Msrc Windows 11 Version 21H2 vulnerabilities

CVE-2024-38127 [HIGH] CWE-126 Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices

CVE-2024-38142 [HIGH] CWE-122 Windows Secure Kernel Mode Elevation of Privilege Vulnerability Windows Secure Kernel Mode Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The

CVE-2024-38106 [HIGH] CWE-591 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerabilit

CVE-2024-38107 [HIGH] CWE-416 Windows Power Dependency Coordinator Elevation of Privilege Vulnerability Windows Power Dependency Coordinator Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Securit

CVE-2024-38153 [HIGH] CWE-367 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices th

CVE-2024-38133 [HIGH] CWE-138 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could r

CVE-2024-38117 [HIGH] CWE-125 NTFS Elevation of Privilege Vulnerability NTFS Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, privileges required is Low (PR:L). What does that mean for this vulnerability? To exploit this vulnerability an attacker must have an account with the User role a

CVE-2024-38144 [HIGH] CWE-190 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in t

CVE-2024-38131 [HIGH] CWE-591 Clipboard Virtual Channel Extension Remote Code Execution Vulnerability Clipboard Virtual Channel Extension Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. FAQ: According to the CVSS metric, the

CVE-2024-38191 [HIGH] CWE-362 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Kernel Streaming Service Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel-Mode Drivers: Windows Kernel-Mode Drivers Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege

CVE-2024-38215 [HIGH] CWE-190 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Cloud Files Mini Filter Driver: Windows Cloud Files Mini Filter Driver Microsoft: Microsoft Customer Action Required: Y

CVE-2024-38130 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and th

CVE-2024-38186 [HIGH] CWE-367 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Windows Kernel-Mode Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel-Mode Drivers: Windows Kernel-Mode Drivers Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit St

CVE-2024-38180 [HIGH] CWE-693 Windows SmartScreen Security Feature Bypass Vulnerability Windows SmartScreen Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? A user needs to be tricked into running malicious files. FAQ: How could an attacker exploit this vulnerability? To exploit this security feature bypass vulnerability, an attacker would need to convince a user to launch malicious files u

CVE-2024-38193 [HIGH] CWE-416 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows lis

CVE-2024-38136 [HIGH] CWE-416 Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerabili

CVE-2024-38185 [HIGH] CWE-822 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Windows Kernel-Mode Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel-Mode Drivers: Windows Kernel-Mode Drivers Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit St

CVE-2024-38141 [HIGH] CWE-416 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows lis

CVE-2024-38132 [HIGH] CWE-125 Windows Network Address Translation (NAT) Denial of Service Vulnerability Windows Network Address Translation (NAT) Denial of Service Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities

CVE-2024-38178 [HIGH] CWE-843 Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an authenticated client to click a link so that an unauthenticated attacker can initiate remote code execution. FAQ: According to the CVSS metric, the attack complexity is high