Multiple vulnerabilities in Microsoft Windows

Description

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, gain privileges, obtain sensitive information, bypass security restrictions, spoof user interface.

Below is a complete list of vulnerabilities:

1. A denial of service vulnerability in Microsoft AllJoyn API can be exploited remotely to cause denial of service.
2. A remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL Server can be exploited remotely to execute arbitrary code.
3. A remote code execution vulnerability in Microsoft ODBC Driver can be exploited remotely to execute arbitrary code.
4. An elevation of privilege vulnerability in NTFS can be exploited remotely to gain privileges.
5. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
6. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
7. An elevation of privilege vulnerability in Windows Composite Image File System (CimFS) can be exploited remotely to gain privileges.
8. An elevation of privilege vulnerability in Windows Update Stack can be exploited remotely to gain privileges.
9. An information disclosure vulnerability in Windows Cloud Files Mini Filter Driver can be exploited remotely to obtain sensitive information.
10. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
11. A denial of service vulnerability in Windows Hyper-V can be exploited remotely to cause denial of service.
12. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely to execute arbitrary code.
13. A remote code execution vulnerability in Windows USB Attached SCSI (UAS) Protocol can be exploited remotely to execute arbitrary code.
14. An elevation of privilege vulnerability in Windows Error Reporting Service can be exploited remotely to gain privileges.
15. A denial of service vulnerability in Windows Kernel can be exploited remotely to cause denial of service.
16. An information disclosure vulnerability in RFDS can be exploited remotely to obtain sensitive information.
17. An elevation of privilege vulnerability in Windows USB Print Driver can be exploited remotely to gain privileges.
18. An elevation of privilege vulnerability in Windows Telephony Server can be exploited remotely to gain privileges.
19. A denial of service vulnerability in Windows Standards-Based Storage Management Service can be exploited remotely to cause denial of service.
20. An elevation of privilege vulnerability in Microsoft Windows SCSI Class System File can be exploited remotely to gain privileges.
21. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
22. A security feature bypass vulnerability in Hypervisor-Protected Code Integrity (HVCI) can be exploited remotely to bypass security restrictions.
23. A security feature bypass vulnerability in Windows Kerberos can be exploited remotely to bypass security restrictions.
24. A remote code execution vulnerability in Windows USB Hub Driver can be exploited remotely to execute arbitrary code.
25. A tampering vulnerability in Windows Compressed Folder can be exploited remotely to spoof user interface.
26. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
27. A denial of service vulnerability in Microsoft QUIC can be exploited remotely to cause denial of service.
28. A remote code execution vulnerability in Windows OLE can be exploited remotely to execute arbitrary code.

Original advisories

• CVE-2024-21438

• CVE-2024-21441
• CVE-2024-26162
• CVE-2024-21446
• CVE-2024-21443
• CVE-2024-21440
• CVE-2024-26182
• CVE-2024-21433
• CVE-2024-21444
• CVE-2024-26173
• CVE-2024-26170
• CVE-2024-21432
• CVE-2024-26160
• CVE-2024-21437
• CVE-2024-21408
• CVE-2024-21407
• CVE-2024-21430
• CVE-2024-26169
• CVE-2024-26181
• CVE-2023-28746
• CVE-2024-26178
• CVE-2024-21445
• CVE-2024-21439
• CVE-2024-26197
• CVE-2024-21434
• CVE-2024-21450
• CVE-2024-26161
• CVE-2024-26159
• CVE-2024-21442
• CVE-2024-26177
• CVE-2024-26176
• CVE-2024-26174
• CVE-2024-21431
• CVE-2024-21427
• CVE-2024-21429
• CVE-2024-21451
• CVE-2024-26185
• CVE-2024-21436
• CVE-2024-26190
• CVE-2024-21435
• CVE-2024-26166

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

• Microsoft-Windows-10
• Microsoft-Windows-Server-2016
• Microsoft-Windows-Server-2019
• Microsoft-Windows-11

CVE list

• CVE-2024-21439
  high
• CVE-2024-26197
  high
• CVE-2024-21441
  critical
• CVE-2024-21450
  warning
• CVE-2024-26161
  critical
• CVE-2024-26162
  critical
• CVE-2024-21446
  critical
• CVE-2024-26166
  critical
• CVE-2024-26159
  critical
• CVE-2024-21440
  warning
• CVE-2024-26177
  high
• CVE-2024-21433
  high
• CVE-2024-21444
  critical
• CVE-2024-26176
  warning
• CVE-2024-26173
  critical
• CVE-2024-21432
  high
• CVE-2024-21430
  warning
• CVE-2024-26174
  high
• CVE-2024-21437
  critical
• CVE-2024-21407
  critical
• CVE-2024-21427
  critical
• CVE-2024-21429
  high
• CVE-2024-21451
  critical
• CVE-2024-26169
  critical
• CVE-2024-21436
  critical
• CVE-2024-26181
  high
• CVE-2023-28746
  warning
• CVE-2024-26178
  critical
• CVE-2024-21438
  critical
• CVE-2024-21443
  high
• CVE-2024-26182
  critical
• CVE-2024-26170
  critical
• CVE-2024-26160
  warning
• CVE-2024-21408
  high
• CVE-2024-21445
  high
• CVE-2024-21434
  critical
• CVE-2024-21442
  critical
• CVE-2024-21431
  critical
• CVE-2024-26185
  high
• CVE-2024-26190
  critical
• CVE-2024-21435
  critical

KB list

• 5035855
• 5035856
• 5035853
• 5035854
• 5035849
• 5035857
• 5035959
• 5035858
• 5035845
• 5036899
• 5036909
• 5036910
• 5036896

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com