Multiple vulnerabilities in Microsoft Windows

Описание

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, gain privileges, obtain sensitive information, bypass security restrictions, spoof user interface.

Below is a complete list of vulnerabilities:

1. A denial of service vulnerability in Microsoft AllJoyn API can be exploited remotely to cause denial of service.
2. A remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL Server can be exploited remotely to execute arbitrary code.
3. A remote code execution vulnerability in Microsoft ODBC Driver can be exploited remotely to execute arbitrary code.
4. An elevation of privilege vulnerability in NTFS can be exploited remotely to gain privileges.
5. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
6. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
7. An elevation of privilege vulnerability in Windows Composite Image File System (CimFS) can be exploited remotely to gain privileges.
8. An elevation of privilege vulnerability in Windows Update Stack can be exploited remotely to gain privileges.
9. An information disclosure vulnerability in Windows Cloud Files Mini Filter Driver can be exploited remotely to obtain sensitive information.
10. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
11. A denial of service vulnerability in Windows Hyper-V can be exploited remotely to cause denial of service.
12. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely to execute arbitrary code.
13. A remote code execution vulnerability in Windows USB Attached SCSI (UAS) Protocol can be exploited remotely to execute arbitrary code.
14. An elevation of privilege vulnerability in Windows Error Reporting Service can be exploited remotely to gain privileges.
15. A denial of service vulnerability in Windows Kernel can be exploited remotely to cause denial of service.
16. An information disclosure vulnerability in RFDS can be exploited remotely to obtain sensitive information.
17. An elevation of privilege vulnerability in Windows USB Print Driver can be exploited remotely to gain privileges.
18. An elevation of privilege vulnerability in Windows Telephony Server can be exploited remotely to gain privileges.
19. A denial of service vulnerability in Windows Standards-Based Storage Management Service can be exploited remotely to cause denial of service.
20. An elevation of privilege vulnerability in Microsoft Windows SCSI Class System File can be exploited remotely to gain privileges.
21. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
22. A security feature bypass vulnerability in Hypervisor-Protected Code Integrity (HVCI) can be exploited remotely to bypass security restrictions.
23. A security feature bypass vulnerability in Windows Kerberos can be exploited remotely to bypass security restrictions.
24. A remote code execution vulnerability in Windows USB Hub Driver can be exploited remotely to execute arbitrary code.
25. A tampering vulnerability in Windows Compressed Folder can be exploited remotely to spoof user interface.
26. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
27. A denial of service vulnerability in Microsoft QUIC can be exploited remotely to cause denial of service.
28. A remote code execution vulnerability in Windows OLE can be exploited remotely to execute arbitrary code.

Первичный источник обнаружения

• CVE-2024-21438
  CVE-2024-21441
  CVE-2024-26162
  CVE-2024-21446
  CVE-2024-21443
  CVE-2024-21440
  CVE-2024-26182
  CVE-2024-21433
  CVE-2024-21444
  CVE-2024-26173
  CVE-2024-26170
  CVE-2024-21432
  CVE-2024-26160
  CVE-2024-21437
  CVE-2024-21408
  CVE-2024-21407
  CVE-2024-21430
  CVE-2024-26169
  CVE-2024-26181
  CVE-2023-28746
  CVE-2024-26178
  CVE-2024-21445
  CVE-2024-21439
  CVE-2024-26197
  CVE-2024-21434
  CVE-2024-21450
  CVE-2024-26161
  CVE-2024-26159
  CVE-2024-21442
  CVE-2024-26177
  CVE-2024-26176
  CVE-2024-26174
  CVE-2024-21431
  CVE-2024-21427
  CVE-2024-21429
  CVE-2024-21451
  CVE-2024-26185
  CVE-2024-21436
  CVE-2024-26190
  CVE-2024-21435
  CVE-2024-26166
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Windows-10
• Microsoft-Windows-Server-2016
• Microsoft-Windows-Server-2019
• Microsoft-Windows-11

Список CVE

• CVE-2024-21439
  high
• CVE-2024-26197
  high
• CVE-2024-21441
  critical
• CVE-2024-21450
  warning
• CVE-2024-26161
  critical
• CVE-2024-26162
  critical
• CVE-2024-21446
  critical
• CVE-2024-26166
  critical
• CVE-2024-26159
  critical
• CVE-2024-21440
  warning
• CVE-2024-26177
  high
• CVE-2024-21433
  high
• CVE-2024-21444
  critical
• CVE-2024-26176
  warning
• CVE-2024-26173
  critical
• CVE-2024-21432
  high
• CVE-2024-21430
  warning
• CVE-2024-26174
  high
• CVE-2024-21437
  critical
• CVE-2024-21407
  critical
• CVE-2024-21427
  critical
• CVE-2024-21429
  high
• CVE-2024-21451
  critical
• CVE-2024-26169
  critical
• CVE-2024-21436
  critical
• CVE-2024-26181
  high
• CVE-2023-28746
  warning
• CVE-2024-26178
  critical
• CVE-2024-21438
  critical
• CVE-2024-21443
  high
• CVE-2024-26182
  critical
• CVE-2024-26170
  critical
• CVE-2024-26160
  warning
• CVE-2024-21408
  high
• CVE-2024-21445
  high
• CVE-2024-21434
  critical
• CVE-2024-21442
  critical
• CVE-2024-21431
  critical
• CVE-2024-26185
  high
• CVE-2024-26190
  critical
• CVE-2024-21435
  critical

Список KB

• 5035855
• 5035856
• 5035853
• 5035854
• 5035849
• 5035857
• 5035959
• 5035858
• 5035845
• 5036899
• 5036909
• 5036910
• 5036896

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com