Msrc Windows Server 2025 vulnerabilities

CVE-2024-49132 [HIGH] CWE-591 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. FAQ: According to the CVSS metric, t

CVE-2024-49129 [HIGH] CWE-400 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability FAQ: How could an attacker exploit the vulnerability? An unauthenticated attacker could exploit the vulnerability by connecting to a Remote Desktop server and then sending a malicious http request to the server. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vu

CVE-2024-49106 [HIGH] CWE-591 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connect

CVE-2024-49125 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain c

CVE-2024-49108 [HIGH] CWE-591 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connect

CVE-2024-49095 [HIGH] CWE-591 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vu

CVE-2024-49091 [HIGH] CWE-591 Windows Domain Name Service Remote Code Execution Vulnerability Windows Domain Name Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. Role

CVE-2024-49116 [HIGH] CWE-416 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connect

CVE-2024-49120 [HIGH] CWE-453 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connect

CVE-2024-49123 [HIGH] CWE-591 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. FAQ: According to the CVSS metric, t

CVE-2024-49093 [HIGH] CWE-681 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher i

CVE-2024-49085 [HIGH] CWE-190 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Windows Rout

CVE-2024-49103 [MEDIUM] CWE-191 Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain kernel memory content. Windows Wireless Wide Area Network Service: Windows Wireless Wide Area Network Service Microsoft: Microsoft Customer Acti

CVE-2024-49077 [MEDIUM] CWE-191 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Windows Mobile Broadband Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physic

CVE-2024-49099 [MEDIUM] CWE-125 Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain kernel memory content. FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An att

CVE-2024-49078 [MEDIUM] CWE-190 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Windows Mobile Broadband Driver Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who succe

CVE-2024-49094 [MEDIUM] CWE-122 Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Wireless Wide Area Network Service: Windows Wireless Wide Area Network Service Microsoft: Microsoft Custo

CVE-2024-49110 [MEDIUM] CWE-125 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Windows Mobile Broadband Driver Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who succe

CVE-2024-49092 [MEDIUM] CWE-125 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Windows Mobile Broadband Driver Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who succe

CVE-2024-49098 [MEDIUM] CWE-125 Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. FAQ: What type of information could be disclosed by this vulnerability? Exploi