Description
Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, spoof user interface, obtain sensitive information.
Below is a complete list of vulnerabilities:
- A remote code execution vulnerability in Windows Telephony Service can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Telephony Service can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Win32 Kernel Subsystem can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows USB Video Class System Driver can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Registry can be exploited remotely to gain privileges.
- A spoofing vulnerability in NTLM Hash Disclosure can be exploited remotely to spoof user interface.
- A spoofing vulnerability in Windows DNS can be exploited remotely to spoof user interface.
- A remote code execution vulnerability in Windows KDC Proxy can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Active Directory Certificate Services can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Windows Package Library Manager can be exploited remotely to obtain sensitive information.
- An elevation of privilege vulnerability in Windows NT OS Kernel can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Client-Side Caching can be exploited remotely to gain privileges.
Original advisories
- CVE-2024-43636
- CVE-2024-43626
- CVE-2024-49046
- CVE-2024-43643
- CVE-2024-43449
- CVE-2024-43641
- CVE-2024-43621
- CVE-2024-43638
- CVE-2024-43451
- CVE-2024-43627
- CVE-2024-43452
- CVE-2024-43450
- CVE-2024-43620
- CVE-2024-43634
- CVE-2024-43639
- CVE-2024-43637
- CVE-2024-43622
- CVE-2024-49019
- CVE-2024-43628
- CVE-2024-38203
- CVE-2024-43623
- CVE-2024-43644
Exploitation
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-Server-2008
- Microsoft-Windows-10
- Microsoft-Windows-Server-2016
- Microsoft-Windows-Server-2019
- Microsoft-Windows-11
- Microsoft-Windows-Server-2022
CVE list
- CVE-2024-43635 high
- CVE-2024-43636 high
- CVE-2024-43626 high
- CVE-2024-49046 high
- CVE-2024-43643 high
- CVE-2024-43449 high
- CVE-2024-43641 high
- CVE-2024-43621 high
- CVE-2024-43638 high
- CVE-2024-43451 high
- CVE-2024-43627 high
- CVE-2024-43452 high
- CVE-2024-43450 high
- CVE-2024-43620 high
- CVE-2024-43634 high
- CVE-2024-43639 critical
- CVE-2024-43637 high
- CVE-2024-43622 high
- CVE-2024-49019 high
- CVE-2024-43628 high
- CVE-2024-38203 high
- CVE-2024-43623 high
- CVE-2024-43644 high
KB list
- 5046633
- 5046616
- 5046615
- 5046613
- 5046618
- 5046661
- 5046696
- 5046612
- 5046682
- 5046617
- 5046705
- 5046665
- 5046630
- 5046697
- 5046687
- 5046639
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!