Msrc Windows Server 2022 23H2 Edition vulnerabilities

CVE-2024-30096 [MEDIUM] CWE-200 Windows Cryptographic Services Information Disclosure Vulnerability Windows Cryptographic Services Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Windows cryptographic secrets. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vul

CVE-2024-30067 [MEDIUM] CWE-190 Winlogon Elevation of Privilege Vulnerability Winlogon Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of integrity (I:H). What does that mean for this vulnerability?

CVE-2024-30069 [MEDIUM] CWE-126 Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Remote Access Connection Manager Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successfu

CVE-2024-30065 [MEDIUM] CWE-59 Windows Themes Denial of Service Vulnerability Windows Themes Denial of Service Vulnerability Windows Themes: Windows Themes Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039217 Reference: https://support.microsoft.com/help/5039217 Reference: https://catalo

CVE-2024-30076 [MEDIUM] CWE-59 Windows Container Manager Service Elevation of Privilege Vulnerability Windows Container Manager Service Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who s

CVE-2024-30032 [HIGH] CWE-416 Windows DWM Core Library Elevation of Privilege Vulnerability Windows DWM Core Library Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows DWM Core Library: Windows DWM Core Library Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publ

CVE-2024-30035 [HIGH] CWE-416 Windows DWM Core Library Elevation of Privilege Vulnerability Windows DWM Core Library Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows DWM Core Library: Windows DWM Core Library Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publ

CVE-2024-30040 [HIGH] CWE-20 Windows MSHTML Platform Security Feature Bypass Vulnerability Windows MSHTML Platform Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? This vulnerability bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have

CVE-2024-29994 [HIGH] CWE-125 Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successf

CVE-2024-30010 [HIGH] CWE-23 Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker must be authenticated to be able to exploit this vulnerability. FAQ: How would an attacker exploit this vulnerability? An attacker who successfully exploited this vulnerability could send malformed packets to Hyper-V Replica endpoints on

CVE-2024-30007 [HIGH] CWE-269 Microsoft Brokering File System Elevation of Privilege Vulnerability Microsoft Brokering File System Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could potentially gain the ability to authenticate against a remote host using the current user’s credentials. FAQ: How could an attacker exploit this vulnerability? An attac

CVE-2024-30018 [HIGH] CWE-59 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Sof

CVE-2024-30038 [HIGH] CWE-122 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver. Windows Win32K - ICOMP: Windows Win32K - ICOMP Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploi

CVE-2024-30017 [HIGH] CWE-122 Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker must be authenticated to be able to exploit this vulnerability. FAQ: How would an attacker exploit this vulnerability? An attacker who successfully exploited this vulnerability could send malformed packets to Hyper-V Replica endpoints on

CVE-2024-29998 [MEDIUM] CWE-20 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Windows Mobile Broadband Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Custo

CVE-2024-30008 [MEDIUM] CWE-191 Windows DWM Core Library Information Disclosure Vulnerability Windows DWM Core Library Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. Windows DWM Core Library: Windows DWM Core Library Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Ex

CVE-2024-29997 [MEDIUM] CWE-190 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Windows Mobile Broadband Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Cust

CVE-2024-30001 [MEDIUM] CWE-190 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Windows Mobile Broadband Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Cust

CVE-2024-30000 [MEDIUM] CWE-190 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Windows Mobile Broadband Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Cust

CVE-2024-30002 [MEDIUM] CWE-20 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Windows Mobile Broadband Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. Windows Mobile Broadband: Windows Mobile Broadband Microsoft: Microsoft Custo