Multiple vulnerabilities in Microsoft Windows

Description

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, execute arbitrary code, spoof user interface, bypass security restrictions, obtain sensitive information.

Below is a complete list of vulnerabilities:

1. An elevation of privilege vulnerability in Windows Update Stack can be exploited remotely to gain privileges.
2. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
3. A denial of service vulnerability in Microsoft Virtual Hard Disk (VHDX) can be exploited remotely to cause denial of service.
4. An elevation of privilege vulnerability in Microsoft Windows VMSwitch can be exploited remotely to gain privileges.
5. An elevation of privilege vulnerability in Windows USB Video Class System Driver can be exploited remotely to gain privileges.
6. An elevation of privilege vulnerability in Windows DWM Core Library can be exploited remotely to gain privileges.
7. A remote code execution vulnerability in Windows Telephony Service can be exploited remotely to execute arbitrary code.
8. A denial of service vulnerability in Windows Hyper-V can be exploited remotely to cause denial of service.
9. An elevation of privilege vulnerability in Windows Registry can be exploited remotely to gain privileges.
10. A spoofing vulnerability in Windows DNS can be exploited remotely to spoof user interface.
11. An elevation of privilege vulnerability in Windows Secure Kernel Mode can be exploited remotely to gain privileges.
12. An elevation of privilege vulnerability in Windows Kernel-Mode Driver can be exploited remotely to gain privileges.
13. A remote code execution vulnerability in Windows KDC Proxy can be exploited remotely to execute arbitrary code.
14. An elevation of privilege vulnerability in Windows NT OS Kernel can be exploited remotely to gain privileges.
15. An elevation of privilege vulnerability in Windows Client-Side Caching can be exploited remotely to gain privileges.
16. An elevation of privilege vulnerability in Windows Hyper-V Shared Virtual Disk can be exploited remotely to gain privileges.
17. A denial of service vulnerability in Windows SMB can be exploited remotely to cause denial of service.
18. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
19. An elevation of privilege vulnerability in Windows Win32 Kernel Subsystem can be exploited remotely to gain privileges.
20. An elevation of privilege vulnerability in Windows Telephony Service can be exploited remotely to gain privileges.
21. A security feature bypass vulnerability in Windows Defender Application Control (WDAC) can be exploited remotely to bypass security restrictions.
22. A spoofing vulnerability in NTLM Hash Disclosure can be exploited remotely to spoof user interface.
23. A remote code execution vulnerability in Windows SMBv3 Server can be exploited remotely to execute arbitrary code.
24. An elevation of privilege vulnerability in Windows Task Scheduler can be exploited remotely to gain privileges.
25. An elevation of privilege vulnerability in Active Directory Certificate Services can be exploited remotely to gain privileges.
26. An information disclosure vulnerability in Windows Package Library Manager can be exploited remotely to obtain sensitive information.

Original advisories

• CVE-2024-43530

• CVE-2024-43636
• CVE-2024-38264
• CVE-2024-43625
• CVE-2024-43643
• CVE-2024-43449
• CVE-2024-43629
• CVE-2024-43621
• CVE-2024-43633
• CVE-2024-43638
• CVE-2024-43452
• CVE-2024-43450
• CVE-2024-43620
• CVE-2024-43646
• CVE-2024-43640
• CVE-2024-43639
• CVE-2024-43623
• CVE-2024-43644
• CVE-2024-43624
• CVE-2024-43635
• CVE-2024-43642
• CVE-2024-43630
• CVE-2024-49046
• CVE-2024-43626
• CVE-2024-43645
• CVE-2024-43641
• CVE-2024-43451
• CVE-2024-43627
• CVE-2024-43447
• CVE-2024-49039
• CVE-2024-43631
• CVE-2024-43634
• CVE-2024-43637
• CVE-2024-43622
• CVE-2024-49019
• CVE-2024-43628
• CVE-2024-38203

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-10
• Microsoft-Windows-Server-2016
• Microsoft-Windows-Server-2019
• Microsoft-Windows-11
• Microsoft-Windows-Server-2022

CVE list

• CVE-2024-43635
  critical
• CVE-2024-43636
  critical
• CVE-2024-43626
  critical
• CVE-2024-49046
  critical
• CVE-2024-43643
  high
• CVE-2024-43449
  high
• CVE-2024-43641
  critical
• CVE-2024-43621
  critical
• CVE-2024-43638
  high
• CVE-2024-43451
  high
• CVE-2024-43627
  critical
• CVE-2024-43452
  critical
• CVE-2024-43450
  critical
• CVE-2024-43620
  critical
• CVE-2024-43634
  high
• CVE-2024-43639
  critical
• CVE-2024-43637
  high
• CVE-2024-43622
  critical
• CVE-2024-49019
  critical
• CVE-2024-43628
  critical
• CVE-2024-38203
  high
• CVE-2024-43623
  critical
• CVE-2024-43644
  critical
• CVE-2024-43530
  critical
• CVE-2024-38264
  high
• CVE-2024-43625
  critical
• CVE-2024-43629
  critical
• CVE-2024-43633
  high
• CVE-2024-43646
  critical
• CVE-2024-43640
  critical
• CVE-2024-43624
  critical
• CVE-2024-43642
  critical
• CVE-2024-43630
  critical
• CVE-2024-43645
  critical
• CVE-2024-43447
  critical
• CVE-2024-49039
  critical
• CVE-2024-43631
  critical

KB list

• 5046633
• 5046616
• 5046615
• 5046613
• 5046618
• 5046696
• 5046612
• 5046617
• 5046665
• 5046698

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com