Msrc Windows Server 2019 vulnerabilities

CVE-2024-49082 [MEDIUM] CWE-22 Windows File Explorer Information Disclosure Vulnerability Windows File Explorer Information Disclosure Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed i

CVE-2024-49109 [MEDIUM] CWE-125 Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Wireless Wide Area Network Service: Windows Wireless Wide Area Network Service Microsoft: Microsoft Custo

CVE-2024-43639 [CRITICAL] CWE-197 Windows KDC Proxy Remote Code Execution Vulnerability Windows KDC Proxy Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could use a specially crafted application to leverage a cryptographic protocol vulnerability in Windows Kerberos to perform remote code execution against the target. FAQ: Is KDC Proxy Server service (KPSSVC) a dependency of KKDCP? The vulnerability only exists on the KPSSV

CVE-2024-43621 [HIGH] CWE-122 Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. FAQ: How could an attacker exploit

CVE-2024-43644 [HIGH] CWE-125 Windows Client-Side Caching Elevation of Privilege Vulnerability Windows Client-Side Caching Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Client-Side Caching (CSC) Service: Windows Client-Side Caching (CSC) Service Microsoft: Microsoft Customer Action Required: Yes Impact: Elev

CVE-2024-43641 [HIGH] CWE-190 Windows Registry Elevation of Privilege Vulnerability Windows Registry Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Registry: Windows Registry Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;L

CVE-2024-49039 [HIGH] CWE-287 Windows Task Scheduler Elevation of Privilege Vulnerability Windows Task Scheduler Elevation of Privilege Vulnerability FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application on the target system exploit the vulnerability to elevate their privileges to a Medium Integrity Level. FAQ: According to the CVSS metric, successful exploitation could lead to a scope c

CVE-2024-43620 [HIGH] CWE-122 Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. FAQ: How could an attacker exploit

CVE-2024-43629 [HIGH] CWE-822 Windows DWM Core Library Elevation of Privilege Vulnerability Windows DWM Core Library Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows DWM Core Library: Windows DWM Core Library Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publ

CVE-2024-43627 [HIGH] CWE-122 Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. FAQ: How could an attacker exploit

CVE-2024-43626 [HIGH] CWE-122 Windows Telephony Service Elevation of Privilege Vulnerability Windows Telephony Service Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Telephony Service: Windows Telephony Service Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status:

CVE-2024-43623 [HIGH] CWE-190 Windows NT OS Kernel Elevation of Privilege Vulnerability Windows NT OS Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows NT OS Kernel: Windows NT OS Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:N

CVE-2024-43622 [HIGH] CWE-122 Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. FAQ: How could an attacker exploit

CVE-2024-49046 [HIGH] CWE-367 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Win32 Kernel Subsystem: Windows Win32 Kernel Subsystem Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privile

CVE-2024-43628 [HIGH] CWE-190 Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. FAQ: How could an attacker exploit

CVE-2024-49019 [HIGH] CWE-1390 Active Directory Certificate Services Elevation of Privilege Vulnerability Active Directory Certificate Services Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain domain administrator privileges. FAQ: What types of certificates are vulnerable to this type of attack? Certificates created using a version 1 certifi

CVE-2024-43635 [HIGH] CWE-190 Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. FAQ: How could an attacker exploit

CVE-2024-43450 [HIGH] CWE-924 Windows DNS Spoofing Vulnerability Windows DNS Spoofing Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack. FAQ: According to the CVSS metric, user interaction is requ

CVE-2024-43624 [HIGH] CWE-822 Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability FAQ: How could an attacker exploit this vulnerability? This vulnerability requires an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to the hardware resources on the VM. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An

CVE-2024-43636 [HIGH] CWE-822 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows DWM Core Library: Windows DWM Core Library Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Lates