Msrc Windows Server 2016 vulnerabilities

CVE-2024-38231 [MEDIUM] CWE-285 Windows Remote Desktop Licensing Service Denial of Service Vulnerability Windows Remote Desktop Licensing Service Denial of Service Vulnerability FAQ: Are there additional actions I need to take after I have installed the update? No action is required from customers who are using a single license server and who are not using workgroup-joined Windows Server 2008 terminal servers. Customers using multiple license servers should refer to Use multiple remote desktop

CVE-2024-38234 [MEDIUM] CWE-20 Windows Networking Denial of Service Vulnerability Windows Networking Denial of Service Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the

CVE-2024-38230 [MEDIUM] CWE-20 Windows Standards-Based Storage Management Service Denial of Service Vulnerability Windows Standards-Based Storage Management Service Denial of Service Vulnerability Windows Standards-Based Storage Management Service: Windows Standards-Based Storage Management Service Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference

CVE-2024-38217 [MEDIUM] CWE-693 Windows Mark of the Web Security Feature Bypass Vulnerability Windows Mark of the Web Security Feature Bypass Vulnerability FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker could host a file on an attacker-controlled server, then convince a targeted user to download and open the file. This could allow the attacker to interfere with the Mark of the Web functionality. Please see Additional information about Mark of th

CVE-2024-38235 [MEDIUM] CWE-416 Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V Denial of Service Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updat

CVE-2024-38258 [MEDIUM] CWE-23 Windows Remote Desktop Licensing Service Information Disclosure Vulnerability Windows Remote Desktop Licensing Service Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. Windows Remote Desktop Licensing Service: Windows Remote Desktop Licensing Service Microsoft: Microsoft Cu

CVE-2024-43487 [MEDIUM] CWE-693 Windows Mark of the Web Security Feature Bypass Vulnerability Windows Mark of the Web Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass the SmartScreen user experience. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send

CVE-2024-38256 [MEDIUM] CWE-908 Windows Kernel-Mode Driver Information Disclosure Vulnerability Windows Kernel-Mode Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Kernel-Mode Drivers: Windows Kernel-Mode Drivers Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Sta

CVE-2024-38254 [MEDIUM] CWE-908 Windows Authentication Information Disclosure Vulnerability Windows Authentication Information Disclosure Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine

CVE-2024-38140 [CRITICAL] CWE-416 Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could exploit the vulnerability by sending specially crafted packets to a Windows Pragmatic General Multicast (PGM) open socket on the server, without any interaction from the user. FAQ: Windows 11, vers

CVE-2024-38063 [CRITICAL] CWE-191 Windows TCP/IP Remote Code Execution Vulnerability Windows TCP/IP Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution. FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updat

CVE-2024-38159 [CRITICAL] CWE-416 Windows Network Virtualization Remote Code Execution Vulnerability Windows Network Virtualization Remote Code Execution Vulnerability FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? To successfully exploit this vulnerability, an attacker or the targeted user would need to achieve a high level of control over a machine, as the attack requires access to processes typically restricted from average

CVE-2024-38160 [CRITICAL] CWE-122 Windows Network Virtualization Remote Code Execution Vulnerability Windows Network Virtualization Remote Code Execution Vulnerability FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? This vulnerability could lead to the attacker gaining the ability to interact with other tenant’s applications and content. FAQ: According to the CVSS metric, privileges required is high (PR:

CVE-2024-38199 [CRITICAL] CWE-416 Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted print task to a shared vulnerable Windows Line Printer Daemon (LPD) service across a network. Successful exploitation could result in remote code execution on the server. FAQ: Windows 11, versio

CVE-2024-38126 [HIGH] CWE-476 Windows Network Address Translation (NAT) Denial of Service Vulnerability Windows Network Address Translation (NAT) Denial of Service Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities

CVE-2022-2601 [HIGH] CWE-121 Redhat: CVE-2022-2601 grub2 - Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass Redhat: CVE-2022-2601 grub2 - Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2022-2601 FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in th

CVE-2024-38202 [HIGH] CWE-284 Windows Update Stack Elevation of Privilege Vulnerability Windows Update Stack Elevation of Privilege Vulnerability Description: Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerabil

CVE-2024-38146 [HIGH] CWE-476 Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that aff

CVE-2024-38115 [HIGH] CWE-122 Windows IP Routing Management Snapin Remote Code Execution Vulnerability Windows IP Routing Management Snapin Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. FAQ: How coul

CVE-2024-38116 [HIGH] CWE-122 Windows IP Routing Management Snapin Remote Code Execution Vulnerability Windows IP Routing Management Snapin Remote Code Execution Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulne