Msrc Windows Server 2022 23H2 Edition vulnerabilities

CVE-2024-28921 [MEDIUM] CWE-693 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Are there additional steps I need to take to be protected from this vulnerability? All customers should apply the April 9, 2024 Windows security updates. These security updates

CVE-2024-23593 [MEDIUM] CWE-121 Lenovo: CVE-2024-23593 Modify Boot Manager and Escalate Privileges Lenovo: CVE-2024-23593 Modify Boot Manager and Escalate Privileges FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Why is this Lenovo CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in certain Lenovo bootloaders. The miti

CVE-2024-23594 [MEDIUM] CWE-121 Lenovo: CVE-2024-23594 Stack buffer overflow in Lenovo system recovery boot manager Lenovo: CVE-2024-23594 Stack buffer overflow in Lenovo system recovery boot manager FAQ: Why is this Lenovo CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in certain Lenovo bootloaders. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds o

CVE-2024-29064 [MEDIUM] CWE-130 Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V Denial of Service Vulnerability Role: Windows Hyper-V: Role: Windows Hyper-V Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5036896 Reference: https://support.microsoft.com/help/5036896

CVE-2024-26171 [MEDIUM] CWE-190 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Are there additional steps I need to take to be protected from this vulnerability? All customers should apply the April 9, 2024 Windows security updates. These security updates

CVE-2024-28900 [MEDIUM] CWE-126 Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Remote Access Connection Manager Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Remote Access Connection Manager: Windows Remote Access Connection Manager Microsoft: Microsoft Customer Action Requ

CVE-2024-26172 [MEDIUM] CWE-125 Windows DWM Core Library Information Disclosure Vulnerability Windows DWM Core Library Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Windows DWM Core Library: Windows DWM Core Library Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status:

CVE-2024-26255 [MEDIUM] CWE-126 Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Remote Access Connection Manager Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Remote Access Connection Manager: Windows Remote Access Connection Manager Microsoft: Microsoft Customer Action Requ

CVE-2024-28897 [MEDIUM] CWE-20 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An authenticated attacker could exploit this vulnerability with LAN access. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Sec

CVE-2024-26209 [MEDIUM] CWE-908 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Windows Local Security Authority Subsystem Service (LSASS): Windows Local Security A

CVE-2024-28924 [MEDIUM] CWE-121 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploite

CVE-2024-28902 [MEDIUM] CWE-126 Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Remote Access Connection Manager Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Remote Access Connection Manager: Windows Remote Access Connection Manager Microsoft: Microsoft Customer Action Requ

CVE-2024-28898 [MEDIUM] CWE-121 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An authenticated attacker could exploit this vulnerability with LAN access. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized a

CVE-2024-29056 [HIGH] CWE-327 Windows Authentication Elevation of Privilege Vulnerability Windows Authentication Elevation of Privilege Vulnerability FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentialit

CVE-2024-21445 [HIGH] CWE-415 Windows USB Print Driver Elevation of Privilege Vulnerability Windows USB Print Driver Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploit

CVE-2024-21431 [HIGH] CWE-732 Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? A hypervisor-protected code integrity (HVCI) security feature bypass vulnerability could exist when Windows incorrectly allows certain kernel-mode pages to be marked as Read, Write, Execute (RWX) even with H

CVE-2024-21432 [HIGH] CWE-59 Windows Update Stack Elevation of Privilege Vulnerability Windows Update Stack Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability req

CVE-2024-21433 [HIGH] CWE-367 Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited thi

CVE-2024-21438 [HIGH] CWE-369 Microsoft AllJoyn API Denial of Service Vulnerability Microsoft AllJoyn API Denial of Service Vulnerability Windows AllJoyn API: Windows AllJoyn API Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 Reference: https://support.microsoft.com/help/503

CVE-2024-26170 [HIGH] CWE-20 Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. Windows Composite Image File System: Windows Composite Image File System Microsoft: Microsoft Customer