Описание
Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, cause denial of service, gain privileges, obtain sensitive information, spoof user interface, read local files.
Below is a complete list of vulnerabilities:
- A remote code execution vulnerability in Windows Distributed Transaction Coordinator can be exploited remotely to execute arbitrary code.
- A security feature bypass vulnerability in Secure Boot can be exploited remotely to bypass security restrictions.
- A denial of service vulnerability in Windows Remote Desktop Gateway (RD Gateway) can be exploited remotely to cause denial of service.
- A denial of service vulnerability in Windows iSCSI Service can be exploited remotely to cause denial of service.
- An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Remote Access Connection Manager can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Filtering Platform can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Image Acquisition can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Workstation Service can be exploited remotely to gain privileges.
- A denial of service vulnerability in Windows Network Driver Interface Specification (NDIS) can be exploited remotely to cause denial of service.
- A denial of service vulnerability in Windows Layer-2 Bridge Network Driver can be exploited remotely to cause denial of service.
- A remote code execution vulnerability in Windows Layer-2 Bridge Network Driver can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver can be exploited remotely to gain privileges.
- A security feature bypass vulnerability in Windows Cryptographic Services can be exploited remotely to bypass security restrictions.
- A denial of service vulnerability in Windows Remote Desktop Licensing Service can be exploited remotely to cause denial of service.
- A remote code execution vulnerability in Windows Remote Desktop Licensing Service can be exploited remotely to execute arbitrary code.
- An information disclosure vulnerability in Microsoft Windows Codecs Library can be exploited remotely to obtain sensitive information.
- A denial of service vulnerability in Windows Online Certificate Status Protocol (OCSP) Server can be exploited remotely to cause denial of service.
- A remote code execution vulnerability in DHCP Server Service can be exploited remotely to execute arbitrary code.
- A security feature bypass vulnerability in BitLocker can be exploited remotely to bypass security restrictions.
- A denial of service vulnerability in Windows Line Printer Daemon Service can be exploited remotely to cause denial of service.
- A security feature bypass vulnerability in Windows LockDown Policy (WLDP) can be exploited remotely to bypass security restrictions.
- An information disclosure vulnerability in Windows TCP/IP can be exploited remotely to obtain sensitive information.
- A spoofing vulnerability in Windows NTLM can be exploited remotely to spoof user interface.
- An information disclosure vulnerability in Windows Remote Access Connection Manager can be exploited remotely to obtain sensitive information.
- A remote code execution vulnerability in Microsoft Windows Performance Data Helper Library can be exploited remotely to execute arbitrary code.
- A remote code execution vulnerability in Windows Imaging Component can be exploited remotely to execute arbitrary code.
- A remote code execution vulnerability in Windows Graphics Component can be exploited remotely to execute arbitrary code.
- A spoofing vulnerability in CERT/CC: CVE-2024-3596 RADIUS Protocol can be exploited remotely to spoof user interface.
- An elevation of privilege vulnerability in DCOM Remote Cross-Session Activation can be exploited remotely to gain privileges.
- A spoofing vulnerability in Windows Themes can be exploited remotely to spoof user interface.
- A denial of service vulnerability in Microsoft WS-Discovery can be exploited remotely to cause denial of service.
- A remote code execution vulnerability in Windows Fax Service can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Github: CVE-2024-39684 TenCent RapidJSON can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Microsoft Windows Server Backup can be exploited remotely to gain privileges.
- A spoofing vulnerability in Windows MSHTML Platform can be exploited remotely to spoof user interface.
- An elevation of privilege vulnerability in PowerShell can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Microsoft Message Queuing can be exploited remotely to obtain sensitive information.
- An elevation of privilege vulnerability in Windows Win32k can be exploited remotely to gain privileges.
Первичный источник обнаружения
- CVE-2024-38049
CVE-2024-37974
CVE-2024-38015
CVE-2024-35270
CVE-2024-38085
CVE-2024-37988
CVE-2024-37972
CVE-2024-30079
CVE-2024-38034
CVE-2024-38022
CVE-2024-38050
CVE-2024-38048
CVE-2024-37984
CVE-2024-38105
CVE-2024-38053
CVE-2024-38102
CVE-2024-38054
CVE-2024-30098
CVE-2024-38071
CVE-2024-37971
CVE-2024-38077
CVE-2024-38010
CVE-2024-38056
CVE-2024-37987
CVE-2024-38031
CVE-2024-37986
CVE-2024-38044
CVE-2024-38079
CVE-2024-37973
CVE-2024-38058
CVE-2024-37969
CVE-2024-38027
CVE-2024-38065
CVE-2024-38055
CVE-2024-38070
CVE-2024-38064
CVE-2024-30081
CVE-2024-30071
CVE-2024-38028
CVE-2024-38060
CVE-2024-38074
CVE-2024-38051
CVE-2024-38057
CVE-2024-37970
CVE-2024-3596
CVE-2024-38011
CVE-2024-28899
CVE-2024-38061
CVE-2024-38052
CVE-2024-38030
CVE-2024-38091
CVE-2024-38104
CVE-2024-39684
CVE-2024-37989
CVE-2024-38101
CVE-2024-38025
CVE-2024-38073
CVE-2024-38067
CVE-2024-38013
CVE-2024-38019
CVE-2024-38112
CVE-2024-38033
CVE-2024-37975
CVE-2024-38068
CVE-2024-38017
CVE-2024-38066
CVE-2024-38099
Эксплуатация
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-Server-2008
Список CVE
- CVE-2024-38049 critical
- CVE-2024-37974 critical
- CVE-2024-38015 critical
- CVE-2024-35270 high
- CVE-2024-38085 critical
- CVE-2024-37988 critical
- CVE-2024-37972 critical
- CVE-2024-30079 critical
- CVE-2024-38034 critical
- CVE-2024-38022 high
- CVE-2024-38050 critical
- CVE-2024-38048 high
- CVE-2024-37984 critical
- CVE-2024-38105 high
- CVE-2024-38053 critical
- CVE-2024-38102 high
- CVE-2024-38054 critical
- CVE-2024-30098 critical
- CVE-2024-38071 critical
- CVE-2024-37971 critical
- CVE-2024-38077 critical
- CVE-2024-38010 critical
- CVE-2024-38056 high
- CVE-2024-37987 critical
- CVE-2024-38031 critical
- CVE-2024-37986 critical
- CVE-2024-38044 high
- CVE-2024-38079 critical
- CVE-2024-37973 critical
- CVE-2024-38058 high
- CVE-2024-37969 critical
- CVE-2024-38099 high
- CVE-2024-38027 high
- CVE-2024-38065 high
- CVE-2024-38055 high
- CVE-2024-38070 critical
- CVE-2024-38064 critical
- CVE-2024-30081 high
- CVE-2024-30071 warning
- CVE-2024-38028 high
- CVE-2024-38060 critical
- CVE-2024-38074 critical
- CVE-2024-38051 critical
- CVE-2024-38057 critical
- CVE-2024-37970 critical
- CVE-2024-3596 warning
- CVE-2024-38011 critical
- CVE-2024-28899 critical
- CVE-2024-38061 critical
- CVE-2024-38052 critical
- CVE-2024-38030 high
- CVE-2024-38091 critical
- CVE-2024-38104 critical
- CVE-2024-39684 warning
- CVE-2024-37989 critical
- CVE-2024-38101 high
- CVE-2024-38025 high
- CVE-2024-38073 critical
- CVE-2024-38067 critical
- CVE-2024-38013 high
- CVE-2024-38019 high
- CVE-2024-38112 critical
- CVE-2024-38033 high
- CVE-2024-37975 critical
- CVE-2024-38068 critical
- CVE-2024-38017 high
- CVE-2024-38066 critical
Список KB
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!