Msrc Windows Server 2022 23H2 Edition vulnerabilities

CVE-2024-21304 [MEDIUM] CWE-20 Trusted Compute Base Elevation of Privilege Vulnerability Trusted Compute Base Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability r

CVE-2024-21362 [MEDIUM] CWE-367 Windows Kernel Security Feature Bypass Vulnerability Windows Kernel Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass the Windows Code Integrity Guard (CIG). FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of integrity (I:H). What does that mean fo

CVE-2024-21339 [MEDIUM] CWE-416 Windows USB Generic Parent Driver Remote Code Execution Vulnerability Windows USB Generic Parent Driver Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. Windows USB Serial Driver: Windows USB Serial Driver Microsoft: Microsoft

CVE-2024-20684 [MEDIUM] CWE-20 Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V Denial of Service Vulnerability FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host. Windows Hyper-V: Windows Hyper-V Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Se

CVE-2024-21377 [MEDIUM] CWE-197 Windows DNS Information Disclosure Vulnerability Windows DNS Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Microsoft Windows DNS: Microsoft Windows DNS Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status: Publicly Disclosed:No;Exploited:No;La

CVE-2024-21344 [MEDIUM] CWE-125 Windows Network Address Translation (NAT) Denial of Service Vulnerability Windows Network Address Translation (NAT) Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. Windows Internet Connection Sharing (ICS): Windows

CVE-2024-21341 [MEDIUM] CWE-122 Windows Kernel Remote Code Execution Vulnerability Windows Kernel Remote Code Execution Vulnerability Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 Reference: https://support.microsoft.com/help/5034768 Refe

CVE-2024-21343 [MEDIUM] CWE-125 Windows Network Address Translation (NAT) Denial of Service Vulnerability Windows Network Address Translation (NAT) Denial of Service Vulnerability Windows Internet Connection Sharing (ICS): Windows Internet Connection Sharing (ICS) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.

CVE-2024-20687 [HIGH] CWE-125 Microsoft AllJoyn API Denial of Service Vulnerability Microsoft AllJoyn API Denial of Service Vulnerability Windows AllJoyn API: Windows AllJoyn API Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 Reference: https://support.microsoft.com/help/503

CVE-2024-20652 [HIGH] CWE-73 Windows HTML Platforms Security Feature Bypass Vulnerability Windows HTML Platforms Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? The MapURLToZone method could be bypassed by an attacker if the API returned a Zone value of 'Intranet' by passing a URL with a device path to the Lanman redirector device object. The same is true of the WebDav device. FAQ: According to the CVSS m

CVE-2024-20682 [HIGH] CWE-822 Windows Cryptographic Services Remote Code Execution Vulnerability Windows Cryptographic Services Remote Code Execution Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate t

CVE-2024-21309 [HIGH] CWE-191 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Windows Kernel-Mode Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel-Mode Drivers: Windows Kernel-Mode Drivers Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit St

CVE-2024-20700 [HIGH] CWE-362 Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Successful exploitation of this vulner

CVE-2024-20698 [HIGH] CWE-190 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest So

CVE-2024-20697 [HIGH] CWE-122 Windows libarchive Remote Code Execution Vulnerability Windows libarchive Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or v

CVE-2024-20681 [HIGH] CWE-416 Windows Subsystem for Linux Elevation of Privilege Vulnerability Windows Subsystem for Linux Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Subsystem for Linux: Windows Subsystem for Linux Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit

CVE-2024-20658 [HIGH] CWE-125 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft Virtual Hard Drive: Microsoft Virtual Hard Drive Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploi

CVE-2024-20696 [HIGH] CWE-122 Windows libarchive Remote Code Execution Vulnerability Windows libarchive Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or v

CVE-2024-21310 [HIGH] CWE-197 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Cloud Files Mini Filter Driver: Windows Cloud Files Mini Filter Driver Microsoft: Microsoft Customer Action Required: Y

CVE-2024-20686 [HIGH] CWE-591 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Win32 Kernel Subsystem: Windows Win32 Kernel Subsystem Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploi