Msrc Windows Server 2012 vulnerabilities

CVE-2024-26248 [HIGH] CWE-303 Windows Kerberos Elevation of Privilege Vulnerability Windows Kerberos Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? A

CVE-2024-26216 [HIGH] CWE-59 Windows File Server Resource Management Service Elevation of Privilege Vulnerability Windows File Server Resource Management Service Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker would only be able to delete targeted files on a system. FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the

CVE-2024-26240 [MEDIUM] CWE-20 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An authenticated attacker could exploit this vulnerability with LAN access. FAQ: How could an attacker successfully exploit this vulnerability? To exploit the vulnerability, an attacker who has physical access or Administrative rights to a target dev

CVE-2024-20689 [MEDIUM] CWE-121 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacke

CVE-2024-20678 [HIGH] CWE-843 Remote Procedure Call Runtime Remote Code Execution Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an authenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service. FAQ: According to the CVSS metric, privileges requir

CVE-2024-28919 [MEDIUM] CWE-693 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Are there additional steps I need to take to be protected from this vulnerability? All customers should apply the April 9, 2024 Windows security updates. These security updates

CVE-2024-26226 [MEDIUM] CWE-125 Windows Distributed File System (DFS) Information Disclosure Vulnerability Windows Distributed File System (DFS) Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. Windows Distributed File System (DFS): Windows Distributed File System (DFS) Microsoft: Microsoft Customer Acti

CVE-2024-26253 [MEDIUM] CWE-20 Windows rndismp6.sys Remote Code Execution Vulnerability Windows rndismp6.sys Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? An unauthenticated attacker needs to physically connect a specially crafted USB device to exploit this vulnerability. Windows Internet Connection Sharing (ICS): Windows Internet Connection Sharing (ICS) Microsoft: Microsoft Customer A

CVE-2024-26252 [MEDIUM] CWE-822 Windows rndismp6.sys Remote Code Execution Vulnerability Windows rndismp6.sys Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? An unauthenticated attacker needs to physically connect a specially crafted USB device to exploit this vulnerability. Windows Internet Connection Sharing (ICS): Windows Internet Connection Sharing (ICS) Microsoft: Microsoft Customer

CVE-2024-26234 [MEDIUM] CWE-284 Proxy Driver Spoofing Vulnerability Proxy Driver Spoofing Vulnerability Windows Proxy Driver: Windows Proxy Driver Microsoft: Microsoft Customer Action Required: Yes Impact: Spoofing Exploit Status: Publicly Disclosed:Yes;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5036896 Reference: https://support.microsoft.com/help/5036896 Reference: https://catalog.update.mi

CVE-2024-26183 [MEDIUM] CWE-476 Windows Kerberos Denial of Service Vulnerability Windows Kerberos Denial of Service Vulnerability Windows Kerberos: Windows Kerberos Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5036896 Reference: https://support.microsoft.com/help/5036896 Referenc

CVE-2022-0001 [MEDIUM] CWE-1303 Intel: CVE-2022-0001 Branch History Injection Intel: CVE-2022-0001 Branch History Injection Description: This CVE was assigned by Intel. Please see CVE-2022-0001 on CVE.org for more information. FAQ: Why is this Intel CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in certain processor models offered by Intel and was initially disclosed March 8, 2022. Intel published updates April 9, 2024 and this CVE is being documented in t

CVE-2024-20669 [MEDIUM] CWE-693 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploite

CVE-2024-20665 [MEDIUM] CWE-693 BitLocker Security Feature Bypass Vulnerability BitLocker Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited th

CVE-2024-28922 [MEDIUM] CWE-284 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Are there additional steps I need to take to be protected from this vulnerability? All customers should apply the April 9, 2024 Windows security updates. These security updates

CVE-2024-28903 [MEDIUM] CWE-693 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Are there additional steps I need to take to be protected from this vulnerability? All customers should apply the April 9, 2024 Windows security updates. These security updates

CVE-2024-26250 [MEDIUM] CWE-693 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Are there additional steps I need to take to be protected from this vulnerability? All customers should apply the April 9, 2024 Windows security updates. These security updates

CVE-2024-28921 [MEDIUM] CWE-693 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Are there additional steps I need to take to be protected from this vulnerability? All customers should apply the April 9, 2024 Windows security updates. These security updates

CVE-2024-26171 [MEDIUM] CWE-190 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Are there additional steps I need to take to be protected from this vulnerability? All customers should apply the April 9, 2024 Windows security updates. These security updates

CVE-2024-28897 [MEDIUM] CWE-20 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An authenticated attacker could exploit this vulnerability with LAN access. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Sec