE-2024-38247 [HIGH] CWE-415 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their ma

CVE-2024-38244 [HIGH] CWE-20 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Kernel Streaming Service Driver Elevation of Privilege Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect

CVE-2024-38119 [HIGH] CWE-416 Windows Network Address Translation (NAT) Remote Code Execution Vulnerability Windows Network Address Translation (NAT) Remote Code Execution Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerab

CVE-2024-38014 [HIGH] CWE-269 Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devi

CVE-2024-38243 [HIGH] CWE-20 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Kernel Streaming Service Driver Elevation of Privilege Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect

CVE-2024-38046 [HIGH] CWE-20 PowerShell Elevation of Privilege Vulnerability PowerShell Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could elevate their user privileges from those of a restrained user to an unrestrained WDAC user. FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed

CVE-2024-38241 [HIGH] CWE-20 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Kernel Streaming Service Driver Elevation of Privilege Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect

CVE-2024-38250 [HIGH] CWE-126 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit

CVE-2024-38242 [HIGH] CWE-122 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Kernel Streaming Service Driver Elevation of Privilege Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affec

CVE-2024-38252 [HIGH] CWE-416 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect

CVE-2024-38257 [HIGH] CWE-908 Microsoft AllJoyn API Information Disclosure Vulnerability Microsoft AllJoyn API Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Windows AllJoyn API: Windows AllJoyn API Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status: Publi

CVE-2024-38245 [HIGH] CWE-20 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Kernel Streaming Service Driver Elevation of Privilege Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect

CVE-2024-38237 [HIGH] CWE-122 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulner