Msrc Windows Server 2022 23H2 Edition vulnerabilities

CVE-2024-26190 [HIGH] CWE-400 Microsoft QUIC Denial of Service Vulnerability Microsoft QUIC Denial of Service Vulnerability Microsoft QUIC: Microsoft QUIC Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Remediation: Release Notes Reference: https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.9 Reference: https://learn.microsoft.com/en-

CVE-2024-21442 [HIGH] CWE-170 Windows USB Print Driver Elevation of Privilege Vulnerability Windows USB Print Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows USB Print Driver: Windows USB Print Driver Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publ

CVE-2024-26169 [HIGH] CWE-269 Windows Error Reporting Service Elevation of Privilege Vulnerability Windows Error Reporting Service Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Error Reporting: Windows Error Reporting Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit

CVE-2024-21407 [HIGH] CWE-416 Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. FAQ: How would an attacker exploit this vulne

CVE-2024-21443 [HIGH] CWE-416 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability? An administrative user must be convinced to open a malicious COM object like an .rtf file. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability

CVE-2024-21427 [HIGH] CWE-287 Windows Kerberos Security Feature Bypass Vulnerability Windows Kerberos Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. FAQ: What kind of security feature coul

CVE-2024-21434 [HIGH] CWE-197 Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft Windows SCSI Class System File: Microsoft Windows SCSI Class System File Microsoft: Microsoft Customer Action Req

CVE-2024-21408 [MEDIUM] CWE-835 Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V Denial of Service Vulnerability Role: Windows Hyper-V: Role: Windows Hyper-V Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 Reference: https://support.microsoft.com/help/5035849

CVE-2024-21430 [MEDIUM] CWE-125 Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to physically access the target device. To gain access, an attacker must acquire the device after being unlocked by a legitimate

CVE-2024-26160 [MEDIUM] CWE-126 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Windows Cloud Files Mini

CVE-2023-50387 [HIGH] MITRE: CVE-2023-50387 DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers MITRE: CVE-2023-50387 DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers Role: DNS Server: Role: DNS Server MITRE: MITRE Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://cat

CVE-2024-21346 [HIGH] CWE-822 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Win32K - ICOMP: Windows Win32K - ICOMP Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest So

CVE-2024-21338 [HIGH] CWE-822 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a speciall

CVE-2024-21412 [HIGH] CWE-693 Internet Shortcut Files Security Feature Bypass Vulnerability Internet Shortcut Files Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. FAQ: How could an attacker exploit the vulnerability? An unauthenticated attacker could send the targeted user a specially crafted file that is design

CVE-2024-21353 [HIGH] CWE-122 Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the

CVE-2024-21371 [HIGH] CWE-367 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerabilit

CVE-2024-21345 [HIGH] CWE-122 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated attacker could run a specially crafted application that would give them control of the targeted destination and source of the copy. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability cou

CVE-2024-21342 [HIGH] CWE-400 Windows DNS Client Denial of Service Vulnerability Windows DNS Client Denial of Service Vulnerability Role: DNS Server: Role: DNS Server Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 Reference: https://support.microsoft.com/help/5034765 Refere

CVE-2024-21406 [HIGH] CWE-319 Windows Printing Service Spoofing Vulnerability Windows Printing Service Spoofing Vulnerability FAQ: How could an attacker exploit this vulnerability? In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets. Microsoft Windows: Microsoft Windows Microsoft: Microsoft Customer Action Required: Yes Impact: Spoofing Exploit Status: Publicly Disclosed:N

CVE-2024-21348 [HIGH] CWE-122 Internet Connection Sharing (ICS) Denial of Service Vulnerability Internet Connection Sharing (ICS) Denial of Service Vulnerability Windows Internet Connection Sharing (ICS): Windows Internet Connection Sharing (ICS) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search