Multiple vulnerabilities in Microsoft Windows

Description

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, gain privileges, spoof user interface, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Windows Kernel can be exploited remotely to execute arbitrary code.
2. A remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL Server can be exploited remotely to execute arbitrary code.
3. A remote code execution vulnerability in Windows Pragmatic General Multicast (PGM) can be exploited remotely to execute arbitrary code.
4. A denial of service vulnerability in Windows DNS Client can be exploited remotely to cause denial of service.
5. A remote code execution vulnerability in Microsoft ActiveX Data Objects can be exploited remotely to execute arbitrary code.
6. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
7. A DNSSEC verification vulnerability can be exploited remotely to cause denial of service.
8. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
9. An elevation of privilege vulnerability in Trusted Compute Base can be exploited remotely to gain privileges.
10. A denial of service vulnerability in Internet Connection Sharing (ICS) can be exploited remotely to cause denial of service.
11. A remote code execution vulnerability in Windows USB Generic Parent Driver can be exploited remotely to execute arbitrary code.
12. A remote code execution vulnerability in Microsoft WDAC ODBC Driver can be exploited remotely to execute arbitrary code.
13. An elevation of privilege vulnerability in Microsoft Message Queuing (MSMQ) can be exploited remotely to gain privileges.
14. A denial of service vulnerability in Windows Hyper-V can be exploited remotely to cause denial of service.
15. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
16. A spoofing vulnerability in Windows Printing Service can be exploited remotely to spoof user interface.
17. A denial of service vulnerability in Windows Network Address Translation (NAT) can be exploited remotely to cause denial of service.
18. An information disclosure vulnerability in Windows DNS can be exploited remotely to obtain sensitive information.
19. A denial of service vulnerability in Windows Lightweight Directory Access Protocol (LDAP) can be exploited remotely to cause denial of service.
20. A remote code execution vulnerability in Windows OLE can be exploited remotely to execute arbitrary code.
21. A security feature bypass vulnerability in Windows Kernel can be exploited remotely to bypass security restrictions.
22. A remote code execution vulnerability in Microsoft ODBC Driver can be exploited remotely to execute arbitrary code.
23. A remote code execution vulnerability in Microsoft Message Queuing (MSMQ) can be exploited remotely to execute arbitrary code.
24. A security feature bypass vulnerability in Windows SmartScreen can be exploited remotely to bypass security restrictions.
25. A security feature bypass vulnerability in Internet Shortcut Files can be exploited remotely to bypass security restrictions.

Original advisories

• CVE-2024-21341

• CVE-2024-21365
• CVE-2024-21342
• CVE-2024-21359
• CVE-2024-21368
• CVE-2024-21367
• CVE-2024-21349
• CVE-2024-21340
• CVE-2023-50387
• CVE-2024-21338
• CVE-2024-21304
• CVE-2024-21348
• CVE-2024-21339
• CVE-2024-21360
• CVE-2024-21370
• CVE-2024-21353
• CVE-2024-21405
• CVE-2024-21355
• CVE-2024-21420
• CVE-2024-21358
• CVE-2024-21361
• CVE-2024-21369
• CVE-2024-21346
• CVE-2024-21406
• CVE-2024-21350
• CVE-2024-21345
• CVE-2024-21344
• CVE-2024-21371
• CVE-2024-21377
• CVE-2024-21354
• CVE-2024-21356
• CVE-2024-21391
• CVE-2024-21372
• CVE-2024-21343
• CVE-2024-21352
• CVE-2024-21375
• CVE-2024-21362
• CVE-2024-21347
• CVE-2024-21366
• CVE-2024-21363
• CVE-2024-21351
• CVE-2024-21412
• CVE-2024-21357
• CVE-2024-20684

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-10
• Microsoft-Windows-Server-2016
• Microsoft-Windows-Server-2019
• Microsoft-Windows-11

CVE list

• CVE-2024-21341
  high
• CVE-2024-21365
  critical
• CVE-2024-21357
  critical
• CVE-2024-21342
  critical
• CVE-2024-21359
  critical
• CVE-2024-21368
  critical
• CVE-2024-21367
  critical
• CVE-2024-21349
  critical
• CVE-2024-21340
  warning
• CVE-2023-50387
  critical
• CVE-2024-21338
  critical
• CVE-2024-21304
  warning
• CVE-2024-21348
  critical
• CVE-2024-21339
  high
• CVE-2024-21360
  critical
• CVE-2024-21370
  critical
• CVE-2024-21353
  critical
• CVE-2024-21405
  high
• CVE-2024-21355
  high
• CVE-2024-21420
  critical
• CVE-2024-21358
  critical
• CVE-2024-21361
  critical
• CVE-2024-20684
  high
• CVE-2024-21369
  critical
• CVE-2024-21346
  critical
• CVE-2024-21406
  critical
• CVE-2024-21350
  critical
• CVE-2024-21345
  critical
• CVE-2024-21344
  high
• CVE-2024-21371
  high
• CVE-2024-21377
  high
• CVE-2024-21354
  critical
• CVE-2024-21356
  high
• CVE-2024-21391
  critical
• CVE-2024-21372
  critical
• CVE-2024-21343
  critical
• CVE-2024-21352
  critical
• CVE-2024-21375
  critical
• CVE-2024-21362
  high
• CVE-2024-21347
  critical
• CVE-2024-21366
  critical
• CVE-2024-21363
  critical
• CVE-2024-21351
  critical
• CVE-2024-21412
  critical

KB list

• 5034765
• 5034766
• 5034774
• 5034767
• 5034763
• 5034768
• 5034770
• 5034769

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com