Msrc Windows Server 2022 23H2 Edition vulnerabilities

CVE-2024-26184 [MEDIUM] CWE-190 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An authenticated attacker could exploit this vulnerability with LAN access. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires a

CVE-2024-38065 [MEDIUM] CWE-122 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Windows Secure Boot: Windows Secure Boot Microsoft: Microsoft Customer Action Required: Yes Impact: Security Feature Bypass Exploit Status: Publicly Disclosed:No;Exploited:No;Lat

CVE-2024-38101 [MEDIUM] CWE-125 Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability FAQ: According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability? This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same n

CVE-2024-38056 [MEDIUM] CWE-125 Microsoft Windows Codecs Library Information Disclosure Vulnerability Microsoft Windows Codecs Library Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Microsoft Windows Codecs Library: Microsoft Windows Codecs Library Microsoft: Microsoft Customer Action Required: Yes Impact: Information D

CVE-2024-38041 [MEDIUM] CWE-200 Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is one byte of kernel memory could be leaked back to the attacker. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure E

CVE-2024-38102 [MEDIUM] CWE-125 Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability FAQ: According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability? This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same n

CVE-2024-38058 [MEDIUM] CWE-693 BitLocker Security Feature Bypass Vulnerability BitLocker Security Feature Bypass Vulnerability FAQ: Why was the fix for this vulnerability disabled and how can I apply protections to address this issue? When customers applied the fix for this vulnerability to their devices, we received feedback about firmware incompatibility issues that were causing BitLocker to go into recovery mode on some devices. As a result, with the release of the August 2024 security upda

CVE-2024-38105 [MEDIUM] CWE-20 Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability FAQ: According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability? This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same ne

CVE-2024-30071 [MEDIUM] CWE-126 Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Remote Access Connection Manager Information Disclosure Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. FAQ: What type of information could be dis

CVE-2024-30088 [HIGH] CWE-367 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an at

CVE-2024-30089 [HIGH] CWE-416 Microsoft Streaming Service Elevation of Privilege Vulnerability Microsoft Streaming Service Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft Streaming Service: Microsoft Streaming Service Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit

CVE-2024-30068 [HIGH] CWE-125 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack coul

CVE-2024-30064 [HIGH] CWE-190 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? This vulnerability could lead to a contained execution environment escape. Please refer to AppContainer Isolation for more information. FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, a

CVE-2023-50868 [HIGH] MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU FAQ: Why is the MITRE Corporation the assigning CNA (CVE Numbering Authority)? CVE-2023-50868 is regarding a vulnerability in DNSSEC validation where an attacker could exploit standard DNSSEC protocols intended for DNS integrity by using excessive resources on a resolver, causing a denial of service for legitimate users. MITRE created this C

CVE-2024-30086 [HIGH] CWE-416 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Win32 Kernel Subsystem: Windows Win32 Kernel Subsystem Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privile

CVE-2024-30085 [HIGH] CWE-122 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Cloud Files Mini Filter Driver: Windows Cloud Files Mini Filter Driver Microsoft: Microsoft Customer Action Required: Y

CVE-2024-30099 [HIGH] CWE-367 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an at

CVE-2024-30097 [HIGH] CWE-415 Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. FAQ: How could an attacker exploit this vulnerabilit

CVE-2024-30072 [HIGH] CWE-190 Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote

CVE-2024-30066 [MEDIUM] CWE-122 Winlogon Elevation of Privilege Vulnerability Winlogon Elevation of Privilege Vulnerability FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of integrity (I:H). What does that mean for this vulnerability? An authenticated attacker could replace valid file content with specially crafted file content. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attack