Msrc Windows 11 Version 21H2 vulnerabilities

CVE-2024-20669 [MEDIUM] CWE-693 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploite

CVE-2024-20665 [MEDIUM] CWE-693 BitLocker Security Feature Bypass Vulnerability BitLocker Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited th

CVE-2024-26217 [MEDIUM] CWE-125 Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Remote Access Connection Manager Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Remote Access Connection Manager: Windows Remote Access Connection Manager Microsoft: Microsoft Customer Action Requ

CVE-2024-28922 [MEDIUM] CWE-284 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Are there additional steps I need to take to be protected from this vulnerability? All customers should apply the April 9, 2024 Windows security updates. These security updates

CVE-2024-28903 [MEDIUM] CWE-693 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Are there additional steps I need to take to be protected from this vulnerability? All customers should apply the April 9, 2024 Windows security updates. These security updates

CVE-2024-28901 [MEDIUM] CWE-126 Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Remote Access Connection Manager Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Remote Access Connection Manager: Windows Remote Access Connection Manager Microsoft: Microsoft Customer Action Requ

CVE-2024-26250 [MEDIUM] CWE-693 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Are there additional steps I need to take to be protected from this vulnerability? All customers should apply the April 9, 2024 Windows security updates. These security updates

CVE-2024-28921 [MEDIUM] CWE-693 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Are there additional steps I need to take to be protected from this vulnerability? All customers should apply the April 9, 2024 Windows security updates. These security updates

CVE-2024-26171 [MEDIUM] CWE-190 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Are there additional steps I need to take to be protected from this vulnerability? All customers should apply the April 9, 2024 Windows security updates. These security updates

CVE-2024-28900 [MEDIUM] CWE-126 Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Remote Access Connection Manager Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Remote Access Connection Manager: Windows Remote Access Connection Manager Microsoft: Microsoft Customer Action Requ

CVE-2024-28897 [MEDIUM] CWE-20 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An authenticated attacker could exploit this vulnerability with LAN access. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Sec

CVE-2024-26209 [MEDIUM] CWE-908 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Windows Local Security Authority Subsystem Service (LSASS): Windows Local Security A

CVE-2024-28924 [MEDIUM] CWE-121 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploite

CVE-2024-28902 [MEDIUM] CWE-126 Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Remote Access Connection Manager Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Remote Access Connection Manager: Windows Remote Access Connection Manager Microsoft: Microsoft Customer Action Requ

CVE-2024-28898 [MEDIUM] CWE-121 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An authenticated attacker could exploit this vulnerability with LAN access. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized a

CVE-2024-26178 [HIGH] CWE-122 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest So

CVE-2024-21437 [HIGH] CWE-416 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit

CVE-2024-21441 [HIGH] CWE-190 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using th

CVE-2024-21450 [HIGH] CWE-190 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using th

CVE-2024-21440 [HIGH] CWE-197 Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is