Msrc Windows Server 2016 vulnerabilities

CVE-2024-20683 [HIGH] CWE-416 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Win32K: Windows Win32K Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:E

CVE-2024-20657 [HIGH] CWE-284 Windows Group Policy Elevation of Privilege Vulnerability Windows Group Policy Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this

CVE-2024-20663 [MEDIUM] CWE-822 Windows Message Queuing Client (MSMQC) Information Disclosure Windows Message Queuing Client (MSMQC) Information Disclosure FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Message Queuing: Windows Message Queuing Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status: Publicl

CVE-2024-21314 [MEDIUM] CWE-125 Microsoft Message Queuing Information Disclosure Vulnerability Microsoft Message Queuing Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Message Queuing: Windows Message Queuing Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status: Publi

CVE-2024-20692 [MEDIUM] CWE-326 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by convincing, or waiting for, a user to connect to an Active Directory Domain Controller and then stealing network secrets. When the vulnerability is successfully exploited this could all

CVE-2024-20694 [MEDIUM] CWE-908 Windows CoreMessaging Information Disclosure Vulnerability Windows CoreMessaging Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of stack memory. Windows Collaborative Translation Framework: Windows Collaborative Translation Framework Microsoft: Microsoft Customer Action Required: Yes Impact: Information

CVE-2024-21320 [MEDIUM] CWE-200 Windows Themes Spoofing Vulnerability Windows Themes Spoofing Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily click or open t

CVE-2024-20680 [MEDIUM] CWE-822 Windows Message Queuing Client (MSMQC) Information Disclosure Windows Message Queuing Client (MSMQC) Information Disclosure FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Message Queuing: Windows Message Queuing Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status: Publicl

CVE-2024-21311 [MEDIUM] CWE-125 Windows Cryptographic Services Information Disclosure Vulnerability Windows Cryptographic Services Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. FAQ: How could an attacker exploit this vulnerability? For successful exploitation, a locally authenticated attacker needs to send a specially cra

CVE-2024-20662 [MEDIUM] CWE-843 Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is remote heap memory. FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean f

CVE-2024-21313 [MEDIUM] CWE-209 Windows TCP/IP Information Disclosure Vulnerability Windows TCP/IP Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the unencrypted contents of IPsec packets from other sessions on a server. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulne

CVE-2024-21316 [MEDIUM] CWE-20 Windows Server Key Distribution Service Security Feature Bypass Windows Server Key Distribution Service Security Feature Bypass FAQ: How can an attacker successfully exploit this vulnerability? This vulnerability can be exploited when an attacker with admin privileges creates an x509 certificate with an MD5 property, which causes certificate validation to fail with no further validation checks. Windows Server Key Distribution Service: Windows Server Key Distribut

CVE-2024-20666 [MEDIUM] CWE-20 BitLocker Security Feature Bypass Vulnerability BitLocker Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data. FAQ: Are there additional steps that I need to take

CVE-2024-20664 [MEDIUM] CWE-822 Microsoft Message Queuing Information Disclosure Vulnerability Microsoft Message Queuing Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Message Queuing: Windows Message Queuing Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status: Publi

CVE-2024-20660 [MEDIUM] CWE-125 Microsoft Message Queuing Information Disclosure Vulnerability Microsoft Message Queuing Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Message Queuing: Windows Message Queuing Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status: Publi

CVE-2024-20655 [MEDIUM] CWE-416 Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: According to the CVSS metric, privileges required is high (PR:H). What does

CVE-2024-20691 [MEDIUM] CWE-125 Windows Themes Information Disclosure Vulnerability Windows Themes Information Disclosure Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninit

CVE-2023-35622 [HIGH] Windows DNS Spoofing Vulnerability Windows DNS Spoofing Vulnerability Microsoft Windows DNS: Microsoft Windows DNS Microsoft: Microsoft Customer Action Required: Yes Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033371 Reference: https://support.microsoft.com/help/5033371 Reference: https://catalog.update.microsoft.c

CVE-2023-35638 [HIGH] CWE-126 DHCP Server Service Denial of Service Vulnerability DHCP Server Service Denial of Service Vulnerability Windows DHCP Server: Windows DHCP Server Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033371 Reference: https://support.microsoft.com/help/5033371

CVE-2023-20588 [MEDIUM] AMD: CVE-2023-20588 AMD Speculative Leaks Security Notice AMD: CVE-2023-20588 AMD Speculative Leaks Security Notice FAQ: Why is this AMD CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protec