Msrc Windows Server 2022 23H2 Edition vulnerabilities

CVE-2024-37989 [HIGH] CWE-130 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vuln

CVE-2024-38050 [HIGH] CWE-191 Windows Workstation Service Elevation of Privilege Vulnerability Windows Workstation Service Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? If successfully exploited, this vulnerability could case attacker-controlled data on the heap to overwrite critical structures of the service, leading to arbitrary memory write or control flow hijacking, resulting in privilege escalation W

CVE-2024-37974 [HIGH] CWE-191 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vulnerability. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized a

CVE-2024-38022 [HIGH] CWE-59 Windows Image Acquisition Elevation of Privilege Vulnerability Windows Image Acquisition Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploi

CVE-2024-38060 [HIGH] CWE-122 Windows Imaging Component Remote Code Execution Vulnerability Windows Imaging Component Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated attacker could exploit the vulnerability by uploading a malicious TIFF file to a server. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does

CVE-2024-37971 [HIGH] CWE-121 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vulnerability. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized a

CVE-2024-37970 [HIGH] CWE-121 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vulnerability. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized a

CVE-2024-38044 [HIGH] CWE-197 DHCP Server Service Remote Code Execution Vulnerability DHCP Server Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated DHCP Server privileges. As is best practice, regular validation and audits of administrative groups should be conducted. Windows D

CVE-2024-38031 [HIGH] CWE-400 Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability Windows Online Certificate Status Protocol (OCSP): Windows Online Certificate Status Protocol (OCSP) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Referenc

CVE-2024-38059 [HIGH] CWE-416 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Win32K - ICOMP: Windows Win32K - ICOMP Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest So

CVE-2024-38033 [HIGH] CWE-20 PowerShell Elevation of Privilege Vulnerability PowerShell Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? An authorized attacker with standard user privileges could place a malicious file and then wait for the privileged victim to run the calling command. FAQ: What privileges could be gained by an attacker who successfully

CVE-2024-38010 [HIGH] CWE-130 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vuln

CVE-2024-38047 [HIGH] CWE-20 PowerShell Elevation of Privilege Vulnerability PowerShell Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could elevate their user privileges from those of a restrained user to an unrestrained WDAC user. Windows PowerShell: Windows PowerShell Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Priv

CVE-2024-38080 [HIGH] CWE-190 Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Role: Windows Hyper-V: Role: Windows Hyper-V Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploi

CVE-2024-37981 [HIGH] CWE-191 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vuln

CVE-2024-37984 [HIGH] CWE-121 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Windows Secure Boot: Windows Secure Boot Microsoft: Microsoft Customer Action Required: Yes Impact: Security Feature Bypass Exploit Status: Publicly Disclosed:No;Exploited:No;Lates

CVE-2024-37975 [HIGH] CWE-191 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated atta

CVE-2024-38112 [HIGH] CWE-451 Windows MSHTML Platform Spoofing Vulnerability Windows MSHTML Platform Spoofing Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user ha

CVE-2024-37969 [HIGH] CWE-822 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated atta

CVE-2024-38013 [MEDIUM] CWE-59 Microsoft Windows Server Backup Elevation of Privilege Vulnerability Microsoft Windows Server Backup Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker would be able to delete any system files. Windows Server Backup: Windows Server Backup Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploite