Msrc Windows 11 Version 21H2 vulnerabilities

CVE-2024-30087 [HIGH] CWE-20 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? The attacker would gain the rights of the user that is running the affected application. Windows Win32K - GRFX: Windows Win32K - GRFX Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Softw

CVE-2024-30086 [HIGH] CWE-416 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Win32 Kernel Subsystem: Windows Win32 Kernel Subsystem Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privile

CVE-2024-30093 [HIGH] CWE-59 Windows Storage Elevation of Privilege Vulnerability Windows Storage Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metrics, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? An authenticated atta

CVE-2024-30095 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attac

CVE-2024-30094 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attac

CVE-2024-30077 [HIGH] CWE-122 Windows OLE Remote Code Execution Vulnerability Windows OLE Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution

CVE-2024-30099 [HIGH] CWE-367 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an at

CVE-2024-30078 [HIGH] CWE-20 Windows Wi-Fi Driver Remote Code Execution Vulnerability Windows Wi-Fi Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. FAQ: How could an attacker exploit the vulnerability? An unauthenticated attacker could send a malicio

CVE-2024-30082 [HIGH] CWE-416 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Win32K - GRFX: Windows Win32K - GRFX Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Soft

CVE-2024-30091 [HIGH] CWE-122 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Win32K - GRFX: Windows Win32K - GRFX Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Soft

CVE-2024-30097 [HIGH] CWE-415 Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. FAQ: How could an attacker exploit this vulnerabilit

CVE-2024-30090 [HIGH] CWE-822 Microsoft Streaming Service Elevation of Privilege Vulnerability Microsoft Streaming Service Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vu

CVE-2024-30066 [MEDIUM] CWE-122 Winlogon Elevation of Privilege Vulnerability Winlogon Elevation of Privilege Vulnerability FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of integrity (I:H). What does that mean for this vulnerability? An authenticated attacker could replace valid file content with specially crafted file content. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attack

CVE-2024-30067 [MEDIUM] CWE-190 Winlogon Elevation of Privilege Vulnerability Winlogon Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of integrity (I:H). What does that mean for this vulnerability?

CVE-2024-30069 [MEDIUM] CWE-126 Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Remote Access Connection Manager Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successfu

CVE-2024-30065 [MEDIUM] CWE-59 Windows Themes Denial of Service Vulnerability Windows Themes Denial of Service Vulnerability Windows Themes: Windows Themes Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039217 Reference: https://support.microsoft.com/help/5039217 Reference: https://catalo

CVE-2024-30063 [MEDIUM] CWE-641 Windows Distributed File System (DFS) Remote Code Execution Vulnerability Windows Distributed File System (DFS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? This vulnerability could be triggered when a user connects a Windows client to a malicious server. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vuln

CVE-2024-30006 [HIGH] CWE-416 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to e

CVE-2024-30049 [HIGH] CWE-416 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Win32K - ICOMP: Windows Win32K - ICOMP Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Stat

CVE-2024-30009 [HIGH] CWE-197 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on th