Msrc Windows Server 2012 R2 vulnerabilities

CVE-2024-49125 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain c

CVE-2024-49113 [HIGH] CWE-125 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Windows LDAP - Lightweight Directory Access Protocol: Windows LDAP - Lightweight Directory Access Protocol Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Re

CVE-2024-49091 [HIGH] CWE-591 Windows Domain Name Service Remote Code Execution Vulnerability Windows Domain Name Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. Role

CVE-2024-49127 [HIGH] CWE-416 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacke

CVE-2024-49120 [HIGH] CWE-453 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connect

CVE-2024-49104 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. FAQ: Accordi

CVE-2024-49138 [HIGH] CWE-122 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Common Log File System Driver: Windows Common Log File System Driver Microsoft: Microsoft Customer Action Required: Yes

CVE-2024-49089 [HIGH] CWE-190 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? To successfully exploit this vulnerability, an attacker or the targeted user would need to achieve a high level of control over a machine, as the attack requires access to processes ty

CVE-2024-49084 [HIGH] CWE-362 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerabilit

CVE-2024-49085 [HIGH] CWE-190 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Windows Rout

CVE-2024-49082 [MEDIUM] CWE-22 Windows File Explorer Information Disclosure Vulnerability Windows File Explorer Information Disclosure Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed i

CVE-2024-43639 [CRITICAL] CWE-197 Windows KDC Proxy Remote Code Execution Vulnerability Windows KDC Proxy Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could use a specially crafted application to leverage a cryptographic protocol vulnerability in Windows Kerberos to perform remote code execution against the target. FAQ: Is KDC Proxy Server service (KPSSVC) a dependency of KKDCP? The vulnerability only exists on the KPSSV

CVE-2024-43621 [HIGH] CWE-122 Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. FAQ: How could an attacker exploit

CVE-2024-43644 [HIGH] CWE-125 Windows Client-Side Caching Elevation of Privilege Vulnerability Windows Client-Side Caching Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Client-Side Caching (CSC) Service: Windows Client-Side Caching (CSC) Service Microsoft: Microsoft Customer Action Required: Yes Impact: Elev

CVE-2024-43641 [HIGH] CWE-190 Windows Registry Elevation of Privilege Vulnerability Windows Registry Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Registry: Windows Registry Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;L

CVE-2024-43620 [HIGH] CWE-122 Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. FAQ: How could an attacker exploit

CVE-2024-43627 [HIGH] CWE-122 Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. FAQ: How could an attacker exploit

CVE-2024-43626 [HIGH] CWE-122 Windows Telephony Service Elevation of Privilege Vulnerability Windows Telephony Service Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Telephony Service: Windows Telephony Service Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status:

CVE-2024-43623 [HIGH] CWE-190 Windows NT OS Kernel Elevation of Privilege Vulnerability Windows NT OS Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows NT OS Kernel: Windows NT OS Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:N

CVE-2024-43622 [HIGH] CWE-122 Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. FAQ: How could an attacker exploit