Msrc Windows Server 2022 23H2 Edition vulnerabilities

CVE-2024-43543 [MEDIUM] CWE-601 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Windows Mobile Broadband Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Co

CVE-2024-43540 [MEDIUM] CWE-20 Windows Mobile Broadband Driver Denial of Service Vulnerability Windows Mobile Broadband Driver Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Act

CVE-2024-43554 [MEDIUM] CWE-212 Windows Kernel-Mode Driver Information Disclosure Vulnerability Windows Kernel-Mode Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Windows Kernel-Mode Drivers:

CVE-2024-43537 [MEDIUM] CWE-908 Windows Mobile Broadband Driver Denial of Service Vulnerability Windows Mobile Broadband Driver Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Ac

CVE-2024-37983 [MEDIUM] CWE-822 Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Windows EFI Partition: Windows EFI Partition Microsoft: Microsoft Customer Action Required: Yes Impact: Security

CVE-2024-43526 [MEDIUM] CWE-20 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Windows Mobile Broadband Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Cod

CVE-2024-43561 [MEDIUM] CWE-20 Windows Mobile Broadband Driver Denial of Service Vulnerability Windows Mobile Broadband Driver Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Customer Act

CVE-2024-38240 [HIGH] CWE-125 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Remote Access Connection Manager Elevation of Privilege Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerab

CVE-2024-38238 [HIGH] CWE-122 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Kernel Streaming Service Driver Elevation of Privilege Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affec

CVE-2024-43455 [HIGH] CWE-20 Windows Remote Desktop Licensing Service Spoofing Vulnerability Windows Remote Desktop Licensing Service Spoofing Vulnerability FAQ: How could an attacker exploit this vulnerability? To successfully exploit this vulnerability an attacker must send specially crafted requests to the Terminal Server Licensing Service, which must be running and accessible over the network. Windows Remote Desktop Licensing Service: Windows Remote Desktop Licensing Service Microsoft: Mi

CVE-2024-38263 [HIGH] CWE-591 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does

CVE-2024-38244 [HIGH] CWE-20 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Kernel Streaming Service Driver Elevation of Privilege Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect

CVE-2024-38119 [HIGH] CWE-416 Windows Network Address Translation (NAT) Remote Code Execution Vulnerability Windows Network Address Translation (NAT) Remote Code Execution Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerab

CVE-2024-38243 [HIGH] CWE-20 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Kernel Streaming Service Driver Elevation of Privilege Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect

CVE-2024-38046 [HIGH] CWE-20 PowerShell Elevation of Privilege Vulnerability PowerShell Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could elevate their user privileges from those of a restrained user to an unrestrained WDAC user. FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed

CVE-2024-21416 [HIGH] CWE-122 Windows TCP/IP Remote Code Execution Vulnerability Windows TCP/IP Remote Code Execution Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the u

CVE-2024-38241 [HIGH] CWE-20 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Kernel Streaming Service Driver Elevation of Privilege Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect

CVE-2024-38248 [HIGH] CWE-416 Windows Storage Elevation of Privilege Vulnerability Windows Storage Elevation of Privilege Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install t

CVE-2024-43467 [HIGH] CWE-362 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulner

CVE-2024-38242 [HIGH] CWE-122 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Kernel Streaming Service Driver Elevation of Privilege Vulnerability FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affec