Msrc Windows Server 2022 23H2 Edition vulnerabilities

CVE-2024-26189 [MEDIUM] CWE-20 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An authenticated attacker could exploit this vulnerability with LAN access. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Sec

CVE-2024-28907 [HIGH] CWE-59 Microsoft Brokering File System Elevation of Privilege Vulnerability Microsoft Brokering File System Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment. FAQ: What privileges could be

CVE-2024-28905 [HIGH] CWE-269 Microsoft Brokering File System Elevation of Privilege Vulnerability Microsoft Brokering File System Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires multiple conditions to be met, such as specific application behavior, user actions, manipulation of parameters passed to a function, and impersonation of an in

CVE-2024-26216 [HIGH] CWE-59 Windows File Server Resource Management Service Elevation of Privilege Vulnerability Windows File Server Resource Management Service Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker would only be able to delete targeted files on a system. FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the

CVE-2024-21447 [HIGH] CWE-59 Windows Authentication Elevation of Privilege Vulnerability Windows Authentication Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Authentication Methods: Windows Authentication Methods Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Statu

CVE-2024-26219 [HIGH] CWE-476 HTTP.sys Denial of Service Vulnerability HTTP.sys Denial of Service Vulnerability Windows HTTP.sys: Windows HTTP.sys Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5036896 Reference: https://support.microsoft.com/help/5036896 Reference: https://catalog

CVE-2024-26243 [HIGH] CWE-126 Windows USB Print Driver Elevation of Privilege Vulnerability Windows USB Print Driver Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploit

CVE-2024-26211 [HIGH] CWE-122 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Remote Access Connection Manager Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Remote Access Connection Manager: Windows Remote Access Connection Manager Microsoft: Microsoft Customer Action Req

CVE-2024-28919 [MEDIUM] CWE-693 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Are there additional steps I need to take to be protected from this vulnerability? All customers should apply the April 9, 2024 Windows security updates. These security updates

CVE-2024-26220 [MEDIUM] CWE-908 Windows Mobile Hotspot Information Disclosure Vulnerability Windows Mobile Hotspot Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerab

CVE-2024-26226 [MEDIUM] CWE-125 Windows Distributed File System (DFS) Information Disclosure Vulnerability Windows Distributed File System (DFS) Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. Windows Distributed File System (DFS): Windows Distributed File System (DFS) Microsoft: Microsoft Customer Acti

CVE-2024-26168 [MEDIUM] CWE-122 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Are there additional steps I need to take to be protected from this vulnerability? All customers should apply the April 9, 2024 Windows security updates. These security updates

CVE-2024-26207 [MEDIUM] CWE-125 Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Remote Access Connection Manager Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Remote Access Connection Manager: Windows Remote Access Connection Manager Microsoft: Microsoft Customer Action Requ

CVE-2024-20669 [MEDIUM] CWE-693 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploite

CVE-2024-20665 [MEDIUM] CWE-693 BitLocker Security Feature Bypass Vulnerability BitLocker Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited th

CVE-2024-26217 [MEDIUM] CWE-125 Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Remote Access Connection Manager Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Remote Access Connection Manager: Windows Remote Access Connection Manager Microsoft: Microsoft Customer Action Requ

CVE-2024-28922 [MEDIUM] CWE-284 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Are there additional steps I need to take to be protected from this vulnerability? All customers should apply the April 9, 2024 Windows security updates. These security updates

CVE-2024-28903 [MEDIUM] CWE-693 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Are there additional steps I need to take to be protected from this vulnerability? All customers should apply the April 9, 2024 Windows security updates. These security updates

CVE-2024-28901 [MEDIUM] CWE-126 Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Remote Access Connection Manager Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Remote Access Connection Manager: Windows Remote Access Connection Manager Microsoft: Microsoft Customer Action Requ

CVE-2024-26250 [MEDIUM] CWE-693 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Are there additional steps I need to take to be protected from this vulnerability? All customers should apply the April 9, 2024 Windows security updates. These security updates