Msrc Windows 11 Version 21H2 For X64-Based Systems vulnerabilities

CVE-2024-43574 [HIGH] CWE-416 Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit a use after free vulnerability within the OS SAPI component to execute arbitrary code in the context of the compromised user to disclose sensitive information, compromise system integrity or impact th

CVE-2024-43584 [HIGH] CWE-693 Windows Scripting Engine Security Feature Bypass Vulnerability Windows Scripting Engine Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? The Anti-Malware Scanning Interface implementation in the newer jscript9legacy.dll is not enabled when running in cscript/wscript leading to a bypass. Windows Scripting: Windows Scripting Microsoft: Microsoft Customer Action Required: Yes

CVE-2024-30092 [HIGH] CWE-20 Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability FAQ: Under what circumstances might this vulnerability be exploited other than as a denial of service attack against a Hyper-V host? This issue allows a guest VM to force the Hyper-V host's kernel to read from an arbitrary, potentially invalid address. The contents of the address read would not be returned to the guest VM. In most circumstances, this would result

CVE-2024-20659 [HIGH] CWE-20 Windows Hyper-V Security Feature Bypass Vulnerability Windows Hyper-V Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Successful exploitation of this vulnerability by an attacker requires a user to first reboot their machine. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? This Hypervisor vulnerability relates

CVE-2024-43533 [HIGH] CWE-416 Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client. Remote Desktop Client: Remote Desktop Cli

CVE-2024-43529 [HIGH] CWE-822 Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? A user with low privileges would need to initia

CVE-2024-43542 [MEDIUM] CWE-20 Windows Mobile Broadband Driver Denial of Service Vulnerability Windows Mobile Broadband Driver Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Act

CVE-2024-43524 [MEDIUM] CWE-118 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Windows Mobile Broadband Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Co

CVE-2024-43538 [MEDIUM] CWE-20 Windows Mobile Broadband Driver Denial of Service Vulnerability Windows Mobile Broadband Driver Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Act

CVE-2024-43546 [MEDIUM] CWE-203 Windows Cryptographic Information Disclosure Vulnerability Windows Cryptographic Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of OAEP decrypt information. An attacker could read the contents of OAEP decrypt from a user mode process. FAQ: According to the CVSS metric, successful ex

CVE-2024-43557 [MEDIUM] CWE-20 Windows Mobile Broadband Driver Denial of Service Vulnerability Windows Mobile Broadband Driver Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Act

CVE-2024-43536 [MEDIUM] CWE-601 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Windows Mobile Broadband Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Co

CVE-2024-43525 [MEDIUM] CWE-20 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Windows Mobile Broadband Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Cod

CVE-2024-43555 [MEDIUM] CWE-125 Windows Mobile Broadband Driver Denial of Service Vulnerability Windows Mobile Broadband Driver Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Ac

CVE-2024-43523 [MEDIUM] CWE-20 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Windows Mobile Broadband Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Cod

CVE-2024-43559 [MEDIUM] CWE-476 Windows Mobile Broadband Driver Denial of Service Vulnerability Windows Mobile Broadband Driver Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Ac

CVE-2024-43558 [MEDIUM] CWE-20 Windows Mobile Broadband Driver Denial of Service Vulnerability Windows Mobile Broadband Driver Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Act

CVE-2024-43543 [MEDIUM] CWE-601 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Windows Mobile Broadband Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Co

CVE-2024-43540 [MEDIUM] CWE-20 Windows Mobile Broadband Driver Denial of Service Vulnerability Windows Mobile Broadband Driver Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Act

CVE-2024-43537 [MEDIUM] CWE-908 Windows Mobile Broadband Driver Denial of Service Vulnerability Windows Mobile Broadband Driver Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Ac