This report contains detail for the following vulnerabilities:
CVE Issued by | Tag | CVE ID | CVE Title |
---|---|---|---|
Microsoft | GitHub | CVE-2024-49063 | Microsoft/Muzic Remote Code Execution Vulnerability |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-42237 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-42083 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-42078 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-43853 | Unknown |
cna@python.org | Mariner | CVE-2024-11168 | Unknown |
security-advisories@github.com | Mariner | CVE-2023-26484 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-46863 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-36481 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-39291 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-38588 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-26933 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-41098 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-42074 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-39473 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-42073 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-39472 | Unknown |
support@hackerone.com | Mariner | CVE-2023-46218 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21127 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21096 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21130 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21157 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21129 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21171 | Unknown |
security-advisories@github.com | Mariner | CVE-2024-29018 | Unknown |
security-advisories@github.com | Mariner | CVE-2024-45296 | Unknown |
secalert@redhat.com | Mariner | CVE-2024-7006 | Unknown |
security-advisories@github.com | Mariner | CVE-2024-43800 | Unknown |
secalert@redhat.com | Mariner | CVE-2024-31081 | Unknown |
security-advisories@github.com | Mariner | CVE-2024-43374 | Unknown |
cve@mitre.org | Mariner | CVE-2024-48949 | Unknown |
security-advisories@github.com | Mariner | CVE-2024-47764 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-38381 | Unknown |
cve@mitre.org | Mariner | CVE-2024-26458 | Unknown |
security-advisories@github.com | Mariner | CVE-2024-43799 | Unknown |
secalert@redhat.com | Mariner | CVE-2023-6277 | Unknown |
cna@python.org | Mariner | CVE-2024-8088 | Unknown |
security-advisories@github.com | Mariner | CVE-2024-49761 | Unknown |
secalert@redhat.com | Mariner | CVE-2024-31083 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-44974 | Unknown |
secalert@redhat.com | Mariner | CVE-2024-31080 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-42297 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-42246 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-43892 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-42228 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-43905 | Unknown |
f5sirt@f5.com | Mariner | CVE-2024-7347 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-43897 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-43829 | Unknown |
security@google.com | Mariner | CVE-2022-1055 | Unknown |
cve@mitre.org | Mariner | CVE-2023-52340 | Unknown |
secalert@redhat.com | Mariner | CVE-2023-2253 | Unknown |
secalert@redhat.com | Mariner | CVE-2024-3727 | Unknown |
cve@kernel.org | Mariner | CVE-2024-27397 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-26900 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2022-48841 | Unknown |
cve@kernel.org | Mariner | CVE-2024-26953 | Unknown |
security-officer@isc.org | Mariner | CVE-2023-4408 | Unknown |
secalert@redhat.com | Mariner | CVE-2022-3854 | Unknown |
security-advisories@github.com | Mariner | CVE-2024-31449 | Unknown |
secalert@redhat.com | Mariner | CVE-2024-31082 | Unknown |
security-advisories@github.com | Mariner | CVE-2024-28180 | Unknown |
security@golang.org | Mariner | CVE-2022-41717 | Unknown |
cve@mitre.org | Mariner | CVE-2021-28361 | Unknown |
security-advisories@github.com | Mariner | CVE-2024-25620 | Unknown |
facts@wolfssl.com | Mariner | CVE-2024-2881 | Unknown |
secalert@redhat.com | Mariner | CVE-2023-40548 | Unknown |
facts@wolfssl.com | Mariner | CVE-2024-5814 | Unknown |
secalert@redhat.com | Mariner | CVE-2012-2677 | Unknown |
cve@mitre.org | Mariner | CVE-2023-42366 | Unknown |
facts@wolfssl.com | Mariner | CVE-2024-1543 | Unknown |
secure@intel.com | Mariner | CVE-2019-14584 | Unknown |
cve@mitre.org | Mariner | CVE-2024-32610 | Unknown |
facts@wolfssl.com | Mariner | CVE-2024-1545 | Unknown |
facts@wolfssl.com | Mariner | CVE-2023-6935 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21239 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21241 | Unknown |
cve@mitre.org | Mariner | CVE-2023-50495 | Unknown |
facts@wolfssl.com | Mariner | CVE-2023-6936 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50228 | Unknown |
cve@mitre.org | Mariner | CVE-2024-25431 | Unknown |
secalert@redhat.com | Mariner | CVE-2023-40549 | Unknown |
secalert@redhat.com | Mariner | CVE-2023-40551 | Unknown |
security-advisories@github.com | Mariner | CVE-2024-49767 | Unknown |
secalert@redhat.com | Mariner | CVE-2023-40546 | Unknown |
cve@kernel.org | Mariner | CVE-2024-27418 | Unknown |
security@php.net | Mariner | CVE-2024-11233 | Unknown |
security@apache.org | Mariner | CVE-2024-47554 | Unknown |
security@php.net | Mariner | CVE-2024-11234 | Unknown |
secalert@redhat.com | Mariner | CVE-2024-9355 | Unknown |
cve@mitre.org | Mariner | CVE-2024-31852 | Unknown |
facts@wolfssl.com | Mariner | CVE-2024-5288 | Unknown |
facts@wolfssl.com | Mariner | CVE-2023-6937 | Unknown |
psirt@nvidia.com | Mariner | CVE-2024-0134 | Unknown |
security@ubuntu.com | Mariner | CVE-2022-28737 | Unknown |
security@ubuntu.com | Mariner | CVE-2022-4968 | Unknown |
facts@wolfssl.com | Mariner | CVE-2024-5991 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21237 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21236 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21218 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21230 | Unknown |
2499f714-1537-4658-8207-48ae4bb9eae9 | Mariner | CVE-2024-7264 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-26908 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21231 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21247 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21193 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21207 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21160 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21173 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21212 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21213 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21199 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21201 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21163 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21194 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21162 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21165 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21238 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21197 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21203 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21196 | Unknown |
2499f714-1537-4658-8207-48ae4bb9eae9 | Mariner | CVE-2024-2004 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-20996 | Unknown |
support@hackerone.com | Mariner | CVE-2023-46219 | Unknown |
cve-coordination@google.com | Mariner | CVE-2022-1941 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21142 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21159 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21134 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21125 | Unknown |
cve@mitre.org | Mariner | CVE-2023-52890 | Unknown |
security-advisories@github.com | Mariner | CVE-2024-24806 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21135 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21166 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21219 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-39474 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-43884 | Unknown |
secalert_us@oracle.com | Mariner | CVE-2024-21198 | Unknown |
security@php.net | Mariner | CVE-2024-8932 | Unknown |
security@php.net | Mariner | CVE-2024-8929 | Unknown |
security@php.net | Mariner | CVE-2024-11236 | Unknown |
secalert@redhat.com | Mariner | CVE-2023-40550 | Unknown |
2499f714-1537-4658-8207-48ae4bb9eae9 | Mariner | CVE-2024-2398 | Unknown |
facts@wolfssl.com | Mariner | CVE-2024-1544 | Unknown |
cve@mitre.org | Mariner | CVE-2024-30205 | Unknown |
security@google.com | Mariner | CVE-2022-3474 | Unknown |
openssl-security@openssl.org | Mariner | CVE-2024-6119 | Unknown |
cve@mitre.org | Mariner | CVE-2024-33876 | Unknown |
secalert@redhat.com | Mariner | CVE-2021-20277 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-42072 | Unknown |
security@golang.org | Mariner | CVE-2023-45288 | Unknown |
cve@mitre.org | Mariner | CVE-2007-4559 | Unknown |
security-officer@isc.org | Mariner | CVE-2023-5517 | Unknown |
security@apache.org | Mariner | CVE-2024-38473 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-26913 | Unknown |
security-advisories@github.com | Mariner | CVE-2024-45590 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-36477 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-42075 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-44946 | Unknown |
security@golang.org | Mariner | CVE-2022-32149 | Unknown |
secalert@redhat.com | Mariner | CVE-2021-3847 | Unknown |
security@apache.org | Mariner | CVE-2024-39884 | Unknown |
cve@mitre.org | Mariner | CVE-2023-31084 | Unknown |
security@apache.org | Mariner | CVE-2024-38472 | Unknown |
glibc-cna@sourceware.org | Mariner | CVE-2024-33602 | Unknown |
cve@mitre.org | Mariner | CVE-2024-29166 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2022-48788 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-38664 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-39485 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-42071 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-39483 | Unknown |
security@apache.org | Mariner | CVE-2024-36387 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-26978 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-38577 | Unknown |
security-officer@isc.org | Mariner | CVE-2023-5679 | Unknown |
secalert@redhat.com | Mariner | CVE-2022-3650 | Unknown |
security@golang.org | Mariner | CVE-2024-24786 | Unknown |
secalert@redhat.com | Mariner | CVE-2023-1393 | Unknown |
security@hashicorp.com | Mariner | CVE-2024-6104 | Unknown |
secalert@redhat.com | Mariner | CVE-2020-27840 | Unknown |
secalert@redhat.com | Mariner | CVE-2022-32746 | Unknown |
cve@mitre.org | Mariner | CVE-2024-31950 | Unknown |
cve@mitre.org | Mariner | CVE-2024-44070 | Unknown |
cve@mitre.org | Mariner | CVE-2024-31951 | Unknown |
cve@mitre.org | Mariner | CVE-2024-27913 | Unknown |
security@golang.org | Mariner | CVE-2023-3978 | Unknown |
cve@mitre.org | Mariner | CVE-2021-43565 | Unknown |
cve-assign@fb.com | Mariner | CVE-2021-24032 | Unknown |
Microsoft | Microsoft Defender for Endpoint | CVE-2024-49057 | Microsoft Defender for Endpoint on Android Spoofing Vulnerability |
Chrome | Microsoft Edge (Chromium-based) | CVE-2024-12053 | Chromium: CVE-2024-12053 Type Confusion in V8 |
Microsoft | Microsoft Edge (Chromium-based) | CVE-2024-49041 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
Microsoft | Microsoft Office | ADV240002 | Microsoft Office Defense in Depth Update |
Microsoft | Microsoft Office | CVE-2024-49059 | Microsoft Office Elevation of Privilege Vulnerability |
Microsoft | Microsoft Office | CVE-2024-43600 | Microsoft Office Elevation of Privilege Vulnerability |
Microsoft | Microsoft Office Access | CVE-2024-49142 | Microsoft Access Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Excel | CVE-2024-49069 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Publisher | CVE-2024-49079 | Input Method Editor (IME) Remote Code Execution Vulnerability |
Microsoft | Microsoft Office SharePoint | CVE-2024-49064 | Microsoft SharePoint Information Disclosure Vulnerability |
Microsoft | Microsoft Office SharePoint | CVE-2024-49062 | Microsoft SharePoint Information Disclosure Vulnerability |
Microsoft | Microsoft Office SharePoint | CVE-2024-49068 | Microsoft SharePoint Elevation of Privilege Vulnerability |
Microsoft | Microsoft Office SharePoint | CVE-2024-49070 | Microsoft SharePoint Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Word | CVE-2024-49065 | Microsoft Office Remote Code Execution Vulnerability |
Microsoft | Role: DNS Server | CVE-2024-49091 | Windows Domain Name Service Remote Code Execution Vulnerability |
Microsoft | Role: Windows Hyper-V | CVE-2024-49117 | Windows Hyper-V Remote Code Execution Vulnerability |
Microsoft | System Center Operations Manager | CVE-2024-43594 | System Center Operations Manager Elevation of Privilege Vulnerability |
Microsoft | Windows Cloud Files Mini Filter Driver | CVE-2024-49114 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
Microsoft | Windows Common Log File System Driver | CVE-2024-49088 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Microsoft | Windows Common Log File System Driver | CVE-2024-49138 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Microsoft | Windows Common Log File System Driver | CVE-2024-49090 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Microsoft | Windows File Explorer | CVE-2024-49082 | Windows File Explorer Information Disclosure Vulnerability |
Microsoft | Windows IP Routing Management Snapin | CVE-2024-49080 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability |
Microsoft | Windows Kernel | CVE-2024-49084 | Windows Kernel Elevation of Privilege Vulnerability |
Microsoft | Windows Kernel-Mode Drivers | CVE-2024-49074 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
Microsoft | Windows LDAP - Lightweight Directory Access Protocol | CVE-2024-49121 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
Microsoft | Windows LDAP - Lightweight Directory Access Protocol | CVE-2024-49124 | Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability |
Microsoft | Windows LDAP - Lightweight Directory Access Protocol | CVE-2024-49112 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
Microsoft | Windows LDAP - Lightweight Directory Access Protocol | CVE-2024-49113 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
Microsoft | Windows LDAP - Lightweight Directory Access Protocol | CVE-2024-49127 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
Microsoft | Windows Local Security Authority Subsystem Service (LSASS) | CVE-2024-49126 | Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability |
Microsoft | Windows Message Queuing | CVE-2024-49118 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
Microsoft | Windows Message Queuing | CVE-2024-49122 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
Microsoft | Windows Message Queuing | CVE-2024-49096 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
Microsoft | Windows Mobile Broadband | CVE-2024-49073 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
Microsoft | Windows Mobile Broadband | CVE-2024-49077 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
Microsoft | Windows Mobile Broadband | CVE-2024-49083 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
Microsoft | Windows Mobile Broadband | CVE-2024-49092 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
Microsoft | Windows Mobile Broadband | CVE-2024-49087 | Windows Mobile Broadband Driver Information Disclosure Vulnerability |
Microsoft | Windows Mobile Broadband | CVE-2024-49110 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
Microsoft | Windows Mobile Broadband | CVE-2024-49078 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
Microsoft | Windows PrintWorkflowUserSvc | CVE-2024-49095 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
Microsoft | Windows PrintWorkflowUserSvc | CVE-2024-49097 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
Microsoft | Windows Remote Desktop | CVE-2024-49132 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
Microsoft | Windows Remote Desktop Services | CVE-2024-49115 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
Microsoft | Windows Remote Desktop Services | CVE-2024-49116 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
Microsoft | Windows Remote Desktop Services | CVE-2024-49123 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
Microsoft | Windows Remote Desktop Services | CVE-2024-49129 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
Microsoft | Windows Remote Desktop Services | CVE-2024-49075 | Windows Remote Desktop Services Denial of Service Vulnerability |
Microsoft | Windows Remote Desktop Services | CVE-2024-49128 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
Microsoft | Windows Remote Desktop Services | CVE-2024-49106 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
Microsoft | Windows Remote Desktop Services | CVE-2024-49108 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
Microsoft | Windows Remote Desktop Services | CVE-2024-49119 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
Microsoft | Windows Remote Desktop Services | CVE-2024-49120 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
Microsoft | Windows Resilient File System (ReFS) | CVE-2024-49093 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-49085 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-49086 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-49089 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-49125 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-49104 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-49102 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Microsoft | Windows Task Scheduler | CVE-2024-49072 | Windows Task Scheduler Elevation of Privilege Vulnerability |
Microsoft | Windows Virtualization-Based Security (VBS) Enclave | CVE-2024-49076 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability |
Microsoft | Windows Wireless Wide Area Network Service | CVE-2024-49081 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability |
Microsoft | Windows Wireless Wide Area Network Service | CVE-2024-49103 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability |
Microsoft | Windows Wireless Wide Area Network Service | CVE-2024-49111 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability |
Microsoft | Windows Wireless Wide Area Network Service | CVE-2024-49109 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability |
Microsoft | Windows Wireless Wide Area Network Service | CVE-2024-49101 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability |
Microsoft | Windows Wireless Wide Area Network Service | CVE-2024-49094 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability |
Microsoft | Windows Wireless Wide Area Network Service | CVE-2024-49098 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability |
Microsoft | Windows Wireless Wide Area Network Service | CVE-2024-49099 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability |
Microsoft | WmsRepair Service | CVE-2024-49107 | WmsRepair Service Elevation of Privilege Vulnerability |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43594
MITRE NVD Issuing CNA: Microsoft |
CVE Title: System Center Operations Manager Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to have access to the location where the target file will be run. They would then need to plant a specific file that would be used as part of the exploitation. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Successful exploitation requires the victim to install an affected version of the product which would trigger the vulnerability. Mitigations: None Workarounds: None Revision: 1.0    10-Dec-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43594 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
System Center Operations Manager (SCOM) 2019 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.19.10652.0 | Maybe | None |
System Center Operations Manager (SCOM) 2022 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.22.10684.0 | Maybe | None |
System Center Operations Manager (SCOM) 2025 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.25.10132.0 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-43594 | R4nger & Zhiniang Peng |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-49057
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Defender for Endpoint on Android Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user must install and use a specially-crafted malicious application on their Android device. Mitigations: None Workarounds: None Revision: 1.0    10-Dec-24     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-49057 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Defender for Endpoint for Android | Release Notes (Security Update) | Important | Spoofing | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
1.0.7128.0101 | No | None |
CVE ID | Acknowledgements |
CVE-2024-49057 | Dimitrios Valsamaras with Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-49059
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: None Workarounds: None Revision: 1.0    10-Dec-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-49059 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2016 (32-bit edition) | 4475587 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5478.1004 | Maybe | None |
Microsoft Office 2016 (64-bit edition) | 4475587 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5478.1004 | Maybe | None |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
CVE ID | Acknowledgements |
CVE-2024-49059 | Sandro Poppi |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-49064
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content. Mitigations: None Workarounds: None Revision: 1.0    10-Dec-24     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-49064 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SharePoint Enterprise Server 2016 | 5002659 (Security Update) 5002544 (Security Update) |
Important | Information Disclosure | 5002654 5002501 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.0.5478.1000 | Maybe | None |
Microsoft SharePoint Server 2019 | 5002657 (Security Update) 5002664 (Security Update) |
Important | Information Disclosure | 5002650 5002422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.0.10416.20026 | Yes Maybe |
None |
Microsoft SharePoint Server Subscription Edition | 5002658 (Security Update) | Important | Information Disclosure | 5002651 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.0.17928.20290 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-49064 | Felix Boulet |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-49068
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.2/TemporalScore:7.1
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain the privileges of the compromised user. There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. According to the CVSS metrics, successful exploitation of this vulnerability could lead to a high loss of confidentiality (C:H), and some loss of integrity (I:L) and no loss of availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could view sensitive information, a token in this scenario (Confidentiality), and make some changes to disclosed information (Integrity), but they would not be able to affect Availability. Mitigations: None Workarounds: None Revision: 1.0    10-Dec-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-49068 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SharePoint Enterprise Server 2016 | 5002659 (Security Update) 5002544 (Security Update) |
Important | Elevation of Privilege | 5002654 5002501 |
Base: 8.2 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
16.0.5478.1000 | Maybe | None |
Microsoft SharePoint Server 2019 | 5002657 (Security Update) 5002664 (Security Update) |
Important | Elevation of Privilege | 5002650 5002422 |
Base: 8.2 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
16.0.10416.20026 | Yes Maybe |
None |
Microsoft SharePoint Server Subscription Edition | 5002658 (Security Update) | Important | Elevation of Privilege | 5002651 | Base: 8.2 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
16.0.17928.20290 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-49068 |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-49069
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. How could an attacker exploit this vulnerability? An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through convincing a user to open a malicious document at which point the attacker could execute arbitrary code in the context of the user. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? A user needs to be tricked into opening malicious files. Mitigations: None Workarounds: None Revision: 1.0    10-Dec-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-49069 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Excel 2016 (32-bit edition) | 5002660 (Security Update) | Important | Remote Code Execution | 5002653 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5478.1002 | Maybe | None |
Microsoft Excel 2016 (64-bit edition) | 5002660 (Security Update) | Important | Remote Code Execution | 5002653 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5478.1002 | Maybe | None |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.92.24120731 | Maybe | None |
Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.92.24120731 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-49069 | boolgombear Jmini |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-49070
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.4/TemporalScore:6.4
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. Mitigations: None Workarounds: None Revision: 1.0    10-Dec-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-49070 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SharePoint Enterprise Server 2016 | 5002659 (Security Update) 5002544 (Security Update) |
Important | Remote Code Execution | 5002654 5002501 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5478.1000 | Maybe | None |
Microsoft SharePoint Server 2019 | 5002657 (Security Update) 5002664 (Security Update) |
Important | Remote Code Execution | 5002650 5002422 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10416.20026 | Yes Maybe |
None |
Microsoft SharePoint Server Subscription Edition | 5002658 (Security Update) | Important | Remote Code Execution | 5002651 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.17928.20290 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-49070 | zcgonvh |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-49073
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Dec-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-49073 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None |
CVE ID | Acknowledgements |
CVE-2024-49073 | Zhihua Wen with CyberKunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-49074
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Dec-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-49074 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
CVE ID | Acknowledgements |
CVE-2024-49074 | diversenok |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-49084
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Dec-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-49084 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5048703 (Security Update) | Important | Elevation of Privilege | 5046665 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
Windows 10 for x64-based Systems | 5048703 (Security Update) | Important | Elevation of Privilege | 5046665 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Elevation of Privilege | 5046661 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Elevation of Privilege | 5046661 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Elevation of Privilege | 5046661 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Elevation of Privilege | 5046661 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Elevation of Privilege | 5046687 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Elevation of Privilege | 5046687 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
Windows Server 2012 | 5048699 (Monthly Rollup) | Important | Elevation of Privilege | 5046697 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Important | Elevation of Privilege | 5046697 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Important | Elevation of Privilege | 5046682 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Important | Elevation of Privilege | 5046682 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
Windows Server 2016 | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046616 5046698 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046616 5046698 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None |
CVE ID | Acknowledgements |
CVE-2024-49084 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-49085
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    10-Dec-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-49085 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Remote Code Execution | 5046687 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Remote Code Execution | 5046687 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
Windows Server 2012 | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
Windows Server 2016 | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
Windows Server 2019 | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Remote Code Execution | 5046618 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None |
CVE ID | Acknowledgements |
CVE-2024-49085 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-49086
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    10-Dec-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-49086 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Remote Code Execution | 5046687 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Remote Code Execution | 5046687 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
Windows Server 2012 | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
Windows Server 2016 | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
Windows Server 2019 | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Remote Code Execution | 5046618 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None |
CVE ID | Acknowledgements |
CVE-2024-49086 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-49087
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mobile Broadband Driver Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.6/TemporalScore:4.0
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Mitigations: None Workarounds: None Revision: 1.0    10-Dec-24     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-49087 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Information Disclosure | 5046617 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Information Disclosure | 5046617 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
Windows Server 2019 | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Information Disclosure | 5046618 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Information Disclosure | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Information Disclosure | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None |
CVE ID | Acknowledgements |
CVE-2024-49087 | Zhihua Wen with CyberKunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-49089
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.2/TemporalScore:6.3
Executive Summary: None FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? To successfully exploit this vulnerability, an attacker or the targeted user would need to achieve a high level of control over a machine, as the attack requires access to processes typically restricted from average users. Essentially, the exploitation necessitates elevated privileges on the compromised machine due to the requirement of manipulating processes beyond the reach of standard user permissions. Mitigations: None Workarounds: None Revision: 1.0    10-Dec-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-49089 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5048703 (Security Update) | Important | Remote Code Execution | 5046665 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
Windows 10 for x64-based Systems | 5048703 (Security Update) | Important | Remote Code Execution | 5046665 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Remote Code Execution | 5046633 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Remote Code Execution | 5046633 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Remote Code Execution | 5046633 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Remote Code Execution | 5046633 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Remote Code Execution | 5046617 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Remote Code Execution | 5046617 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Remote Code Execution | 5046687 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Remote Code Execution | 5046687 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
Windows Server 2012 | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
Windows Server 2016 | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
Windows Server 2019 | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Remote Code Execution | 5046618 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None |
CVE ID | Acknowledgements |
CVE-2024-49089 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-49091
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Domain Name Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.2/TemporalScore:6.3
Executive Summary: None FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. Mitigations: None Workarounds: None Revision: 1.0    10-Dec-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-49091 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2012 | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
Windows Server 2016 | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
Windows Server 2019 | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Remote Code Execution | 5046618 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None |
CVE ID | Acknowledgements |
CVE-2024-49091 | luckyu |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-49092
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Dec-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-49092 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None |
CVE ID | Acknowledgements |
CVE-2024-49092 | Zhihua Wen with CyberKunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-49093
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. Mitigations: None Workarounds: None Revision: 1.0    10-Dec-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-49093 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None |
CVE ID | Acknowledgements |
CVE-2024-49093 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-49094
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Dec-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-49094 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None |
CVE ID | Acknowledgements |
CVE-2024-49094 | Zhihua Wen with CyberKunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-49096
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    10-Dec-24     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-49096 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5048703 (Security Update) | Important | Denial of Service | 5046665 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
Windows 10 for x64-based Systems | 5048703 (Security Update) | Important | Denial of Service | 5046665 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5048671 (Security Update) | Important | Denial of Service | 5046612 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5048671 (Security Update) | Important | Denial of Service | 5046612 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Denial of Service | 5046615 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Denial of Service | 5046615 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Denial of Service | 5046633 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Denial of Service | 5046633 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Denial of Service | 5046633 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Denial of Service | 5046633 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Denial of Service | 5046617 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Denial of Service | 5046617 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Denial of Service | 5046661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Denial of Service | 5046661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Denial of Service | 5046661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Denial of Service | 5046661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Denial of Service | 5046687 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Denial of Service | 5046687 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
Windows Server 2012 | 5048699 (Monthly Rollup) | Important | Denial of Service | 5046697 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Important | Denial of Service | 5046697 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Important | Denial of Service | 5046682 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Important | Denial of Service | 5046682 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
Windows Server 2016 | 5048671 (Security Update) | Important | Denial of Service | 5046612 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Denial of Service | 5046612 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
Windows Server 2019 | 5048661 (Security Update) | Important | Denial of Service | 5046615 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Denial of Service | 5046615 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5046616 5046698 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5046616 5046698 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Denial of Service | 5046618 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Denial of Service | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Denial of Service | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None |
CVE ID | Acknowledgements |
CVE-2024-49096 | Azure Yang with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-49097
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Dec-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-49097 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046616 5046698 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046616 5046698 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None |
CVE ID | Acknowledgements |
CVE-2024-49097 | Jongseong Kim (nevul37) with Ajou University Hyeongseok Jang (rotiple) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-49098
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.3/TemporalScore:3.8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain kernel memory content. Mitigations: None Workarounds: None Revision: 1.0    10-Dec-24     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-49098 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Information Disclosure | 5046617 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Information Disclosure | 5046617 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
Windows Server 2019 | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Information Disclosure | 5046618 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Information Disclosure | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Information Disclosure | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None |
CVE ID | Acknowledgements |
CVE-2024-49098 | Zhihua Wen with CyberKunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-49099
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.3/TemporalScore:3.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain kernel memory content. According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Mitigations: None Workarounds: None Revision: 1.0    10-Dec-24     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-49099 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Information Disclosure | 5046617 |
Base: 4.3 Temporal: 3.8 Vector: CVSS: |