Msrc Windows Server 2022 23H2 Edition vulnerabilities

CVE-2024-43529 [HIGH] CWE-822 Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? A user with low privileges would need to initia

CVE-2024-43542 [MEDIUM] CWE-20 Windows Mobile Broadband Driver Denial of Service Vulnerability Windows Mobile Broadband Driver Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Act

CVE-2024-43500 [MEDIUM] CWE-126 Windows Resilient File System (ReFS) Information Disclosure Vulnerability Windows Resilient File System (ReFS) Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Windows Resilient File System (ReFS): Windows Resilient File System (ReFS) Microsoft: Microsoft Customer Action Required: Yes

CVE-2024-37982 [MEDIUM] CWE-822 Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Windows EFI Partition: Windows EFI Partition Microsoft: Microsoft Customer Action Required: Yes Impact: Security

CVE-2024-43573 [MEDIUM] CWE-79 Windows MSHTML Platform Spoofing Vulnerability Windows MSHTML Platform Spoofing Vulnerability FAQ: The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows except Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012. Why are IE Cumulative updates listed for Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Micr

CVE-2024-43524 [MEDIUM] CWE-118 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Windows Mobile Broadband Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Co

CVE-2024-43538 [MEDIUM] CWE-20 Windows Mobile Broadband Driver Denial of Service Vulnerability Windows Mobile Broadband Driver Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Act

CVE-2024-43546 [MEDIUM] CWE-203 Windows Cryptographic Information Disclosure Vulnerability Windows Cryptographic Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of OAEP decrypt information. An attacker could read the contents of OAEP decrypt from a user mode process. FAQ: According to the CVSS metric, successful ex

CVE-2024-43557 [MEDIUM] CWE-20 Windows Mobile Broadband Driver Denial of Service Vulnerability Windows Mobile Broadband Driver Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Act

CVE-2024-43456 [MEDIUM] CWE-284 Windows Remote Desktop Services Tampering Vulnerability Windows Remote Desktop Services Tampering Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack. Windows Remote

CVE-2024-43513 [MEDIUM] CWE-693 BitLocker Security Feature Bypass Vulnerability BitLocker Security Feature Bypass Vulnerability FAQ: Is there a prerequisite for installing the security update? Yes. For Windows Server 2012 R2 only, to apply this update, you must have KB2919355 installed. FAQ: Are there additional steps that I need to take to be protected from this vulnerability? Depending on the version of Windows you are running, you might need to take additional steps to update Windows Recove

CVE-2024-43508 [MEDIUM] CWE-125 Windows Graphics Component Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit S

CVE-2024-43536 [MEDIUM] CWE-601 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Windows Mobile Broadband Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Co

CVE-2024-43525 [MEDIUM] CWE-20 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Windows Mobile Broadband Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Cod

CVE-2024-43585 [MEDIUM] CWE-693 Code Integrity Guard Security Feature Bypass Vulnerability Code Integrity Guard Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could trick Windows Code Integrity Guard (CIG) into trusting the file the attacker altered to contain arbitrary content bypassing CIG integrity checks. FAQ: According to the CVSS metrics, su

CVE-2024-43555 [MEDIUM] CWE-125 Windows Mobile Broadband Driver Denial of Service Vulnerability Windows Mobile Broadband Driver Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Ac

CVE-2024-43523 [MEDIUM] CWE-20 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Windows Mobile Broadband Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Cod

CVE-2024-43559 [MEDIUM] CWE-476 Windows Mobile Broadband Driver Denial of Service Vulnerability Windows Mobile Broadband Driver Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Ac

CVE-2024-43558 [MEDIUM] CWE-20 Windows Mobile Broadband Driver Denial of Service Vulnerability Windows Mobile Broadband Driver Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Act

CVE-2024-37976 [MEDIUM] CWE-190 Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Windows EFI Partition: Windows EFI Partition Microsoft: Microsoft Customer Action Required: Yes Impact: Security