Kaspersky ID:
KLA67433
Detect Date:
05/14/2024
Updated:
09/17/2024

Description

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, obtain sensitive information, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely to execute arbitrary code.
  2. A remote code execution vulnerability in Windows Mobile Broadband Driver can be exploited remotely to execute arbitrary code.
  3. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
  4. A remote code execution vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to execute arbitrary code.
  5. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  6. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
  7. A denial of service vulnerability in DHCP Server Service can be exploited remotely to cause denial of service.
  8. An information disclosure vulnerability in Windows Remote Access Connection Manager can be exploited remotely to obtain sensitive information.
  9. An elevation of privilege vulnerability in Windows CNG Key Isolation Service can be exploited remotely to gain privileges.
  10. An elevation of privilege vulnerability in Windows DWM Core Library can be exploited remotely to gain privileges.
  11. An information disclosure vulnerability in Windows Cryptographic Services can be exploited remotely to obtain sensitive information.
  12. A denial of service vulnerability in Windows Hyper-V can be exploited remotely to cause denial of service.
  13. An elevation of privilege vulnerability in Microsoft Windows SCSI Class System File can be exploited remotely to gain privileges.
  14. An elevation of privilege vulnerability in Windows Win32 Kernel Subsystem can be exploited remotely to gain privileges.
  15. An elevation of privilege vulnerability in NTFS can be exploited remotely to gain privileges.
  16. An elevation of privilege vulnerability in Microsoft Brokering File System can be exploited remotely to gain privileges.
  17. A security feature bypass vulnerability in Windows Mark of the Web can be exploited remotely to bypass security restrictions.
  18. An information disclosure vulnerability in Windows DWM Core Library can be exploited remotely to obtain sensitive information.
  19. A security feature bypass vulnerability in Windows MSHTML Platform can be exploited remotely to bypass security restrictions.
  20. An elevation of privilege vulnerability in Windows Search Service can be exploited remotely to gain privileges.
  21. An information disclosure vulnerability in Windows Cloud Files Mini Filter Driver can be exploited remotely to obtain sensitive information.
  22. An elevation of privilege vulnerability in Microsoft PLUGScheduler Scheduled Task can be exploited remotely to gain privileges.
  23. A remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL Server can be exploited remotely to execute arbitrary code.
  24. An information disclosure vulnerability in Windows Deployment Services can be exploited remotely to obtain sensitive information.
  25. A remote code execution vulnerability in Windows Cryptographic Services can be exploited remotely to execute arbitrary code.
 
 

 

 

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

CVE list

  • CVE-2024-30010
    critical
  • CVE-2024-29999
    high
  • CVE-2024-29998
    high
  • CVE-2024-30025
    critical
  • CVE-2024-30015
    critical
  • CVE-2024-30018
    critical
  • CVE-2024-30009
    critical
  • CVE-2024-30021
    high
  • CVE-2024-30028
    critical
  • CVE-2024-30019
    high
  • CVE-2024-30039
    high
  • CVE-2024-30031
    critical
  • CVE-2024-30032
    critical
  • CVE-2024-30004
    high
  • CVE-2024-30024
    critical
  • CVE-2024-30016
    high
  • CVE-2024-30011
    high
  • CVE-2024-29994
    critical
  • CVE-2024-30049
    critical
  • CVE-2024-30014
    critical
  • CVE-2024-30005
    high
  • CVE-2024-30003
    high
  • CVE-2024-30027
    critical
  • CVE-2024-29997
    high
  • CVE-2024-30007
    critical
  • CVE-2024-30051
    critical
  • CVE-2024-30050
    high
  • CVE-2024-30017
    critical
  • CVE-2024-30038
    critical
  • CVE-2024-30000
    high
  • CVE-2024-30008
    high
  • CVE-2024-30037
    high
  • CVE-2024-30012
    high
  • CVE-2024-30022
    critical
  • CVE-2024-29996
    critical
  • CVE-2024-30040
    critical
  • CVE-2024-30033
    high
  • CVE-2024-30034
    high
  • CVE-2024-30029
    critical
  • CVE-2024-30035
    critical
  • CVE-2024-26238
    critical
  • CVE-2024-30006
    critical
  • CVE-2024-30001
    high
  • CVE-2024-30023
    critical
  • CVE-2024-30002
    high
  • CVE-2024-30036
    high
  • CVE-2024-30020
    critical

KB list

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Confirm changes?
Your message has been sent successfully.