Description
Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, cause denial of service, gain privileges, obtain sensitive information, spoof user interface, read local files.
Below is a complete list of vulnerabilities:
- A remote code execution vulnerability in Windows Distributed Transaction Coordinator can be exploited remotely to execute arbitrary code.
- A security feature bypass vulnerability in Secure Boot can be exploited remotely to bypass security restrictions.
- A denial of service vulnerability in Windows Remote Desktop Gateway (RD Gateway) can be exploited remotely to cause denial of service.
- A denial of service vulnerability in Windows iSCSI Service can be exploited remotely to cause denial of service.
- An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Remote Access Connection Manager can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Filtering Platform can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Image Acquisition can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Workstation Service can be exploited remotely to gain privileges.
- A denial of service vulnerability in Windows Network Driver Interface Specification (NDIS) can be exploited remotely to cause denial of service.
- A denial of service vulnerability in Windows Layer-2 Bridge Network Driver can be exploited remotely to cause denial of service.
- A remote code execution vulnerability in Windows Layer-2 Bridge Network Driver can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver can be exploited remotely to gain privileges.
- A security feature bypass vulnerability in Windows Cryptographic Services can be exploited remotely to bypass security restrictions.
- A denial of service vulnerability in Windows Remote Desktop Licensing Service can be exploited remotely to cause denial of service.
- A remote code execution vulnerability in Windows Remote Desktop Licensing Service can be exploited remotely to execute arbitrary code.
- An information disclosure vulnerability in Microsoft Windows Codecs Library can be exploited remotely to obtain sensitive information.
- A denial of service vulnerability in Windows Online Certificate Status Protocol (OCSP) Server can be exploited remotely to cause denial of service.
- A remote code execution vulnerability in DHCP Server Service can be exploited remotely to execute arbitrary code.
- A security feature bypass vulnerability in BitLocker can be exploited remotely to bypass security restrictions.
- A denial of service vulnerability in Windows Line Printer Daemon Service can be exploited remotely to cause denial of service.
- A security feature bypass vulnerability in Windows LockDown Policy (WLDP) can be exploited remotely to bypass security restrictions.
- An information disclosure vulnerability in Windows TCP/IP can be exploited remotely to obtain sensitive information.
- A spoofing vulnerability in Windows NTLM can be exploited remotely to spoof user interface.
- An information disclosure vulnerability in Windows Remote Access Connection Manager can be exploited remotely to obtain sensitive information.
- A remote code execution vulnerability in Microsoft Windows Performance Data Helper Library can be exploited remotely to execute arbitrary code.
- A remote code execution vulnerability in Windows Imaging Component can be exploited remotely to execute arbitrary code.
- A remote code execution vulnerability in Windows Graphics Component can be exploited remotely to execute arbitrary code.
- A spoofing vulnerability in CERT/CC: CVE-2024-3596 RADIUS Protocol can be exploited remotely to spoof user interface.
- An elevation of privilege vulnerability in DCOM Remote Cross-Session Activation can be exploited remotely to gain privileges.
- A spoofing vulnerability in Windows Themes can be exploited remotely to spoof user interface.
- A denial of service vulnerability in Microsoft WS-Discovery can be exploited remotely to cause denial of service.
- A remote code execution vulnerability in Windows Fax Service can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Github: CVE-2024-39684 TenCent RapidJSON can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Microsoft Windows Server Backup can be exploited remotely to gain privileges.
- A spoofing vulnerability in Windows MSHTML Platform can be exploited remotely to spoof user interface.
- An elevation of privilege vulnerability in PowerShell can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Microsoft Message Queuing can be exploited remotely to obtain sensitive information.
- An elevation of privilege vulnerability in Windows Win32k can be exploited remotely to gain privileges.
Original advisories
- CVE-2024-37974
- CVE-2024-38015
- CVE-2024-35270
- CVE-2024-38085
- CVE-2024-37988
- CVE-2024-37972
- CVE-2024-30079
- CVE-2024-38034
- CVE-2024-38022
- CVE-2024-38050
- CVE-2024-38048
- CVE-2024-37984
- CVE-2024-38105
- CVE-2024-38053
- CVE-2024-38102
- CVE-2024-38054
- CVE-2024-30098
- CVE-2024-38071
- CVE-2024-37971
- CVE-2024-38077
- CVE-2024-38010
- CVE-2024-38056
- CVE-2024-37987
- CVE-2024-38031
- CVE-2024-37986
- CVE-2024-38044
- CVE-2024-38079
- CVE-2024-37973
- CVE-2024-38058
- CVE-2024-37969
- CVE-2024-38027
- CVE-2024-38065
- CVE-2024-38055
- CVE-2024-38070
- CVE-2024-38064
- CVE-2024-30081
- CVE-2024-30071
- CVE-2024-38028
- CVE-2024-38060
- CVE-2024-38074
- CVE-2024-38051
- CVE-2024-38057
- CVE-2024-37970
- CVE-2024-3596
- CVE-2024-38011
- CVE-2024-28899
- CVE-2024-38061
- CVE-2024-38052
- CVE-2024-38030
- CVE-2024-38091
- CVE-2024-38104
- CVE-2024-39684
- CVE-2024-37989
- CVE-2024-38101
- CVE-2024-38025
- CVE-2024-38073
- CVE-2024-38067
- CVE-2024-38013
- CVE-2024-38019
- CVE-2024-38112
- CVE-2024-38033
- CVE-2024-37975
- CVE-2024-38068
- CVE-2024-38017
- CVE-2024-38066
Exploitation
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-Server-2008
CVE list
- CVE-2024-38049 high
- CVE-2024-37974 high
- CVE-2024-38015 high
- CVE-2024-35270 high
- CVE-2024-38085 high
- CVE-2024-37988 high
- CVE-2024-37972 high
- CVE-2024-30079 high
- CVE-2024-38034 high
- CVE-2024-38022 high
- CVE-2024-38050 high
- CVE-2024-38048 high
- CVE-2024-37984 high
- CVE-2024-38105 high
- CVE-2024-38053 high
- CVE-2024-38102 high
- CVE-2024-38054 high
- CVE-2024-30098 high
- CVE-2024-38071 high
- CVE-2024-37971 high
- CVE-2024-38077 critical
- CVE-2024-38010 high
- CVE-2024-38056 high
- CVE-2024-37987 high
- CVE-2024-38031 high
- CVE-2024-37986 high
- CVE-2024-38044 high
- CVE-2024-38079 high
- CVE-2024-37973 high
- CVE-2024-38058 high
- CVE-2024-37969 high
- CVE-2024-38027 high
- CVE-2024-38065 high
- CVE-2024-38055 high
- CVE-2024-38070 high
- CVE-2024-38064 high
- CVE-2024-30081 high
- CVE-2024-30071 warning
- CVE-2024-38028 high
- CVE-2024-38060 high
- CVE-2024-38074 critical
- CVE-2024-38051 high
- CVE-2024-38057 high
- CVE-2024-37970 high
- CVE-2024-3596 high
- CVE-2024-38011 high
- CVE-2024-28899 high
- CVE-2024-38061 high
- CVE-2024-38052 high
- CVE-2024-38030 high
- CVE-2024-38091 high
- CVE-2024-38104 high
- CVE-2024-39684 high
- CVE-2024-37989 high
- CVE-2024-38101 high
- CVE-2024-38025 high
- CVE-2024-38073 high
- CVE-2024-38067 high
- CVE-2024-38013 high
- CVE-2024-38019 high
- CVE-2024-38112 high
- CVE-2024-38033 high
- CVE-2024-37975 high
- CVE-2024-38068 high
- CVE-2024-38017 high
- CVE-2024-38066 high
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!