Msrc Windows Server 2008 R2 vulnerabilities

CVE-2024-43506 [HIGH] CWE-400 BranchCache Denial of Service Vulnerability BranchCache Denial of Service Vulnerability BranchCache: BranchCache Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5044277 Reference: https://support.microsoft.com/help/5044277 Reference: https://catalog.update.micr

CVE-2024-43599 [HIGH] CWE-416 Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client. Remote Desktop Client: Remote Desktop Cli

CVE-2024-43509 [HIGH] CWE-416 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit

CVE-2024-43553 [HIGH] CWE-822 NT OS Kernel Elevation of Privilege Vulnerability NT OS Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain Kernel Memory Access. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an att

CVE-2024-43535 [HIGH] CWE-416 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Windows Kernel-Mode Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vuln

CVE-2024-43518 [HIGH] CWE-122 Windows Telephony Server Remote Code Execution Vulnerability Windows Telephony Server Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). Wh

CVE-2024-43583 [HIGH] CWE-250 Winlogon Elevation of Privilege Vulnerability Winlogon Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: Are there any further actions I need to take to be protected from this vulnerability? Yes. To address this vulnerability, ensure that a Microsoft first-party Input Method Editor (IME)

CVE-2024-43572 [HIGH] CWE-707 Microsoft Management Console Remote Code Execution Vulnerability Microsoft Management Console Remote Code Execution Vulnerability FAQ: What does the security update provide to mitigate the risks associated with this vulnerability? The security update will prevent untrusted Microsoft Saved Console (MSC) files from being opened to protect customers against the risks associated with this vulnerability. FAQ: According to the CVSS metric, the attack vector is local (AV

CVE-2024-38149 [HIGH] CWE-400 BranchCache Denial of Service Vulnerability BranchCache Denial of Service Vulnerability BranchCache: BranchCache Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5044277 Reference: https://support.microsoft.com/help/5044277 Reference: https://catalog.update.micr

CVE-2024-43532 [HIGH] CWE-636 Remote Registry Service Elevation of Privilege Vulnerability Remote Registry Service Elevation of Privilege Vulnerability FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker could execute a specially crafted malicious script which executes an RPC call to an RPC host. This could result in elevation of privilege on the server. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerabilit

CVE-2024-43556 [HIGH] CWE-416 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit

CVE-2024-43501 [HIGH] CWE-59 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Common Log File System Driver: Windows Common Log File System Driver Microsoft: Microsoft Customer Action Required: Yes I

CVE-2024-43519 [HIGH] CWE-197 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using th

CVE-2024-43515 [HIGH] CWE-400 Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability Internet Small Computer Systems Interface (iSCSI): Internet Small Computer Systems Interface (iSCSI) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference: https://cat

CVE-2024-43534 [MEDIUM] CWE-125 Windows Graphics Component Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malic

CVE-2024-43547 [MEDIUM] CWE-325 Windows Kerberos Information Disclosure Vulnerability Windows Kerberos Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process. FAQ: According to the CVSS metric, the attack complexity is high (AC:H

CVE-2024-43570 [MEDIUM] CWE-416 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerabil

CVE-2024-43520 [MEDIUM] CWE-476 Windows Kernel Denial of Service Vulnerability Windows Kernel Denial of Service Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious input file and convince the user to open said input file. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability? A

CVE-2024-30073 [HIGH] CWE-41 Windows Security Zone Mapping Security Feature Bypass Vulnerability Windows Security Zone Mapping Security Feature Bypass Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect t

CVE-2024-38247 [HIGH] CWE-415 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their ma