Msrc Windows Server 2022 23H2 Edition vulnerabilities

CVE-2024-49108 [HIGH] CWE-591 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connect

CVE-2024-49095 [HIGH] CWE-591 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vu

CVE-2024-49091 [HIGH] CWE-591 Windows Domain Name Service Remote Code Execution Vulnerability Windows Domain Name Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. Role

CVE-2024-49116 [HIGH] CWE-416 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connect

CVE-2024-49120 [HIGH] CWE-453 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connect

CVE-2024-49123 [HIGH] CWE-591 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. FAQ: According to the CVSS metric, t

CVE-2024-49085 [HIGH] CWE-190 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Windows Rout

CVE-2024-49103 [MEDIUM] CWE-191 Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain kernel memory content. Windows Wireless Wide Area Network Service: Windows Wireless Wide Area Network Service Microsoft: Microsoft Customer Acti

CVE-2024-49077 [MEDIUM] CWE-191 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Windows Mobile Broadband Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physic

CVE-2024-49099 [MEDIUM] CWE-125 Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain kernel memory content. FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An att

CVE-2024-49078 [MEDIUM] CWE-190 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Windows Mobile Broadband Driver Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who succe

CVE-2024-49094 [MEDIUM] CWE-122 Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Wireless Wide Area Network Service: Windows Wireless Wide Area Network Service Microsoft: Microsoft Custo

CVE-2024-49110 [MEDIUM] CWE-125 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Windows Mobile Broadband Driver Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who succe

CVE-2024-49092 [MEDIUM] CWE-125 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Windows Mobile Broadband Driver Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who succe

CVE-2024-49098 [MEDIUM] CWE-125 Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. FAQ: What type of information could be disclosed by this vulnerability? Exploi

CVE-2024-49083 [MEDIUM] CWE-125 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Windows Mobile Broadband Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physic

CVE-2024-49073 [MEDIUM] CWE-20 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Windows Mobile Broadband Driver Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who succes

CVE-2024-49081 [MEDIUM] CWE-122 Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Wireless Wide Area Network Service: Windows Wireless Wide Area Network Service Microsoft: Microsoft Custo

CVE-2024-49111 [MEDIUM] CWE-125 Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an attacker needs physical access to the victim's machine. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerabili

CVE-2024-49101 [MEDIUM] CWE-125 Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Wireless Wide Area Network Service: Windows Wireless Wide Area Network Service Microsoft: Microsoft Custo