Описание
Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, spoof user interface, obtain sensitive information.
Below is a complete list of vulnerabilities:
- A remote code execution vulnerability in Windows Telephony Service can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Telephony Service can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Win32 Kernel Subsystem can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows USB Video Class System Driver can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Registry can be exploited remotely to gain privileges.
- A spoofing vulnerability in NTLM Hash Disclosure can be exploited remotely to spoof user interface.
- A spoofing vulnerability in Windows DNS can be exploited remotely to spoof user interface.
- A remote code execution vulnerability in Windows KDC Proxy can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Active Directory Certificate Services can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Windows Package Library Manager can be exploited remotely to obtain sensitive information.
- An elevation of privilege vulnerability in Windows NT OS Kernel can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Client-Side Caching can be exploited remotely to gain privileges.
Первичный источник обнаружения
- CVE-2024-43635
CVE-2024-43636
CVE-2024-43626
CVE-2024-49046
CVE-2024-43643
CVE-2024-43449
CVE-2024-43641
CVE-2024-43621
CVE-2024-43638
CVE-2024-43451
CVE-2024-43627
CVE-2024-43452
CVE-2024-43450
CVE-2024-43620
CVE-2024-43634
CVE-2024-43639
CVE-2024-43637
CVE-2024-43622
CVE-2024-49019
CVE-2024-43628
CVE-2024-38203
CVE-2024-43623
CVE-2024-43644
Эксплуатация
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-Server-2008
- Microsoft-Windows-10
- Microsoft-Windows-Server-2016
- Microsoft-Windows-Server-2019
- Microsoft-Windows-11
- Microsoft-Windows-Server-2022
Список CVE
- CVE-2024-43635 high
- CVE-2024-43636 high
- CVE-2024-43626 high
- CVE-2024-49046 high
- CVE-2024-43643 high
- CVE-2024-43449 high
- CVE-2024-43641 high
- CVE-2024-43621 high
- CVE-2024-43638 high
- CVE-2024-43451 high
- CVE-2024-43627 high
- CVE-2024-43452 high
- CVE-2024-43450 high
- CVE-2024-43620 high
- CVE-2024-43634 high
- CVE-2024-43639 critical
- CVE-2024-43637 high
- CVE-2024-43622 high
- CVE-2024-49019 high
- CVE-2024-43628 high
- CVE-2024-38203 high
- CVE-2024-43623 high
- CVE-2024-43644 high
Список KB
- 5046633
- 5046616
- 5046615
- 5046613
- 5046618
- 5046661
- 5046696
- 5046612
- 5046682
- 5046617
- 5046705
- 5046665
- 5046630
- 5046697
- 5046687
- 5046639
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!