Msrc Windows Server 2019 vulnerabilities

CVE-2024-30028 [HIGH] CWE-416 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver. Windows Win32K - ICOMP: Windows Win32K - ICOMP Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploi

CVE-2024-29994 [HIGH] CWE-125 Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successf

CVE-2024-30025 [HIGH] CWE-125 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Common Log File System Driver: Windows Common Log File System Driver Microsoft: Microsoft Customer Action Required: Yes

CVE-2024-30010 [HIGH] CWE-23 Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker must be authenticated to be able to exploit this vulnerability. FAQ: How would an attacker exploit this vulnerability? An attacker who successfully exploited this vulnerability could send malformed packets to Hyper-V Replica endpoints on

CVE-2024-30051 [HIGH] CWE-122 Windows DWM Core Library Elevation of Privilege Vulnerability Windows DWM Core Library Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows DWM Core Library: Windows DWM Core Library Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publ

CVE-2024-30029 [HIGH] CWE-197 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. FAQ: According to the CVSS metric, th

CVE-2024-30014 [HIGH] CWE-197 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. FAQ: According to the CVSS metric, th

CVE-2024-30022 [HIGH] CWE-197 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. FAQ: According to the CVSS metric, th

CVE-2024-30018 [HIGH] CWE-59 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Sof

CVE-2024-30038 [HIGH] CWE-122 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver. Windows Win32K - ICOMP: Windows Win32K - ICOMP Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploi

CVE-2024-30023 [HIGH] CWE-197 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. FAQ: According to the CVSS metric, th

CVE-2024-30027 [HIGH] CWE-415 NTFS Elevation of Privilege Vulnerability NTFS Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows NTFS: Windows NTFS Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitat

CVE-2024-30017 [HIGH] CWE-122 Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker must be authenticated to be able to exploit this vulnerability. FAQ: How would an attacker exploit this vulnerability? An attacker who successfully exploited this vulnerability could send malformed packets to Hyper-V Replica endpoints on

CVE-2024-30024 [HIGH] CWE-197 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on th

CVE-2024-30031 [HIGH] CWE-416 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability Windows CNG Key Isolation Service Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean fo

CVE-2024-29998 [MEDIUM] CWE-20 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Windows Mobile Broadband Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Custo

CVE-2024-30008 [MEDIUM] CWE-191 Windows DWM Core Library Information Disclosure Vulnerability Windows DWM Core Library Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. Windows DWM Core Library: Windows DWM Core Library Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Ex

CVE-2024-29997 [MEDIUM] CWE-190 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Windows Mobile Broadband Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Cust

CVE-2024-30001 [MEDIUM] CWE-190 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Windows Mobile Broadband Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Cust

CVE-2024-30037 [MEDIUM] CWE-125 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver: Windows Common Log File System Driver Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A Reference: https://catalog.update.microsoft.c