This report contains detail for the following vulnerabilities:
CVE Issued by | Tag | CVE ID | CVE Title |
---|---|---|---|
Microsoft | Azure CycleCloud | CVE-2024-43469 | Azure CycleCloud Remote Code Execution Vulnerability |
Microsoft | Azure Network Watcher | CVE-2024-38188 | Azure Network Watcher VM Agent Elevation of Privilege Vulnerability |
Microsoft | Azure Network Watcher | CVE-2024-43470 | Azure Network Watcher VM Agent Elevation of Privilege Vulnerability |
Microsoft | Azure Stack | CVE-2024-38216 | Azure Stack Hub Elevation of Privilege Vulnerability |
Microsoft | Azure Stack | CVE-2024-38220 | Azure Stack Hub Elevation of Privilege Vulnerability |
Microsoft | Azure Web Apps | CVE-2024-38194 | Azure Web Apps Elevation of Privilege Vulnerability |
Microsoft | Dynamics Business Central | CVE-2024-38225 | Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability |
Microsoft | Microsoft AutoUpdate (MAU) | CVE-2024-43492 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability |
Microsoft | Microsoft Dynamics 365 (on-premises) | CVE-2024-43476 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
Microsoft | Microsoft Graphics Component | CVE-2024-38247 | Windows Graphics Component Elevation of Privilege Vulnerability |
Microsoft | Microsoft Graphics Component | CVE-2024-38250 | Windows Graphics Component Elevation of Privilege Vulnerability |
Microsoft | Microsoft Graphics Component | CVE-2024-38249 | Windows Graphics Component Elevation of Privilege Vulnerability |
Microsoft | Microsoft Management Console | CVE-2024-38259 | Microsoft Management Console Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Excel | CVE-2024-43465 | Microsoft Excel Elevation of Privilege Vulnerability |
Microsoft | Microsoft Office Publisher | CVE-2024-38226 | Microsoft Publisher Security Feature Bypass Vulnerability |
Microsoft | Microsoft Office SharePoint | CVE-2024-38227 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
Microsoft | Microsoft Office SharePoint | CVE-2024-43464 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
Microsoft | Microsoft Office SharePoint | CVE-2024-38018 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
Microsoft | Microsoft Office SharePoint | CVE-2024-38228 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
Microsoft | Microsoft Office SharePoint | CVE-2024-43466 | Microsoft SharePoint Server Denial of Service Vulnerability |
Microsoft | Microsoft Office Visio | CVE-2024-43463 | Microsoft Office Visio Remote Code Execution Vulnerability |
Microsoft | Microsoft Outlook for iOS | CVE-2024-43482 | Microsoft Outlook for iOS Information Disclosure Vulnerability |
Microsoft | Microsoft Streaming Service | CVE-2024-38245 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
Microsoft | Microsoft Streaming Service | CVE-2024-38241 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
Microsoft | Microsoft Streaming Service | CVE-2024-38242 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
Microsoft | Microsoft Streaming Service | CVE-2024-38244 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
Microsoft | Microsoft Streaming Service | CVE-2024-38243 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
Microsoft | Microsoft Streaming Service | CVE-2024-38237 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
Microsoft | Microsoft Streaming Service | CVE-2024-38238 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
Microsoft | Power Automate | CVE-2024-43479 | Microsoft Power Automate Desktop Remote Code Execution Vulnerability |
Microsoft | Role: Windows Hyper-V | CVE-2024-38235 | Windows Hyper-V Denial of Service Vulnerability |
Microsoft | SQL Server | CVE-2024-37338 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
Microsoft | SQL Server | CVE-2024-37980 | Microsoft SQL Server Elevation of Privilege Vulnerability |
Microsoft | SQL Server | CVE-2024-26191 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
Microsoft | SQL Server | CVE-2024-37339 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
Microsoft | SQL Server | CVE-2024-37337 | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability |
Microsoft | SQL Server | CVE-2024-26186 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
Microsoft | SQL Server | CVE-2024-37342 | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability |
Microsoft | SQL Server | CVE-2024-43474 | Microsoft SQL Server Information Disclosure Vulnerability |
Microsoft | SQL Server | CVE-2024-37335 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
Microsoft | SQL Server | CVE-2024-37966 | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability |
Microsoft | SQL Server | CVE-2024-37340 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
Microsoft | SQL Server | CVE-2024-37965 | Microsoft SQL Server Elevation of Privilege Vulnerability |
Microsoft | SQL Server | CVE-2024-37341 | Microsoft SQL Server Elevation of Privilege Vulnerability |
Microsoft | Windows Admin Center | CVE-2024-43475 | Microsoft Windows Admin Center Information Disclosure Vulnerability |
Microsoft | Windows AllJoyn API | CVE-2024-38257 | Microsoft AllJoyn API Information Disclosure Vulnerability |
Microsoft | Windows Authentication Methods | CVE-2024-38254 | Windows Authentication Information Disclosure Vulnerability |
Microsoft | Windows DHCP Server | CVE-2024-38236 | DHCP Server Service Denial of Service Vulnerability |
Microsoft | Windows Installer | CVE-2024-38014 | Windows Installer Elevation of Privilege Vulnerability |
Microsoft | Windows Kerberos | CVE-2024-38239 | Windows Kerberos Elevation of Privilege Vulnerability |
Microsoft | Windows Kernel-Mode Drivers | CVE-2024-38256 | Windows Kernel-Mode Driver Information Disclosure Vulnerability |
Microsoft | Windows Libarchive | CVE-2024-43495 | Windows libarchive Remote Code Execution Vulnerability |
Microsoft | Windows Mark of the Web (MOTW) | CVE-2024-38217 | Windows Mark of the Web Security Feature Bypass Vulnerability |
Microsoft | Windows Mark of the Web (MOTW) | CVE-2024-43487 | Windows Mark of the Web Security Feature Bypass Vulnerability |
Microsoft | Windows MSHTML Platform | CVE-2024-43461 | Windows MSHTML Platform Spoofing Vulnerability |
Microsoft | Windows Network Address Translation (NAT) | CVE-2024-38119 | Windows Network Address Translation (NAT) Remote Code Execution Vulnerability |
Microsoft | Windows Network Virtualization | CVE-2024-38232 | Windows Networking Denial of Service Vulnerability |
Microsoft | Windows Network Virtualization | CVE-2024-38233 | Windows Networking Denial of Service Vulnerability |
Microsoft | Windows Network Virtualization | CVE-2024-38234 | Windows Networking Denial of Service Vulnerability |
Microsoft | Windows Network Virtualization | CVE-2024-43458 | Windows Networking Information Disclosure Vulnerability |
Microsoft | Windows PowerShell | CVE-2024-38046 | PowerShell Elevation of Privilege Vulnerability |
Microsoft | Windows Remote Access Connection Manager | CVE-2024-38240 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
Microsoft | Windows Remote Desktop Licensing Service | CVE-2024-38231 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability |
Microsoft | Windows Remote Desktop Licensing Service | CVE-2024-38258 | Windows Remote Desktop Licensing Service Information Disclosure Vulnerability |
Microsoft | Windows Remote Desktop Licensing Service | CVE-2024-43467 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
Microsoft | Windows Remote Desktop Licensing Service | CVE-2024-43454 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
Microsoft | Windows Remote Desktop Licensing Service | CVE-2024-38263 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
Microsoft | Windows Remote Desktop Licensing Service | CVE-2024-38260 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
Microsoft | Windows Remote Desktop Licensing Service | CVE-2024-43455 | Windows Remote Desktop Licensing Service Spoofing Vulnerability |
Microsoft | Windows Security Zone Mapping | CVE-2024-30073 | Windows Security Zone Mapping Security Feature Bypass Vulnerability |
Microsoft | Windows Setup and Deployment | CVE-2024-43457 | Windows Setup and Deployment Elevation of Privilege Vulnerability |
Microsoft | Windows Standards-Based Storage Management Service | CVE-2024-38230 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
Microsoft | Windows Storage | CVE-2024-38248 | Windows Storage Elevation of Privilege Vulnerability |
Microsoft | Windows TCP/IP | CVE-2024-21416 | Windows TCP/IP Remote Code Execution Vulnerability |
Microsoft | Windows TCP/IP | CVE-2024-38045 | Windows TCP/IP Remote Code Execution Vulnerability |
Microsoft | Windows Update | CVE-2024-43491 | Microsoft Windows Update Remote Code Execution Vulnerability |
Microsoft | Windows Win32K - GRFX | CVE-2024-38246 | Win32k Elevation of Privilege Vulnerability |
Microsoft | Windows Win32K - ICOMP | CVE-2024-38252 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
Microsoft | Windows Win32K - ICOMP | CVE-2024-38253 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVE-2024-37338
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an authenticated attacker to leverage SQL Server Native Scoring to apply pre-trained models to their data without moving it out of the database. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-37338 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5042215 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3475.1 | Maybe | None |
Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5042217 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2060.1 | Maybe | None |
Microsoft SQL Server 2019 for x64-based Systems (CU 28) | 5042749 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4390.2 | Yes | None |
Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5042214 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2120.1 | Yes | None |
Microsoft SQL Server 2022 for x64-based Systems (CU 14) | 5042578 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4140.3 | Yes | None |
Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5042211 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1125.1 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-37338 | Andrew Ruddick with Microsoft Security Response Center |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVE-2024-37966
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.1/TemporalScore:6.2
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an authenticated attacker to leverage SQL Server Native Scoring to apply pre-trained models to their data without moving it out of the database. What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-37966 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5042215 (Security Update) | Important | Information Disclosure | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C |
14.0.3475.1 | Maybe | None |
Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5042217 (Security Update) | Important | Information Disclosure | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C |
14.0.2060.1 | Maybe | None |
Microsoft SQL Server 2019 for x64-based Systems (CU 28) | 5042749 (Security Update) | Important | Information Disclosure | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C |
15.0.4390.2 | Yes | None |
Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5042214 (Security Update) | Important | Information Disclosure | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C |
15.0.2120.1 | Yes | None |
Microsoft SQL Server 2022 for x64-based Systems (CU 14) | 5042578 (Security Update) | Important | Information Disclosure | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C |
16.0.4140.3 | Yes | None |
Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5042211 (Security Update) | Important | Information Disclosure | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C |
16.0.1125.1 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-37966 | Andrew Ruddick with Microsoft Security Response Center |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVE-2024-37335
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an authenticated attacker to leverage SQL Server Native Scoring to apply pre-trained models to their data without moving it out of the database. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-37335 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5042215 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3475.1 | Maybe | None |
Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5042217 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2060.1 | Maybe | None |
Microsoft SQL Server 2019 for x64-based Systems (CU 28) | 5042749 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4390.2 | Yes | None |
Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5042214 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2120.1 | Yes | None |
Microsoft SQL Server 2022 for x64-based Systems (CU 14) | 5042578 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4140.3 | Yes | None |
Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5042211 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1125.1 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-37335 | Andrew Ruddick with Microsoft Security Response Center |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVE-2024-37340
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an authenticated attacker to leverage SQL Server Native Scoring to apply pre-trained models to their data without moving it out of the database. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-37340 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5042215 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3475.1 | Maybe | None |
Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5042217 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2060.1 | Maybe | None |
Microsoft SQL Server 2019 for x64-based Systems (CU 28) | 5042749 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4390.2 | Yes | None |
Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5042214 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2120.1 | Yes | None |
Microsoft SQL Server 2022 for x64-based Systems (CU 14) | 5042578 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4140.3 | Yes | None |
Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5042211 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1125.1 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-37340 | Andrew Ruddick with Microsoft Security Response Center |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVE-2024-37339
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an authenticated attacker to leverage SQL Server Native Scoring to apply pre-trained models to their data without moving it out of the database. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-37339 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5042215 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3475.1 | Maybe | None |
Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5042217 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2060.1 | Maybe | None |
Microsoft SQL Server 2019 for x64-based Systems (CU 28) | 5042749 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4390.2 | Yes | None |
Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5042214 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2120.1 | Yes | None |
Microsoft SQL Server 2022 for x64-based Systems (CU 14) | 5042578 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4140.3 | Yes | None |
Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5042211 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1125.1 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-37339 | Andrew Ruddick with Microsoft Security Response Center |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVE-2024-37337
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.1/TemporalScore:6.2
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an authenticated attacker to leverage SQL Server Native Scoring to apply pre-trained models to their data without moving it out of the database. What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-37337 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5042215 (Security Update) | Important | Information Disclosure | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C |
14.0.3475.1 | Maybe | None |
Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5042217 (Security Update) | Important | Information Disclosure | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C |
14.0.2060.1 | Maybe | None |
Microsoft SQL Server 2019 for x64-based Systems (CU 28) | 5042749 (Security Update) | Important | Information Disclosure | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C |
15.0.4390.2 | Yes | None |
Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5042214 (Security Update) | Important | Information Disclosure | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C |
15.0.2120.1 | Yes | None |
Microsoft SQL Server 2022 for x64-based Systems (CU 14) | 5042578 (Security Update) | Important | Information Disclosure | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C |
16.0.4140.3 | Yes | None |
Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5042211 (Security Update) | Important | Information Disclosure | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C |
16.0.1125.1 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-37337 | Andrew Ruddick with Microsoft Security Response Center |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVE-2024-37342
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.1/TemporalScore:6.2
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an authenticated attacker to leverage SQL Server Native Scoring to apply pre-trained models to their data without moving it out of the database. What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-37342 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5042215 (Security Update) | Important | Information Disclosure | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C |
14.0.3475.1 | Maybe | None |
Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5042217 (Security Update) | Important | Information Disclosure | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C |
14.0.2060.1 | Maybe | None |
Microsoft SQL Server 2019 for x64-based Systems (CU 28) | 5042749 (Security Update) | Important | Information Disclosure | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C |
15.0.4390.2 | Yes | None |
Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5042214 (Security Update) | Important | Information Disclosure | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C |
15.0.2120.1 | Yes | None |
Microsoft SQL Server 2022 for x64-based Systems (CU 14) | 5042578 (Security Update) | Important | Information Disclosure | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C |
16.0.4140.3 | Yes | None |
Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5042211 (Security Update) | Important | Information Disclosure | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C |
16.0.1125.1 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-37342 | Andrew Ruddick with Microsoft Security Response Center |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVE-2024-26186
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an authenticated attacker to leverage SQL Server Native Scoring to apply pre-trained models to their data without moving it out of the database. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-26186 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5042215 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3475.1 | Maybe | None |
Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5042217 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2060.1 | Maybe | None |
Microsoft SQL Server 2019 for x64-based Systems (CU 28) | 5042749 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4390.2 | Yes | None |
Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5042214 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2120.1 | Yes | None |
Microsoft SQL Server 2022 for x64-based Systems (CU 14) | 5042578 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4140.3 | Yes | None |
Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5042211 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1125.1 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-26186 | Andrew Ruddick with Microsoft Security Response Center |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVE-2024-26191
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an authenticated attacker to leverage SQL Server Native Scoring to apply pre-trained models to their data without moving it out of the database. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-26191 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5042215 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3475.1 | Maybe | None |
Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5042217 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2060.1 | Maybe | None |
Microsoft SQL Server 2019 for x64-based Systems (CU 28) | 5042749 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4390.2 | Yes | None |
Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5042214 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2120.1 | Yes | None |
Microsoft SQL Server 2022 for x64-based Systems (CU 14) | 5042578 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4140.3 | Yes | None |
Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5042211 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1125.1 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-26191 | Andrew Ruddick with Microsoft Security Response Center |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38018
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit the vulnerability? In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the SharePoint Server. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38018 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SharePoint Enterprise Server 2016 | 5002624 (Security Update) | Critical | Remote Code Execution | 5002618 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5465.1001 |
Maybe | 5002624 |
Microsoft SharePoint Server 2019 | 5002639 (Security Update) | Critical | Remote Code Execution | 5002615 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10414.20002 |
Maybe | 5002639 |
Microsoft SharePoint Server Subscription Edition | 5002640 (Security Update) | Critical | Remote Code Execution | 5002606 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.17928.20086 |
Maybe | 5002640 |
CVE ID | Acknowledgements |
CVE-2024-38018 | Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38216
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure Stack Hub Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.2/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are low (PR:L). What does that mean for this vulnerability? An authenticated attacker must wait for a victim user to initiate a connection. What privileges could an attacker gain with a successful exploitation? An attacker who successfully exploited this vulnerability could gain unauthorized access to system resources, potentially allowing them to perform actions with the same privileges as the compromised process. This could lead to further system compromise and unauthorized actions within the network. According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? This vulnerability could lead to the attacker gaining the ability to interact with other tenant’s applications and content. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Critical | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38216 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Stack Hub | Release Notes (Security Update) | Critical | Elevation of Privilege | None | Base: 8.2 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L/E:U/RL:O/RC:C |
1.2311.1.22. | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-38216 | Felix Boulet with Centre gouvernemental de cyberdéfense (CGCD) Mathieu Fiore Laroche with Centre gouvernemental de cyberdéfense (CGCD) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38220
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure Stack Hub Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.0/TemporalScore:7.8
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? This vulnerability could lead to the attacker gaining the ability to interact with other tenant’s applications and content. What privileges could an attacker gain with a successful exploitation? An attacker who successfully exploited this vulnerability could gain unauthorized access to system resources, potentially allowing them to perform actions with the same privileges as the compromised process. This could lead to further system compromise and unauthorized actions within the network. According to the CVSS metric, user interaction is required (UI:R) and privileges required are low (PR:L). What does that mean for this vulnerability? An authenticated attacker must wait for a victim user to initiate a connection. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Critical | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38220 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Stack Hub | Release Notes (Security Update) | Critical | Elevation of Privilege | None | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
1.2311.1.22. | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-38220 | Mathieu Fiore Laroche with Centre gouvernemental de cyberdéfense (CGCD) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38188
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.1/TemporalScore:6.2
Executive Summary: None FAQ: Is there any action I need to take to be protected from this vulnerability? If you have enabled automatic updates, you will automatically receive the update as soon as it is available. If you have not enabled automatic updates, you will need to update the product manually. Please see Update Network Watcher extension to the latest version - Azure Virtual Machines | Microsoft Learn for more information. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could create, modify, or delete files in the security context of the NT AUTHORITY\SYSTEM account. According to the CVSS metrics, successful exploitation of this vulnerability does nor impact confidentiality (C:N), but has major impact on integrity (I:H) and availability (A:H). What does that mean for this vulnerability? Exploitation of this vulnerability does not disclose any confidential information but allows an attacker to modify or delete files containing data which could cause the service to become unavailable. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38188 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Network Watcher VM Extension for Windows | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Unknown | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-38188 | Filip Dragović |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38230
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Standards-Based Storage Management Service Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38230 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2012 R2 | 5043138 (Monthly Rollup) | Important | Denial of Service | 5041828 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5043138 (Monthly Rollup) | Important | Denial of Service | 5041828 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2016 | 5043051 (Security Update) | Important | Denial of Service | 5041773 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Denial of Service | 5041773 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Denial of Service | 5041578 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Denial of Service | 5041578 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5041160 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5041160 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
CVE ID | Acknowledgements |
CVE-2024-38230 | k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38236
MITRE NVD Issuing CNA: Microsoft |
CVE Title: DHCP Server Service Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38236 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Denial of Service | 5041850 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Denial of Service | 5041850 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Denial of Service | 5041850 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Denial of Service | 5041850 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Denial of Service | 5041838 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Denial of Service | 5041838 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2012 | 5043125 (Monthly Rollup) | Important | Denial of Service | 5041851 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 (Server Core installation) | 5043125 (Monthly Rollup) | Important | Denial of Service | 5041851 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 R2 | 5043138 (Monthly Rollup) | Important | Denial of Service | 5041828 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5043138 (Monthly Rollup) | Important | Denial of Service | 5041828 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2016 | 5043051 (Security Update) | Important | Denial of Service | 5041773 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Denial of Service | 5041773 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Denial of Service | 5041578 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Denial of Service | 5041578 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5041160 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5041160 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Denial of Service | 5041573 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38236 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38240
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38240 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 for x64-based Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 Version 1607 for 32-bit Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2012 R2 | 5043138 (Monthly Rollup) | Important | Elevation of Privilege | 5041828 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5043138 (Monthly Rollup) | Important | Elevation of Privilege | 5041828 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2016 | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Elevation of Privilege | 5041573 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38240 | George Hughey with MSRC Vulnerabilities & Mitigations |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38241
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Kernel Streaming Service Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38241 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 for x64-based Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 Version 1607 for 32-bit Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2016 | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Elevation of Privilege | 5041573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38241 | Angelboy (@scwuaptx) with DEVCORE |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38242
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Kernel Streaming Service Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38242 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 for x64-based Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 Version 1607 for 32-bit Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2016 | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Elevation of Privilege | 5041573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38242 | Angelboy (@scwuaptx) with DEVCORE |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38249
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Graphics Component Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38249 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 for x64-based Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 Version 1607 for 32-bit Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Elevation of Privilege | 5041850 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Elevation of Privilege | 5041850 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Elevation of Privilege | 5041850 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Elevation of Privilege | 5041850 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Elevation of Privilege | 5041838 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Elevation of Privilege | 5041838 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2012 | 5043125 (Monthly Rollup) | Important | Elevation of Privilege | 5041851 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 (Server Core installation) | 5043125 (Monthly Rollup) | Important | Elevation of Privilege | 5041851 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 R2 | 5043138 (Monthly Rollup) | Important | Elevation of Privilege | 5041828 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5043138 (Monthly Rollup) | Important | Elevation of Privilege | 5041828 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2016 | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Elevation of Privilege | 5041573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38249 | Marcin Wiazowski working with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38250
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Graphics Component Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38250 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Office for Android | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.16827.2xxxxx | Maybe | None |
Microsoft Office for Universal | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.14326.21xxxx | Maybe | None |
Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.89.24090815 | Maybe | None |
Windows 10 for 32-bit Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 for x64-based Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 Version 1607 for 32-bit Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Elevation of Privilege | 5041850 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Elevation of Privilege | 5041850 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Elevation of Privilege | 5041850 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Elevation of Privilege | 5041850 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Elevation of Privilege | 5041838 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Elevation of Privilege | 5041838 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2012 | 5043125 (Monthly Rollup) | Important | Elevation of Privilege | 5041851 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 (Server Core installation) | 5043125 (Monthly Rollup) | Important | Elevation of Privilege | 5041851 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 R2 | 5043138 (Monthly Rollup) | Important | Elevation of Privilege | 5041828 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5043138 (Monthly Rollup) | Important | Elevation of Privilege | 5041828 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2016 | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Elevation of Privilege | 5041573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38250 | Cristi Dudescu Cristi Dudescu Cristi Dudescu Cristi Dudescu |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38252
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38252 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1607 for 32-bit Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2016 | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Elevation of Privilege | 5041573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38252 | Benjamin Rodes with Microsoft CodeQL George Hughey with MSRC Vulnerabilities & Mitigations |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38253
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38253 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Elevation of Privilege | 5041573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38253 | George Hughey with MSRC Vulnerabilities & Mitigations Rohit Mothe with MSRC Vulnerabilities & Mitigations Benjamin Rodes with Microsoft CodeQL Devin Jensen |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38254
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Authentication Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38254 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5043083 (Security Update) | Important | Information Disclosure | 5041782 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 for x64-based Systems | 5043083 (Security Update) | Important | Information Disclosure | 5041782 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 Version 1607 for 32-bit Systems | 5043051 (Security Update) | Important | Information Disclosure | 5041773 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Information Disclosure | 5041773 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Important | Information Disclosure | 5041578 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Important | Information Disclosure | 5041578 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Important | Information Disclosure | 5041578 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Information Disclosure | 5041580 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Information Disclosure | 5041580 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Information Disclosure | 5041580 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Information Disclosure | 5041580 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Information Disclosure | 5041580 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Information Disclosure | 5041580 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Information Disclosure | 5041592 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Information Disclosure | 5041592 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Information Disclosure | 5041585 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Information Disclosure | 5041585 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Information Disclosure | 5041585 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Information Disclosure | 5041585 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Information Disclosure | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Information Disclosure | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2016 | 5043051 (Security Update) | Important | Information Disclosure | 5041773 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Information Disclosure | 5041773 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Information Disclosure | 5041578 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Information Disclosure | 5041578 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Information Disclosure | 5041160 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Information Disclosure | 5041160 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Information Disclosure | 5041573 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38254 | Rémi Jullian with Synacktiv |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38256
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel-Mode Driver Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38256 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5043083 (Security Update) | Important | Information Disclosure | 5041782 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 for x64-based Systems | 5043083 (Security Update) | Important | Information Disclosure | 5041782 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 Version 1607 for 32-bit Systems | 5043051 (Security Update) | Important | Information Disclosure | 5041773 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Information Disclosure | 5041773 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Important | Information Disclosure | 5041578 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Important | Information Disclosure | 5041578 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Important | Information Disclosure | 5041578 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Information Disclosure | 5041580 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Information Disclosure | 5041580 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Information Disclosure | 5041580 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Information Disclosure | 5041580 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Information Disclosure | 5041580 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Information Disclosure | 5041580 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Information Disclosure | 5041850 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Information Disclosure | 5041850 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Information Disclosure | 5041850 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Information Disclosure | 5041850 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Information Disclosure | 5041838 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Information Disclosure | 5041838 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2012 | 5043125 (Monthly Rollup) | Important | Information Disclosure | 5041851 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 (Server Core installation) | 5043125 (Monthly Rollup) | Important | Information Disclosure | 5041851 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 R2 | 5043138 (Monthly Rollup) | Important | Information Disclosure | 5041828 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5043138 (Monthly Rollup) | Important | Information Disclosure | 5041828 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2016 | 5043051 (Security Update) | Important | Information Disclosure | 5041773 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Information Disclosure | 5041773 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Information Disclosure | 5041578 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Information Disclosure | 5041578 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38256 | Bùi Quang Hiếu (@tykawaii98) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43463
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Visio Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43463 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Visio 2016 (32-bit edition) | 5002634 (Security Update) | Important | Remote Code Execution | 5002565 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5465.1001 | Maybe | None |
Microsoft Visio 2016 (64-bit edition) | 5002634 (Security Update) | Important | Remote Code Execution | 5002565 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5465.1001 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-43463 | c0d3nh4ck with Zscaler's ThreatLabz |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43464
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.2/TemporalScore:6.3
Executive Summary: None FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server. How could an attacker exploit the vulnerability? An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger deserialization of file's parameters. This would enable the attacker to perform remote code execution in the context of the SharePoint Server. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43464 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SharePoint Enterprise Server 2016 | 5002624 (Security Update) | Critical | Remote Code Execution | 5002618 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5465.1001 |
Maybe | 5002624 |
Microsoft SharePoint Server 2019 | 5002639 (Security Update) | Critical | Remote Code Execution | 5002615 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10414.20002 |
Maybe | 5002639 |
Microsoft SharePoint Server Subscription Edition | 5002640 (Security Update) | Critical | Remote Code Execution | 5002606 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.17928.20086 |
Maybe | 5002640 |
CVE ID | Acknowledgements |
CVE-2024-43464 | zcgonvh |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43467
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43467 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Remote Code Execution | 5041850 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Remote Code Execution | 5041850 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Remote Code Execution | 5041850 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Remote Code Execution | 5041850 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Remote Code Execution | 5041838 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Remote Code Execution | 5041838 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2012 | 5043125 (Monthly Rollup) | Important | Remote Code Execution | 5041851 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 (Server Core installation) | 5043125 (Monthly Rollup) | Important | Remote Code Execution | 5041851 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 R2 | 5043138 (Monthly Rollup) | Important | Remote Code Execution | 5041828 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5043138 (Monthly Rollup) | Important | Remote Code Execution | 5041828 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2016 | 5043051 (Security Update) | Important | Remote Code Execution | 5041773 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Remote Code Execution | 5041773 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Remote Code Execution | 5041578 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Remote Code Execution | 5041578 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5041160 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5041160 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Remote Code Execution | 5041573 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-43467 | Lewis Lee Chunyang Han Zhiniang Peng |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVE-2024-43474
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SQL Server Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.6/TemporalScore:6.6
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43474 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5042215 (Security Update) | Important | Information Disclosure | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C |
14.0.3475.1 | Maybe | None |
Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5042217 (Security Update) | Important | Information Disclosure | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C |
14.0.2060.1 | Maybe | None |
Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5042214 (Security Update) | Important | Information Disclosure | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C |
15.0.2120.1 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-43474 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43482
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Outlook for iOS Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: How do I get the update for Outlook for IOS?
Alternatively
What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43482 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Outlook for iOS | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
4.2435.0 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-43482 | Masahiro Iida with LAC Co., Ltd. |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43492
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: How can I find out what version of Teams I am running?
What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploits this vulnerability could elevate their privileges to perform commands as Root in the target environment. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43492 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft AutoUpdate for Mac | MAU (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.72 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-43492 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43465
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Excel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43465 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Excel 2016 (32-bit edition) | 5002605 (Security Update) | Important | Elevation of Privilege | 5002587 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5465.1001 | Maybe | None |
Microsoft Excel 2016 (64-bit edition) | 5002605 (Security Update) | Important | Elevation of Privilege | 5002587 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5465.1001 | Maybe | None |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.89.24090815 | Maybe | None |
Microsoft Office Online Server | 5002601 (Security Update) | Important | Elevation of Privilege | 5002503 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10414.20000 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-43465 | 0x140ce |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVE-2024-37965
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SQL Server Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-37965 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5042207 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6445.1 | Maybe | None |
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5042209 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7040.1 | Maybe | None |
Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5042215 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3475.1 | Maybe | None |
Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5042217 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2060.1 | Maybe | None |
Microsoft SQL Server 2019 for x64-based Systems (CU 28) | 5042749 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4390.2 | Yes | None |
Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5042214 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2120.1 | Yes | None |
Microsoft SQL Server 2022 for x64-based Systems (CU 14) | 5042578 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4140.3 | Yes | None |
Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5042211 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1125.1 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-37965 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVE-2024-37341
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SQL Server Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-37341 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5042207 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6445.1 | Maybe | None |
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5042209 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7040.1 | Maybe | None |
Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5042215 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3475.1 | Maybe | None |
Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5042217 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2060.1 | Maybe | None |
Microsoft SQL Server 2019 for x64-based Systems (CU 28) | 5042749 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4390.2 | Yes | None |
Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5042214 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2120.1 | Yes | None |
Microsoft SQL Server 2022 for x64-based Systems (CU 14) | 5042578 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4140.3 | Yes | None |
Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5042211 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1125.1 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-37341 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38014
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Installer Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
CVE-2024-38014 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 for x64-based Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 Version 1607 for 32-bit Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Elevation of Privilege | 5041850 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Elevation of Privilege | 5041850 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Elevation of Privilege | 5041850 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Elevation of Privilege | 5041850 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Elevation of Privilege | 5041838 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Elevation of Privilege | 5041838 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2012 | 5043125 (Monthly Rollup) | Important | Elevation of Privilege | 5041851 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 (Server Core installation) | 5043125 (Monthly Rollup) | Important | Elevation of Privilege | 5041851 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 R2 | 5043138 (Monthly Rollup) | Important | Elevation of Privilege | 5041828 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5043138 (Monthly Rollup) | Important | Elevation of Privilege | 5041828 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2016 | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Elevation of Privilege | 5041573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38014 | Michael Baer with SEC Consult Vulnerability Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38046
MITRE NVD Issuing CNA: Microsoft |
CVE Title: PowerShell Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could elevate their user privileges from those of a restrained user to an unrestrained WDAC user. Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38046 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 for x64-based Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 Version 1607 for 32-bit Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2016 | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Elevation of Privilege | 5041573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38046 | Jimmy Bayne |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38217
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mark of the Web Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.4/TemporalScore:5.0
Executive Summary: None FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker could host a file on an attacker-controlled server, then convince a targeted user to download and open the file. This could allow the attacker to interfere with the Mark of the Web functionality. Please see Additional information about Mark of the Web for further clarification Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L) and some loss of availability (A:L). What does that mean for this vulnerability? An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as SmartScreen Application Reputation security check and/or the legacy Windows Attachment Services security prompt. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Detected | Yes | Yes |
The following tables list the affected software details for the vulnerability.
CVE-2024-38217 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5043083 (Security Update) | Important | Security Feature Bypass | 5041782 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 for x64-based Systems | 5043083 (Security Update) | Important | Security Feature Bypass | 5041782 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 Version 1607 for 32-bit Systems | 5043051 (Security Update) | Important | Security Feature Bypass | 5041773 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Security Feature Bypass | 5041773 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Important | Security Feature Bypass | 5041578 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Important | Security Feature Bypass | 5041578 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Important | Security Feature Bypass | 5041578 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Security Feature Bypass | 5041580 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Security Feature Bypass | 5041580 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Security Feature Bypass | 5041580 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Security Feature Bypass | 5041580 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Security Feature Bypass | 5041580 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Security Feature Bypass | 5041580 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Security Feature Bypass | 5041592 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Security Feature Bypass | 5041592 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Security Feature Bypass | 5041585 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Security Feature Bypass | 5041585 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Security Feature Bypass | 5041585 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Security Feature Bypass | 5041585 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Security Feature Bypass | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Security Feature Bypass | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Security Feature Bypass | 5041850 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Security Feature Bypass | 5041850 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Security Feature Bypass | 5041850 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Security Feature Bypass | 5041850 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Security Feature Bypass | 5041838 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Security Feature Bypass | 5041838 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2012 | 5043125 (Monthly Rollup) | Important | Security Feature Bypass | 5041851 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 (Server Core installation) | 5043125 (Monthly Rollup) | Important | Security Feature Bypass | 5041851 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 R2 | 5043138 (Monthly Rollup) | Important | Security Feature Bypass | 5041828 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5043138 (Monthly Rollup) | Important | Security Feature Bypass | 5041828 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2016 | 5043051 (Security Update) | Important | Security Feature Bypass | 5041773 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Security Feature Bypass | 5041773 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Security Feature Bypass | 5041578 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Security Feature Bypass | 5041578 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Security Feature Bypass | 5041160 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Security Feature Bypass | 5041160 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Security Feature Bypass | 5041573 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38217 | Joe Desimone with Elastic Security |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38225
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker needs to edit the local configuration file to contain malicious code, then send the request to the server to exploit this vulnerability. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38225 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Dynamics 365 Business Central 2023 Release Wave 1 | 5042528 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
App Build 22.16.64731, Platform Build 22.0.64727 | Maybe | None |
Microsoft Dynamics 365 Business Central 2023 Release Wave 2 | 5042530 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
App Build 24.4. 22925, Platform Build 24.0. 22865 | Maybe | None |
Microsoft Dynamics 365 Business Central 2024 Release Wave 1 | 5042529 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
App Build 23.10.22604, Platform Build 23.0.22561 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-38225 | cjm00n with Cyber Kunlun & Zhiniang Peng |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38226
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Publisher Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Office macro policies used to block untrusted or malicious files. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. According to the CVSS metric, the attack vector is local (AV:L), privileges are required (PR:L) and user interaction is required (UI:R). How could an attacker exploit this security feature bypass vulnerability? The attack itself is carried out locally by a user with authentication to the targeted system. An authenticated attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
CVE-2024-38226 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Publisher 2016 (32-bit edition) | 5002566 (Security Update) | Important | Security Feature Bypass | 5002492 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5465.1001 | Maybe | None |
Microsoft Publisher 2016 (64-bit edition) | 5002566 (Security Update) | Important | Security Feature Bypass | 5002492 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5465.1001 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-38226 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38227
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.2/TemporalScore:6.3
Executive Summary: None FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server. How could an attacker exploit the vulnerability? An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger deserialization of file's parameters. This would enable the attacker to perform remote code execution in the context of the SharePoint Server. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38227 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SharePoint Enterprise Server 2016 | 5002624 (Security Update) | Important | Remote Code Execution | 5002618 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5465.1001 |
Maybe | 5002624 |
Microsoft SharePoint Server 2019 | 5002639 (Security Update) | Important | Remote Code Execution | 5002615 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10414.20002 |
Maybe | 5002639 |
Microsoft SharePoint Server Subscription Edition | 5002640 (Security Update) | Important | Remote Code Execution | 5002606 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.17928.20086 |
Maybe | 5002640 |
CVE ID | Acknowledgements |
CVE-2024-38227 | zcgonvh |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38228
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.2/TemporalScore:6.3
Executive Summary: None FAQ: How could an attacker exploit the vulnerability? An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger deserialization of file's parameters. This would enable the attacker to perform remote code execution in the context of the SharePoint Server. According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38228 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SharePoint Enterprise Server 2016 | 5002624 (Security Update) | Important | Remote Code Execution | 5002618 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5465.1001 |
Maybe | 5002624 |
Microsoft SharePoint Server 2019 | 5002639 (Security Update) | Important | Remote Code Execution | 5002615 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10414.20002 |
Maybe | 5002639 |
Microsoft SharePoint Server Subscription Edition | 5002640 (Security Update) | Important | Remote Code Execution | 5002606 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.17928.20086 |
Maybe | 5002640 |
CVE ID | Acknowledgements |
CVE-2024-38228 | cjM00n & Edwardzpeng |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38231
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Licensing Service Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: Are there additional actions I need to take after I have installed the update? No action is required from customers who are using a single license server and who are not using workgroup-joined Windows Server 2008 terminal servers. Customers using multiple license servers should refer to Use multiple remote desktop license servers for more information about the steps they need to take. Additionally, for proper license server discovery, customers using workgroup-joined Windows Server 2008 terminal servers will need to ensure that they list the RD license servers they want these terminal servers to use under Use the specified Remote Desktop license servers as detailed on this page. The License server discovery mode called "Automatically discover a license server" will no longer be supported in workgroup-joined deployment. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38231 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Denial of Service | 5041850 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Denial of Service | 5041850 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Denial of Service | 5041850 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Denial of Service | 5041850 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Denial of Service | 5041838 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Denial of Service | 5041838 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2012 | 5043125 (Monthly Rollup) | Important | Denial of Service | 5041851 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 (Server Core installation) | 5043125 (Monthly Rollup) | Important | Denial of Service | 5041851 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 R2 | 5043138 (Monthly Rollup) | Important | Denial of Service | 5041828 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5043138 (Monthly Rollup) | Important | Denial of Service | 5041828 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2016 | 5043051 (Security Update) | Important | Denial of Service | 5041773 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Denial of Service | 5041773 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Denial of Service | 5041578 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Denial of Service | 5041578 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5041160 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5041160 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Denial of Service | 5041573 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38231 | Lewis Lee Chunyang Han Zhiniang Peng |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38232
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Networking Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38232 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Denial of Service | 5041773 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 | 5043051 (Security Update) | Important | Denial of Service | 5041773 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Denial of Service | 5041773 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
CVE ID | Acknowledgements |
CVE-2024-38232 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38233
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Networking Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38233 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Denial of Service | 5041773 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 | 5043051 (Security Update) | Important | Denial of Service | 5041773 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Denial of Service | 5041773 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
CVE ID | Acknowledgements |
CVE-2024-38233 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38234
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Networking Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vulnerability. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38234 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5043083 (Security Update) | Important | Denial of Service | 5041782 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 for x64-based Systems | 5043083 (Security Update) | Important | Denial of Service | 5041782 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 Version 1607 for 32-bit Systems | 5043051 (Security Update) | Important | Denial of Service | 5041773 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Denial of Service | 5041773 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Important | Denial of Service | 5041578 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Important | Denial of Service | 5041578 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Important | Denial of Service | 5041578 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Denial of Service | 5041580 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Denial of Service | 5041580 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Denial of Service | 5041580 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Denial of Service | 5041580 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Denial of Service | 5041580 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Denial of Service | 5041580 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Denial of Service | 5041592 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Denial of Service | 5041592 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Denial of Service | 5041585 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Denial of Service | 5041585 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Denial of Service | 5041585 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Denial of Service | 5041585 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Denial of Service | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Denial of Service | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Denial of Service | 5041850 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Denial of Service | 5041850 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Denial of Service | 5041850 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Denial of Service | 5041850 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Denial of Service | 5041838 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Denial of Service | 5041838 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2012 | 5043125 (Monthly Rollup) | Important | Denial of Service | 5041851 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 (Server Core installation) | 5043125 (Monthly Rollup) | Important | Denial of Service | 5041851 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 R2 | 5043138 (Monthly Rollup) | Important | Denial of Service | 5041828 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5043138 (Monthly Rollup) | Important | Denial of Service | 5041828 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2016 | 5043051 (Security Update) | Important | Denial of Service | 5041773 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Denial of Service | 5041773 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Denial of Service | 5041578 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Denial of Service | 5041578 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5041160 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5041160 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Denial of Service | 5041573 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38234 | Wei in Kunlun Lab with Cyber KunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38235
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Hyper-V Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38235 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for x64-based Systems | 5043083 (Security Update) | Important | Denial of Service | 5041782 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Denial of Service | 5041773 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Important | Denial of Service | 5041578 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Denial of Service | 5041580 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Denial of Service | 5041580 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Denial of Service | 5041592 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Denial of Service | 5041592 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Denial of Service | 5041585 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Denial of Service | 5041585 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Denial of Service | 5041585 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Denial of Service | 5041585 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Denial of Service | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Denial of Service | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2016 | 5043051 (Security Update) | Important | Denial of Service | 5041773 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Denial of Service | 5041773 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Denial of Service | 5041578 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Denial of Service | 5041578 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5041160 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5041160 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Denial of Service | 5041573 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38235 | Thunder_J with lichoin |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38237
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38237 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 for x64-based Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 Version 1607 for 32-bit Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2016 | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Elevation of Privilege | 5041573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38237 | Angelboy (@scwuaptx) with DEVCORE |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38238
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Kernel Streaming Service Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38238 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 for x64-based Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 Version 1607 for 32-bit Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2016 | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Elevation of Privilege | 5041573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38238 | Angelboy (@scwuaptx) with DEVCORE |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38239
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kerberos Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.2/TemporalScore:6.3
Executive Summary: None FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. According to the CVSS metric, the attack complexity is high (AC:H). What does this mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker to have control over a domain controller and privileges to perform arbitrary code execution in a different trusted forest from the trusted forest containing the victim machine. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain domain administrator privileges. According to the CVSS metric, privileges required is high (PR:H). What privileges are required to exploit this vulnerability? The attacker needs to have privileges on the environment from where they are performing the attack and the environment they are targeting to be able to exploit this vulnerability. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38239 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 for x64-based Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 Version 1607 for 32-bit Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Elevation of Privilege | 5041850 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Elevation of Privilege | 5041850 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Elevation of Privilege | 5041850 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Elevation of Privilege | 5041850 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Elevation of Privilege | 5041838 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Elevation of Privilege | 5041838 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2012 | 5043125 (Monthly Rollup) | Important | Elevation of Privilege | 5041851 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 (Server Core installation) | 5043125 (Monthly Rollup) | Important | Elevation of Privilege | 5041851 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 R2 | 5043138 (Monthly Rollup) | Important | Elevation of Privilege | 5041828 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5043138 (Monthly Rollup) | Important | Elevation of Privilege | 5041828 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2016 | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Elevation of Privilege | 5041573 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38239 | Microsoft Windows Authentication Team |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38243
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Kernel Streaming Service Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38243 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 for x64-based Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 Version 1607 for 32-bit Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2016 | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Elevation of Privilege | 5041573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38243 | Angelboy (@scwuaptx) with DEVCORE |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38244
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Kernel Streaming Service Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38244 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 for x64-based Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 Version 1607 for 32-bit Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2016 | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Elevation of Privilege | 5041573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38244 | Angelboy (@scwuaptx) with DEVCORE |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38245
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Kernel Streaming Service Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38245 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 for x64-based Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 Version 1607 for 32-bit Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Elevation of Privilege | 5041850 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Elevation of Privilege | 5041850 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Elevation of Privilege | 5041850 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Elevation of Privilege | 5041850 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Elevation of Privilege | 5041838 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Elevation of Privilege | 5041838 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2012 | 5043125 (Monthly Rollup) | Important | Elevation of Privilege | 5041851 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 (Server Core installation) | 5043125 (Monthly Rollup) | Important | Elevation of Privilege | 5041851 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 R2 | 5043138 (Monthly Rollup) | Important | Elevation of Privilege | 5041828 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5043138 (Monthly Rollup) | Important | Elevation of Privilege | 5041828 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2016 | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Elevation of Privilege | 5041573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38245 | Angelboy (@scwuaptx) with DEVCORE |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38246
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38246 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Elevation of Privilege | 5041573 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38246 | Cristi Dudescu Brent Mills |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38247
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Graphics Component Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38247 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 for x64-based Systems | 5043083 (Security Update) | Important | Elevation of Privilege | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 Version 1607 for 32-bit Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Elevation of Privilege | 5041838 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Elevation of Privilege | 5041838 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2012 | 5043125 (Monthly Rollup) | Important | Elevation of Privilege | 5041851 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 (Server Core installation) | 5043125 (Monthly Rollup) | Important | Elevation of Privilege | 5041851 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 R2 | 5043138 (Monthly Rollup) | Important | Elevation of Privilege | 5041828 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5043138 (Monthly Rollup) | Important | Elevation of Privilege | 5041828 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2016 | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Elevation of Privilege | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Elevation of Privilege | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Elevation of Privilege | 5041573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38247 | Christopher Leung Christopher Leung |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38248
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Storage Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.3
Executive Summary: None FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38248 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Elevation of Privilege | 5041580 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Elevation of Privilege | 5041592 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Elevation of Privilege | 5041585 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5041160 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Elevation of Privilege | 5041573 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38248 | lm0963 with TianGongLab of Legendsec at QI-ANXIN Group |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38257
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft AllJoyn API Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38257 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1607 for 32-bit Systems | 5043051 (Security Update) | Important | Information Disclosure | 5041773 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Information Disclosure | 5041773 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Important | Information Disclosure | 5041578 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Important | Information Disclosure | 5041578 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Important | Information Disclosure | 5041578 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Information Disclosure | 5041580 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Information Disclosure | 5041580 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Information Disclosure | 5041580 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Information Disclosure | 5041580 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Information Disclosure | 5041580 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Information Disclosure | 5041580 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Information Disclosure | 5041592 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Information Disclosure | 5041592 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Information Disclosure | 5041585 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Information Disclosure | 5041585 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Information Disclosure | 5041585 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Information Disclosure | 5041585 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows Server 2016 | 5043051 (Security Update) | Important | Information Disclosure | 5041773 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Information Disclosure | 5041773 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Information Disclosure | 5041578 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Information Disclosure | 5041578 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Information Disclosure | 5041160 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Information Disclosure | 5041160 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Information Disclosure | 5041573 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38257 | Cisco Talos |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38258
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Licensing Service Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38258 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Information Disclosure | 5041850 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Information Disclosure | 5041850 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Information Disclosure | 5041850 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Information Disclosure | 5041850 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Information Disclosure | 5041838 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Information Disclosure | 5041838 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2012 | 5043125 (Monthly Rollup) | Important | Information Disclosure | 5041851 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 (Server Core installation) | 5043125 (Monthly Rollup) | Important | Information Disclosure | 5041851 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 R2 | 5043138 (Monthly Rollup) | Important | Information Disclosure | 5041828 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5043138 (Monthly Rollup) | Important | Information Disclosure | 5041828 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2016 | 5043051 (Security Update) | Important | Information Disclosure | 5041773 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Information Disclosure | 5041773 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Information Disclosure | 5041578 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Information Disclosure | 5041578 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Information Disclosure | 5041160 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Information Disclosure | 5041160 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Information Disclosure | 5041573 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38258 | Chunyang Han Chunyang Han Zhiniang Peng |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38259
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Management Console Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38259 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Remote Code Execution | 5041592 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Remote Code Execution | 5041592 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Remote Code Execution | 5041585 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Remote Code Execution | 5041585 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Remote Code Execution | 5041585 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Remote Code Execution | 5041585 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5041160 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5041160 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Remote Code Execution | 5041573 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38259 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38260
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38260 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Remote Code Execution | 5041838 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Remote Code Execution | 5041838 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2012 | 5043125 (Monthly Rollup) | Important | Remote Code Execution | 5041851 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 (Server Core installation) | 5043125 (Monthly Rollup) | Important | Remote Code Execution | 5041851 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 R2 | 5043138 (Monthly Rollup) | Important | Remote Code Execution | 5041828 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5043138 (Monthly Rollup) | Important | Remote Code Execution | 5041828 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2016 | 5043051 (Security Update) | Important | Remote Code Execution | 5041773 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Remote Code Execution | 5041773 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Remote Code Execution | 5041578 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Remote Code Execution | 5041578 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5041160 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5041160 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Remote Code Execution | 5041573 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38260 | Chunyang Han Zhiniang Peng Lewis Lee |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38263
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38263 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Remote Code Execution | 5041850 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Remote Code Execution | 5041850 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Remote Code Execution | 5041850 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Remote Code Execution | 5041850 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Remote Code Execution | 5041838 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Remote Code Execution | 5041838 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2012 | 5043125 (Monthly Rollup) | Important | Remote Code Execution | 5041851 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 (Server Core installation) | 5043125 (Monthly Rollup) | Important | Remote Code Execution | 5041851 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 R2 | 5043138 (Monthly Rollup) | Important | Remote Code Execution | 5041828 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5043138 (Monthly Rollup) | Important | Remote Code Execution | 5041828 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2016 | 5043051 (Security Update) | Important | Remote Code Execution | 5041773 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Remote Code Execution | 5041773 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Remote Code Execution | 5041578 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Remote Code Execution | 5041578 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5041160 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5041160 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Remote Code Execution | 5041573 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38263 | Lewis Lee Chunyang Han Zhiniang Peng |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-21416
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows TCP/IP Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to have a deep understanding of the system and the ability to manipulate its components to trigger a specific condition. Successful exploitation is not guaranteed and depends on a combination of factors that may include the environment, system configuration, and the presence of additional security measures. How could an attacker exploit this vulnerability? An attacker must send a specially crafted request to a Windows machine that has NetNAT service configured, which is a non-default configuration. In addition, specific network conditions must exist for exploitation to succeed. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-21416 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Important | Remote Code Execution | 5041578 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Important | Remote Code Execution | 5041578 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Important | Remote Code Execution | 5041578 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Remote Code Execution | 5041580 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Remote Code Execution | 5041580 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Remote Code Execution | 5041580 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Remote Code Execution | 5041580 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Remote Code Execution | 5041580 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Remote Code Execution | 5041580 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Remote Code Execution | 5041592 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Remote Code Execution | 5041592 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Remote Code Execution | 5041585 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Remote Code Execution | 5041585 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Remote Code Execution | 5041585 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Remote Code Execution | 5041585 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2019 | 5043050 (Security Update) | Important | Remote Code Execution | 5041578 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Remote Code Execution | 5041578 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5041160 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5041160 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Remote Code Execution | 5041573 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-21416 | Wei in Kunlun Lab with Cyber KunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38045
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows TCP/IP Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to have a deep understanding of the system and the ability to manipulate its components to trigger a specific condition. Successful exploitation is not guaranteed and depends on a combination of factors that may include the environment, system configuration, and the presence of additional security measures. How could an attacker exploit this vulnerability? An attacker must send a specially crafted request to a Windows machine that has NetNAT service configured, which is a non-default configuration. In addition, specific network conditions must exist for exploitation to succeed. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38045 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Important | Remote Code Execution | 5041578 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Important | Remote Code Execution | 5041578 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Important | Remote Code Execution | 5041578 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Remote Code Execution | 5041580 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Remote Code Execution | 5041580 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Remote Code Execution | 5041580 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Remote Code Execution | 5041580 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Remote Code Execution | 5041580 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Remote Code Execution | 5041580 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Remote Code Execution | 5041592 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Remote Code Execution | 5041592 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Remote Code Execution | 5041585 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Remote Code Execution | 5041585 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Remote Code Execution | 5041585 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Remote Code Execution | 5041585 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2019 | 5043050 (Security Update) | Important | Remote Code Execution | 5041578 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Remote Code Execution | 5041578 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5041160 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5041160 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Remote Code Execution | 5041573 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38045 | Wei in Kunlun Lab with Cyber KunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38119
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Network Address Translation (NAT) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38119 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5043083 (Security Update) | Critical | Remote Code Execution | 5041782 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 for x64-based Systems | 5043083 (Security Update) | Critical | Remote Code Execution | 5041782 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 Version 1607 for 32-bit Systems | 5043051 (Security Update) | Critical | Remote Code Execution | 5041773 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Critical | Remote Code Execution | 5041773 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Critical | Remote Code Execution | 5041578 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Critical | Remote Code Execution | 5041578 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Critical | Remote Code Execution | 5041578 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Critical | Remote Code Execution | 5041580 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Critical | Remote Code Execution | 5041580 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Critical | Remote Code Execution | 5041580 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Critical | Remote Code Execution | 5041580 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Critical | Remote Code Execution | 5041580 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Critical | Remote Code Execution | 5041580 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Critical | Remote Code Execution | 5041592 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Critical | Remote Code Execution | 5041592 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Critical | Remote Code Execution | 5041585 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Critical | Remote Code Execution | 5041585 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Critical | Remote Code Execution | 5041585 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Critical | Remote Code Execution | 5041585 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Critical | Remote Code Execution | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Critical | Remote Code Execution | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2016 | 5043051 (Security Update) | Critical | Remote Code Execution | 5041773 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Critical | Remote Code Execution | 5041773 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Critical | Remote Code Execution | 5041578 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Critical | Remote Code Execution | 5041578 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5041160 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5041160 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Critical | Remote Code Execution | 5041573 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38119 | Wei in Kunlun Lab with Cyber KunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43454
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.1/TemporalScore:6.2
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L) and a total loss of Integrity (I:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability enables an attacker to perform arbitrary file deletion (I:H). That file deletion might result in partial loss of component availability. (A:L). According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43454 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Remote Code Execution | 5041850 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Remote Code Execution | 5041850 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Remote Code Execution | 5041850 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Remote Code Execution | 5041850 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Remote Code Execution | 5041838 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Remote Code Execution | 5041838 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2012 | 5043125 (Monthly Rollup) | Important | Remote Code Execution | 5041851 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 (Server Core installation) | 5043125 (Monthly Rollup) | Important | Remote Code Execution | 5041851 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 R2 | 5043138 (Monthly Rollup) | Important | Remote Code Execution | 5041828 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5043138 (Monthly Rollup) | Important | Remote Code Execution | 5041828 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2016 | 5043051 (Security Update) | Important | Remote Code Execution | 5041773 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Remote Code Execution | 5041773 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Remote Code Execution | 5041578 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Remote Code Execution | 5041578 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5041160 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5041160 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Remote Code Execution | 5041573 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-43454 | Chunyang Han Zhiniang Peng Lewis Lee |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43455
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Licensing Service Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? To successfully exploit this vulnerability an attacker must send specially crafted requests to the Terminal Server Licensing Service, which must be running and accessible over the network. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43455 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Spoofing | 5041850 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Spoofing | 5041850 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Spoofing | 5041850 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Spoofing | 5041850 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Spoofing | 5041838 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5043129 (Monthly Rollup) 5043092 (Security Only) |
Important | Spoofing | 5041838 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 | Yes | None |
Windows Server 2012 | 5043125 (Monthly Rollup) | Important | Spoofing | 5041851 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 (Server Core installation) | 5043125 (Monthly Rollup) | Important | Spoofing | 5041851 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 R2 | 5043138 (Monthly Rollup) | Important | Spoofing | 5041828 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5043138 (Monthly Rollup) | Important | Spoofing | 5041828 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2016 | 5043051 (Security Update) | Important | Spoofing | 5041773 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Spoofing | 5041773 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Spoofing | 5041578 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Spoofing | 5041578 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Spoofing | 5041160 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Spoofing | 5041160 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Spoofing | 5041573 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-43455 | Chunyang Han Zhiniang Peng Lewis Lee |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43457
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Setup and Deployment Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43457 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 |
CVE ID | Acknowledgements |
CVE-2024-43457 | Will Dormann with Vul Labs |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43458
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Networking Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.7/TemporalScore:6.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43458 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Information Disclosure | 5041773 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 | 5043051 (Security Update) | Important | Information Disclosure | 5041773 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Information Disclosure | 5041773 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
CVE ID | Acknowledgements |
CVE-2024-43458 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43461
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows MSHTML Platform Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43461 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5043083 (Security Update) | Important | Spoofing | 5041782 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 for x64-based Systems | 5043083 (Security Update) | Important | Spoofing | 5041782 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 Version 1607 for 32-bit Systems | 5043051 (Security Update) | Important | Spoofing | 5041773 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Spoofing | 5041773 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Important | Spoofing | 5041578 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Important | Spoofing | 5041578 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Important | Spoofing | 5041578 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Spoofing | 5041580 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Spoofing | 5041580 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Spoofing | 5041580 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Spoofing | 5041580 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Spoofing | 5041580 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Spoofing | 5041580 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Spoofing | 5041592 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Spoofing | 5041592 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Spoofing | 5041585 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Spoofing | 5041585 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Spoofing | 5041585 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Spoofing | 5041585 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Spoofing | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Spoofing | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Spoofing | 5041850 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Spoofing | 5041850 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Spoofing | 5041850 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Spoofing | 5041850 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5043092 (Security Only) 5043049 (IE Cumulative) |
Important | Spoofing | 5041770 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 1.001 |
Yes Maybe |
None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5043092 (Security Only) 5043049 (IE Cumulative) |
Important | Spoofing | 5041770 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 1.001 |
Yes Maybe |
None |
Windows Server 2012 | 5043125 (Monthly Rollup) 5043049 (IE Cumulative) |
Important | Spoofing | 5041851 5041770 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 1.001 |
Yes | None |
Windows Server 2012 (Server Core installation) | 5043125 (Monthly Rollup) | Important | Spoofing | 5041851 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 R2 | 5043138 (Monthly Rollup) 5043049 (IE Cumulative) |
Important | Spoofing | 5041828 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 1.001 |
Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5043138 (Monthly Rollup) | Important | Spoofing | 5041828 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2016 | 5043051 (Security Update) | Important | Spoofing | 5041773 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Spoofing | 5041773 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Spoofing | 5041578 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Spoofing | 5041578 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Spoofing | 5041160 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Spoofing | 5041160 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Spoofing | 5041573 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-43461 | Michael Macelletti, Naiyi Jiang and Adel with Microsoft Peter Girnus (@gothburz) of Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43466
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43466 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SharePoint Enterprise Server 2016 | 5002624 (Security Update) | Important | Denial of Service | 5002618 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
16.0.5465.1001 |
Maybe | 5002624 |
Microsoft SharePoint Server 2019 | 5002639 (Security Update) | Important | Denial of Service | 5002615 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
16.0.10414.20002 |
Maybe | 5002639 |
Microsoft SharePoint Server Subscription Edition | 5002640 (Security Update) | Important | Denial of Service | 5002606 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
16.0.17928.20086 |
Maybe | 5002640 |
CVE ID | Acknowledgements |
CVE-2024-43466 | Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43469
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure CycleCloud Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker with basic user permissions can send specially crafted requests to modify the configuration of an Azure CycleCloud cluster to gain Root level permissions enabling them to execute commands on any Azure CycleCloud cluster in the current instance and in some scenarios, compromise administrator credentials. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43469 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure CycleCloud 8.0.0 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.4 | Maybe | None |
Azure CycleCloud 8.0.1 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.4 | Maybe | None |
Azure CycleCloud 8.0.2 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.4 | Maybe | None |
Azure CycleCloud 8.1.0 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.4 | Maybe | None |
Azure CycleCloud 8.1.1 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.4 | Maybe | None |
Azure CycleCloud 8.2.0 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.4 | Maybe | None |
Azure CycleCloud 8.2.1 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.4 | Maybe | None |
Azure CycleCloud 8.2.2 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.4 | Maybe | None |
Azure CycleCloud 8.3.0 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.4 | Maybe | None |
Azure CycleCloud 8.4.0 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.4 | Maybe | None |
Azure CycleCloud 8.4.1 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.4 | Maybe | None |
Azure CycleCloud 8.4.2 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.4 | Maybe | None |
Azure CycleCloud 8.5.0 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.4 | Maybe | None |
Azure CycleCloud 8.6.0 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.4 | Maybe | None |
Azure CycleCloud 8.6.1 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.4 | Maybe | None |
Azure CycleCloud 8.6.2 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.4 | Maybe | None |
Azure CycleCloud 8.6.3 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.4 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-43469 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43470
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: None FAQ: Is there any action I need to take to be protected from this vulnerability? If you have enabled automatic updates, you will automatically receive the update as soon as it is available. If you have not enabled automatic updates, you will need to update the product manually. Please see Update Network Watcher extension to the latest version - Azure Virtual Machines | Microsoft Learn for more information. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires an admin user to stop or restart the service. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43470 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Network Watcher VM Extension for Windows | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-43470 | R4nger & Zhiniang Peng |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43475
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Windows Admin Center Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? This attack requires a admin user on the client to connect to a malicious server and then take specific actions which could result in information disclosure. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker must have permissions to access the target domain environment to be able to exploit this vulnerability. What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43475 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Information Disclosure | 5041850 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Information Disclosure | 5041850 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Information Disclosure | 5041850 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Information Disclosure | 5041850 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
CVE ID | Acknowledgements |
CVE-2024-43475 | Fangming Gu Qinghe Xie |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43476
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.6/TemporalScore:6.6
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to navigate to a page with malicious content to be compromised by the attacker. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43476 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Dynamics 365 (on-premises) version 9.1 | 5043254 (Security Update) | Important | Spoofing | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
9.1.32 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-43476 | batram |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||
CVE-2024-43479
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Power Automate Desktop Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.5/TemporalScore:7.4
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H) and availability (A:H). What does that mean for this vulnerability? The attacker can execute arbitrary Desktop Flows scripts in the target user session by registering the machine to their own malicious Entra tenant, extracting the user's Sid, and creating a malicious AD domain with the same Sid. This allows them to mint valid Entra ID tokens that the attacked machine will trust to run desktop automation in the session of the user with the matching Sid. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An attacker who successfully exploited this vulnerability could remotely execute arbitrary Desktop Flows script in an active open Windows session of the target user. How do I get the updated app? See Troubleshoot desktop flow action failures for update information. How can I check if the update is installed? Refer to the following table for the fixed build version that addresses this vulnerability.
Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43479 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Power Automate for Desktop | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.5 Temporal: 7.4 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
2.47.119.24249 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-43479 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30073
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Security Zone Mapping Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An URL path could be constructed by an attacker in such a way that the URL’s Zone is interpreted as belonging to a more privileged zone The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30073 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5043083 (Security Update) | Important | Security Feature Bypass | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 for x64-based Systems | 5043083 (Security Update) | Important | Security Feature Bypass | 5041782 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 Version 1607 for 32-bit Systems | 5043051 (Security Update) | Important | Security Feature Bypass | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Important | Security Feature Bypass | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Important | Security Feature Bypass | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Important | Security Feature Bypass | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Important | Security Feature Bypass | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Important | Security Feature Bypass | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Security Feature Bypass | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Important | Security Feature Bypass | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Important | Security Feature Bypass | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Important | Security Feature Bypass | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Important | Security Feature Bypass | 5041580 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 11 version 21H2 for ARM64-based Systems | 5043067 (Security Update) | Important | Security Feature Bypass | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 version 21H2 for x64-based Systems | 5043067 (Security Update) | Important | Security Feature Bypass | 5041592 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3197 |
Yes | 5043067 |
Windows 11 Version 22H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Security Feature Bypass | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 22H2 for x64-based Systems | 5043076 (Security Update) | Important | Security Feature Bypass | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for ARM64-based Systems | 5043076 (Security Update) | Important | Security Feature Bypass | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4169 |
Yes | 5043076 |
Windows 11 Version 23H2 for x64-based Systems | 5043076 (Security Update) | Important | Security Feature Bypass | 5041585 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4169 |
Yes | 5043076 |
Windows 11 Version 24H2 for ARM64-based Systems | 5043080 (Security Update) | Important | Security Feature Bypass | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows 11 Version 24H2 for x64-based Systems | 5043080 (Security Update) | Important | Security Feature Bypass | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.1742 |
Yes | 5043080 | |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) 5043049 (IE Cumulative) |
Important | Security Feature Bypass | 5041850 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 1.001 |
Yes Maybe |
5043135 5043087 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Security Feature Bypass | 5041850 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5043135 (Monthly Rollup) 5043087 (Security Only) 5043049 (IE Cumulative) |
Important | Security Feature Bypass | 5041850 5041770 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 1.001 |
Yes | 5043135 5043087 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5043135 (Monthly Rollup) 5043087 (Security Only) |
Important | Security Feature Bypass | 5041850 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22870 |
Yes | 5043135 5043087 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5043129 (Monthly Rollup) 5043092 (Security Only) 5043049 (IE Cumulative) |
Important | Security Feature Bypass | 5041838 5041770 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 1.001 |
Yes Maybe |
None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5043129 (Monthly Rollup) 5043092 (Security Only) 5043049 (IE Cumulative) |
Important | Security Feature Bypass | 5041838 5041770 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27320 1.001 |
Yes Maybe |
None |
Windows Server 2012 | 5043049 (IE Cumulative) 5043125 (Monthly Rollup) |
Important | Security Feature Bypass | 5041770 5041851 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
1.001 6.2.9200.25073 |
Yes | None |
Windows Server 2012 (Server Core installation) | 5043125 (Monthly Rollup) | Important | Security Feature Bypass | 5041851 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 R2 | 5043138 (Monthly Rollup) 5043049 (IE Cumulative) |
Important | Security Feature Bypass | 5041828 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 1.001 |
Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5043138 (Monthly Rollup) | Important | Security Feature Bypass | 5041828 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2016 | 5043051 (Security Update) | Important | Security Feature Bypass | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Important | Security Feature Bypass | 5041773 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Important | Security Feature Bypass | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Important | Security Feature Bypass | 5041578 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2022 | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Security Feature Bypass | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022 (Server Core installation) | 5042881 (Security Update) 5042880 (SecurityHotpatchUpdate) |
Important | Security Feature Bypass | 5041160 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2700 10.0.20348.2695 |
Yes | 5042881 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5043055 (Security Update) | Important | Security Feature Bypass | 5041573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1128 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30073 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43487
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mark of the Web Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.0
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass the SmartScreen user experience. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Moderate | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43487 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5043083 (Security Update) | Moderate | Security Feature Bypass | 5041782 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 for x64-based Systems | 5043083 (Security Update) | Moderate | Security Feature Bypass | 5041782 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 Version 1607 for 32-bit Systems | 5043051 (Security Update) | Moderate | Security Feature Bypass | 5041773 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1607 for x64-based Systems | 5043051 (Security Update) | Moderate | Security Feature Bypass | 5041773 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows 10 Version 1809 for 32-bit Systems | 5043050 (Security Update) | Moderate | Security Feature Bypass | 5041578 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5043050 (Security Update) | Moderate | Security Feature Bypass | 5041578 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5043050 (Security Update) | Moderate | Security Feature Bypass | 5041578 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5043064 (Security Update) | Moderate | Security Feature Bypass | 5041580 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for ARM64-based Systems | 5043064 (Security Update) | Moderate | Security Feature Bypass | 5041580 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 21H2 for x64-based Systems | 5043064 (Security Update) | Moderate | Security Feature Bypass | 5041580 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.19044.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for 32-bit Systems | 5043064 (Security Update) | Moderate | Security Feature Bypass | 5041580 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for ARM64-based Systems | 5043064 (Security Update) | Moderate | Security Feature Bypass | 5041580 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.19041.4894 |
Yes | 5043064 |
Windows 10 Version 22H2 for x64-based Systems | 5043064 (Security Update) | Moderate | Security Feature Bypass | 5041580 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.19045.4894 |
Yes | 5043064 |
Windows Server 2012 | 5043125 (Monthly Rollup) | Moderate | Security Feature Bypass | 5041851 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 (Server Core installation) | 5043125 (Monthly Rollup) | Moderate | Security Feature Bypass | 5041851 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
6.2.9200.25073 | Yes | None |
Windows Server 2012 R2 | 5043138 (Monthly Rollup) | Moderate | Security Feature Bypass | 5041828 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5043138 (Monthly Rollup) | Moderate | Security Feature Bypass | 5041828 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
6.3.9600.22175 | Yes | None |
Windows Server 2016 | 5043051 (Security Update) | Moderate | Security Feature Bypass | 5041773 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2016 (Server Core installation) | 5043051 (Security Update) | Moderate | Security Feature Bypass | 5041773 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.14393.7336 |
Yes | 5043051 |
Windows Server 2019 | 5043050 (Security Update) | Moderate | Security Feature Bypass | 5041578 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
Windows Server 2019 (Server Core installation) | 5043050 (Security Update) | Moderate | Security Feature Bypass | 5041578 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C |
10.0.17763.6293 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-43487 | Mandar Sadye with Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43491
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Windows Update Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.8/TemporalScore:8.5
Executive Summary: Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability. This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order. Note: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions are still under support. FAQ: How do I restore the fixes that this Windows Servicing Stack vulnerability rolled back? Customers need to install both the servicing stack update (KB5043936) AND security update (KB5043083), released on September 10, 2024, to be fully protected from the vulnerabilities that this CVE rolled back. For more information see KB5043083. Customers whose systems are configured to receive automatic updates do not need to take any further action. This CVE is marked as Exploitation Detected. Has Microsoft seen this vulnerability exploited in the wild? This CVE documents the rollback of fixes that addressed vulnerabilities which affected some Optional Components for Windows 10 (version 1507). Some of these CVEs were known to be exploited, but no exploitation of CVE-2024-43491 itself has been detected. In addition, the Windows product team at Microsoft discovered this issue, and we have seen no evidence that it is publicly known. Are there any actions I can take to prevent the rollback of previously fixed CVEs that this vulnerability caused? No. If you have installed any of the previous security updates released between March and August 2024, the rollbacks of the fixes for CVEs affecting Optional Components have already occurred. To restore these fixes customers need to install the September 2024 Servicing Stack Update and Security Update for Windows 10. For more information see KB5043083. Why were previously fixed CVEs rolled back? Starting with the Windows security update released March 12, 2024 - KB5035858 (OS Build 10240.20526), the build version numbers crossed into a range that triggered a code defect in the Windows 10 (version 1507) servicing stack that handles the applicability of Optional Components. As a result, any Optional Component that was serviced with updates released since March 12, 2024 (KB5035858) was detected as "not applicable" by the servicing stack and was reverted to its RTM version. Are all installations of Windows vulnerable? No. Only Windows 10 (version 1507) (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) with Optional Components enabled from the following list are vulnerable. All other versions of Windows 10 released since November 2015 are not affected.
Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
CVE-2024-43491 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5043083 (Security Update) | Critical | Remote Code Execution | 5041782 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
Windows 10 for x64-based Systems | 5043083 (Security Update) | Critical | Remote Code Execution | 5041782 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20766 |
Yes | 5043083 |
CVE ID | Acknowledgements |
CVE-2024-43491 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43495
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows libarchive Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? An authenticated attacker with guest privileges must send the victim a malicious RAR file and convince them to open it. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. This CVE was addressed by updates that were released in July 2024, but the CVE was inadvertently omitted from the July 2024 Security Updates. This is an informational change only. Customers who have already installed the July 2024 updates do not need to take any further action. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43495 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Remote Code Execution | 5039236 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 |
Yes | 5040438 |
CVE ID | Acknowledgements |
CVE-2024-43495 | wh1tc & Zhiniang Peng HAO LI with Venustech ADLab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38194
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure Web Apps Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.4/TemporalScore:7.3
Executive Summary: An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network. FAQ: Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability? This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. This purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Critical | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38194 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Web Apps | Critical | Elevation of Privilege | None | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C |
Unknown | Unknown | None |
CVE ID | Acknowledgements |
CVE-2024-38194 | Shimi Gersner with Azure Networking Security Research (ANSR), Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVE-2024-37980
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SQL Server Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. Mitigations: None Workarounds: None Revision: 1.0    10-Sep-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-37980 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5042207 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6445.1 | Maybe | None |
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5042209 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7040.1 | Maybe | None |
Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5042215 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3475.1 | Maybe | None |
Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5042217 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2060.1 | Maybe | None |
Microsoft SQL Server 2019 for x64-based Systems (CU 28) | 5042749 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4390.2 | Yes | None |
Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5042214 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2120.1 | Yes | None |
Microsoft SQL Server 2022 for x64-based Systems (CU 14) | 5042578 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4140.3 | Yes | None |
Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5042211 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1125.1 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-37980 | Anonymous |