Msrc Windows Server 2022 23H2 Edition vulnerabilities

CVE-2024-49087 [MEDIUM] CWE-20 Windows Mobile Broadband Driver Information Disclosure Vulnerability Windows Mobile Broadband Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physi

CVE-2024-49109 [MEDIUM] CWE-125 Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Wireless Wide Area Network Service: Windows Wireless Wide Area Network Service Microsoft: Microsoft Custo

CVE-2024-43639 [CRITICAL] CWE-197 Windows KDC Proxy Remote Code Execution Vulnerability Windows KDC Proxy Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could use a specially crafted application to leverage a cryptographic protocol vulnerability in Windows Kerberos to perform remote code execution against the target. FAQ: Is KDC Proxy Server service (KPSSVC) a dependency of KKDCP? The vulnerability only exists on the KPSSV

CVE-2024-49039 [HIGH] CWE-287 Windows Task Scheduler Elevation of Privilege Vulnerability Windows Task Scheduler Elevation of Privilege Vulnerability FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application on the target system exploit the vulnerability to elevate their privileges to a Medium Integrity Level. FAQ: According to the CVSS metric, successful exploitation could lead to a scope c

CVE-2024-43642 [HIGH] CWE-416 Windows SMB Denial of Service Vulnerability Windows SMB Denial of Service Vulnerability Windows SMB: Windows SMB Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5046617 Reference: https://support.microsoft.com/help/5046617 Reference: https://catalog.update.micr

CVE-2024-43629 [HIGH] CWE-822 Windows DWM Core Library Elevation of Privilege Vulnerability Windows DWM Core Library Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows DWM Core Library: Windows DWM Core Library Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publ

CVE-2024-43630 [HIGH] CWE-121 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. FAQ: What privileges could be gained by an attacker who successfully exploited

CVE-2024-49019 [HIGH] CWE-1390 Active Directory Certificate Services Elevation of Privilege Vulnerability Active Directory Certificate Services Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain domain administrator privileges. FAQ: What types of certificates are vulnerable to this type of attack? Certificates created using a version 1 certifi

CVE-2024-43450 [HIGH] CWE-924 Windows DNS Spoofing Vulnerability Windows DNS Spoofing Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack. FAQ: According to the CVSS metric, user interaction is requ

CVE-2024-43625 [HIGH] CWE-416 Microsoft Windows VMSwitch Elevation of Privilege Vulnerability Microsoft Windows VMSwitch Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to execute code on the Hyper-V host execution environ

CVE-2024-43624 [HIGH] CWE-822 Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability FAQ: How could an attacker exploit this vulnerability? This vulnerability requires an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to the hardware resources on the VM. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An

CVE-2024-43636 [HIGH] CWE-822 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows DWM Core Library: Windows DWM Core Library Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Lates

CVE-2024-43452 [HIGH] CWE-367 Windows Registry Elevation of Privilege Vulnerability Windows Registry Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires a

CVE-2024-38264 [MEDIUM] CWE-591 Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Microsoft Virtual Hard Drive: Microsoft Virtual Hard Drive Microsoft: Microsoft Customer Action Required: Yes Impact: De

CVE-2024-43631 [MEDIUM] CWE-822 Windows Secure Kernel Mode Elevation of Privilege Vulnerability Windows Secure Kernel Mode Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Secure Kernel Mode: Windows Secure Kernel Mode Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit St

CVE-2024-43451 [MEDIUM] CWE-73 NTLM Hash Disclosure Spoofing Vulnerability NTLM Hash Disclosure Spoofing Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability? This vulnerability discloses a user's NTLMv2 hash to the attacker who could use this to authenticate as the user. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction

CVE-2024-43449 [MEDIUM] CWE-125 Windows USB Video Class System Driver Elevation of Privilege Vulnerability Windows USB Video Class System Driver Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. FAQ: What privileges could be gained by an attacker who successf

CVE-2024-43646 [MEDIUM] CWE-822 Windows Secure Kernel Mode Elevation of Privilege Vulnerability Windows Secure Kernel Mode Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Secure Kernel Mode: Windows Secure Kernel Mode Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit St

CVE-2024-38124 [CRITICAL] CWE-287 Windows Netlogon Elevation of Privilege Vulnerability Windows Netlogon Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain domain administrator privileges. FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An authenticated attacker could exploit

CVE-2024-43611 [HIGH] CWE-20 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker who successfully exploited this vulnerability could gain remote code execution (RCE) on the victim's machine. FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted protocol