Microsoft CVE Summary

This report contains detail for the following vulnerabilities:

CVE Issued by Tag CVE ID CVE Title
MicrosoftAzure CycleCloud CVE-2024-43469 Azure CycleCloud Remote Code Execution Vulnerability
MicrosoftAzure Network Watcher CVE-2024-38188 Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
MicrosoftAzure Network Watcher CVE-2024-43470 Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
MicrosoftAzure Stack CVE-2024-38216 Azure Stack Hub Elevation of Privilege Vulnerability
MicrosoftAzure Stack CVE-2024-38220 Azure Stack Hub Elevation of Privilege Vulnerability
MicrosoftAzure Web Apps CVE-2024-38194 Azure Web Apps Elevation of Privilege Vulnerability
MicrosoftDynamics Business Central CVE-2024-38225 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
MicrosoftMicrosoft AutoUpdate (MAU) CVE-2024-43492 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
MicrosoftMicrosoft Dynamics 365 (on-premises) CVE-2024-43476 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
MicrosoftMicrosoft Graphics Component CVE-2024-38247 Windows Graphics Component Elevation of Privilege Vulnerability
MicrosoftMicrosoft Graphics Component CVE-2024-38250 Windows Graphics Component Elevation of Privilege Vulnerability
MicrosoftMicrosoft Graphics Component CVE-2024-38249 Windows Graphics Component Elevation of Privilege Vulnerability
MicrosoftMicrosoft Management Console CVE-2024-38259 Microsoft Management Console Remote Code Execution Vulnerability
MicrosoftMicrosoft Office Excel CVE-2024-43465 Microsoft Excel Elevation of Privilege Vulnerability
MicrosoftMicrosoft Office Publisher CVE-2024-38226 Microsoft Publisher Security Feature Bypass Vulnerability
MicrosoftMicrosoft Office SharePoint CVE-2024-38227 Microsoft SharePoint Server Remote Code Execution Vulnerability
MicrosoftMicrosoft Office SharePoint CVE-2024-43464 Microsoft SharePoint Server Remote Code Execution Vulnerability
MicrosoftMicrosoft Office SharePoint CVE-2024-38018 Microsoft SharePoint Server Remote Code Execution Vulnerability
MicrosoftMicrosoft Office SharePoint CVE-2024-38228 Microsoft SharePoint Server Remote Code Execution Vulnerability
MicrosoftMicrosoft Office SharePoint CVE-2024-43466 Microsoft SharePoint Server Denial of Service Vulnerability
MicrosoftMicrosoft Office Visio CVE-2024-43463 Microsoft Office Visio Remote Code Execution Vulnerability
MicrosoftMicrosoft Outlook for iOS CVE-2024-43482 Microsoft Outlook for iOS Information Disclosure Vulnerability
MicrosoftMicrosoft Streaming Service CVE-2024-38245 Kernel Streaming Service Driver Elevation of Privilege Vulnerability
MicrosoftMicrosoft Streaming Service CVE-2024-38241 Kernel Streaming Service Driver Elevation of Privilege Vulnerability
MicrosoftMicrosoft Streaming Service CVE-2024-38242 Kernel Streaming Service Driver Elevation of Privilege Vulnerability
MicrosoftMicrosoft Streaming Service CVE-2024-38244 Kernel Streaming Service Driver Elevation of Privilege Vulnerability
MicrosoftMicrosoft Streaming Service CVE-2024-38243 Kernel Streaming Service Driver Elevation of Privilege Vulnerability
MicrosoftMicrosoft Streaming Service CVE-2024-38237 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
MicrosoftMicrosoft Streaming Service CVE-2024-38238 Kernel Streaming Service Driver Elevation of Privilege Vulnerability
MicrosoftPower Automate CVE-2024-43479 Microsoft Power Automate Desktop Remote Code Execution Vulnerability
MicrosoftRole: Windows Hyper-V CVE-2024-38235 Windows Hyper-V Denial of Service Vulnerability
MicrosoftSQL Server CVE-2024-37338 Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
MicrosoftSQL Server CVE-2024-37980 Microsoft SQL Server Elevation of Privilege Vulnerability
MicrosoftSQL Server CVE-2024-26191 Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
MicrosoftSQL Server CVE-2024-37339 Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
MicrosoftSQL Server CVE-2024-37337 Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
MicrosoftSQL Server CVE-2024-26186 Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
MicrosoftSQL Server CVE-2024-37342 Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
MicrosoftSQL Server CVE-2024-43474 Microsoft SQL Server Information Disclosure Vulnerability
MicrosoftSQL Server CVE-2024-37335 Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
MicrosoftSQL Server CVE-2024-37966 Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
MicrosoftSQL Server CVE-2024-37340 Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
MicrosoftSQL Server CVE-2024-37965 Microsoft SQL Server Elevation of Privilege Vulnerability
MicrosoftSQL Server CVE-2024-37341 Microsoft SQL Server Elevation of Privilege Vulnerability
MicrosoftWindows Admin Center CVE-2024-43475 Microsoft Windows Admin Center Information Disclosure Vulnerability
MicrosoftWindows AllJoyn API CVE-2024-38257 Microsoft AllJoyn API Information Disclosure Vulnerability
MicrosoftWindows Authentication Methods CVE-2024-38254 Windows Authentication Information Disclosure Vulnerability
MicrosoftWindows DHCP Server CVE-2024-38236 DHCP Server Service Denial of Service Vulnerability
MicrosoftWindows Installer CVE-2024-38014 Windows Installer Elevation of Privilege Vulnerability
MicrosoftWindows Kerberos CVE-2024-38239 Windows Kerberos Elevation of Privilege Vulnerability
MicrosoftWindows Kernel-Mode Drivers CVE-2024-38256 Windows Kernel-Mode Driver Information Disclosure Vulnerability
MicrosoftWindows Libarchive CVE-2024-43495 Windows libarchive Remote Code Execution Vulnerability
MicrosoftWindows Mark of the Web (MOTW) CVE-2024-38217 Windows Mark of the Web Security Feature Bypass Vulnerability
MicrosoftWindows Mark of the Web (MOTW) CVE-2024-43487 Windows Mark of the Web Security Feature Bypass Vulnerability
MicrosoftWindows MSHTML Platform CVE-2024-43461 Windows MSHTML Platform Spoofing Vulnerability
MicrosoftWindows Network Address Translation (NAT) CVE-2024-38119 Windows Network Address Translation (NAT) Remote Code Execution Vulnerability
MicrosoftWindows Network Virtualization CVE-2024-38232 Windows Networking Denial of Service Vulnerability
MicrosoftWindows Network Virtualization CVE-2024-38233 Windows Networking Denial of Service Vulnerability
MicrosoftWindows Network Virtualization CVE-2024-38234 Windows Networking Denial of Service Vulnerability
MicrosoftWindows Network Virtualization CVE-2024-43458 Windows Networking Information Disclosure Vulnerability
MicrosoftWindows PowerShell CVE-2024-38046 PowerShell Elevation of Privilege Vulnerability
MicrosoftWindows Remote Access Connection Manager CVE-2024-38240 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
MicrosoftWindows Remote Desktop Licensing Service CVE-2024-38231 Windows Remote Desktop Licensing Service Denial of Service Vulnerability
MicrosoftWindows Remote Desktop Licensing Service CVE-2024-38258 Windows Remote Desktop Licensing Service Information Disclosure Vulnerability
MicrosoftWindows Remote Desktop Licensing Service CVE-2024-43467 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
MicrosoftWindows Remote Desktop Licensing Service CVE-2024-43454 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
MicrosoftWindows Remote Desktop Licensing Service CVE-2024-38263 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
MicrosoftWindows Remote Desktop Licensing Service CVE-2024-38260 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
MicrosoftWindows Remote Desktop Licensing Service CVE-2024-43455 Windows Remote Desktop Licensing Service Spoofing Vulnerability
MicrosoftWindows Security Zone Mapping CVE-2024-30073 Windows Security Zone Mapping Security Feature Bypass Vulnerability
MicrosoftWindows Setup and Deployment CVE-2024-43457 Windows Setup and Deployment Elevation of Privilege Vulnerability
MicrosoftWindows Standards-Based Storage Management Service CVE-2024-38230 Windows Standards-Based Storage Management Service Denial of Service Vulnerability
MicrosoftWindows Storage CVE-2024-38248 Windows Storage Elevation of Privilege Vulnerability
MicrosoftWindows TCP/IP CVE-2024-21416 Windows TCP/IP Remote Code Execution Vulnerability
MicrosoftWindows TCP/IP CVE-2024-38045 Windows TCP/IP Remote Code Execution Vulnerability
MicrosoftWindows Update CVE-2024-43491 Microsoft Windows Update Remote Code Execution Vulnerability
MicrosoftWindows Win32K - GRFX CVE-2024-38246 Win32k Elevation of Privilege Vulnerability
MicrosoftWindows Win32K - ICOMP CVE-2024-38252 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
MicrosoftWindows Win32K - ICOMP CVE-2024-38253 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

CVE-2024-37338 - Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-37338
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an authenticated attacker to leverage SQL Server Native Scoring to apply pre-trained models to their data without moving it out of the database.


I am running SQL Server on my system. What action do I need to take?

Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.

I am running my own application on my system. What action do I need to take?

Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.

I am running an application from a software vendor on my system. What action do I need to take?

Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability

There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?

  • First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185 - How to determine the version, edition, and update level of SQL Server and its components.
  • Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.

Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.

Update Number Title Apply if current product version is… This security update also includes servicing releases up through…
5042578 Security update for SQL Server 2022 CU14+GDR 16.0.4003.1 - 16.0.4135.4 KB 5038325 - SQL2022 RTM CU14
5042211 Security update for SQL Server 2022 RTM+GDR 16.0.1000.6 - 16.0.1121.4 KB 5040936 - Previous SQL2022 RTM GDR
5042749 Security update for SQL Server 2019 CU28+GDR 15.0.4003.23 - 15.0.4385.2 KB 5039747 - SQL2019 RTM CU28
5042214 Security update for SQL Server 2019 RTM+GDR 15.0.2000.5 - 15.0.2116.2 KB 5040986 - Previous SQL2019 RTM GDR
5042215 Security update for SQL Server 2017 CU31+GDR 14.0.3006.16 - 14.0.3471.2 KB 5040940 - SQL2017 RTM CU31
5042217 Security update for SQL Server 2017 RTM+GDR 14.0.1000.169 - 14.0.2056.2 KB 5040942 - Previous SQL2017 RTM GDR
5042209 Security update for SQL 2016 Azure Connect Feature Pack 13.0.7000.253 - 13.0.7037.1 KB 5040944 - SQL2016 Azure Connect Feature Pack
5042207 Security update for SQL Server 2016 SP3 RTM+GDR 13.0.6300.2 - 13.0.6441.1 KB 5040946 - Previous SQL2016 RTM GDR

What are the GDR and CU update designations and how do they differ?

The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.

  • GDR updates – cumulatively only contain security updates for the given baseline.
  • CU updates – cumulatively contain all functional fixes and security updates for the given baseline.

For any given baseline, either the GDR or CU updates could be options (see below).

  • If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.
  • If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.
  • If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.

Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.

Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?

Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.


Mitigations:
None
Workarounds:
None
Revision:
1.0    10-Sep-24    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-37338
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft SQL Server 2017 for x64-based Systems (CU 31) 5042215 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
14.0.3475.1 Maybe None
Microsoft SQL Server 2017 for x64-based Systems (GDR) 5042217 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
14.0.2060.1 Maybe None
Microsoft SQL Server 2019 for x64-based Systems (CU 28) 5042749 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
15.0.4390.2 Yes None
Microsoft SQL Server 2019 for x64-based Systems (GDR) 5042214 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
15.0.2120.1 Yes None
Microsoft SQL Server 2022 for x64-based Systems (CU 14) 5042578 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.4140.3 Yes None
Microsoft SQL Server 2022 for x64-based Systems (GDR) 5042211 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.1125.1 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-37338 Andrew Ruddick with Microsoft Security Response Center


CVE-2024-37966 - Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-37966
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.1/TemporalScore:6.2
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityLow
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an authenticated attacker to leverage SQL Server Native Scoring to apply pre-trained models to their data without moving it out of the database.


What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.


I am running SQL Server on my system. What action do I need to take?

Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.

I am running my own application on my system. What action do I need to take?

Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.

I am running an application from a software vendor on my system. What action do I need to take?

Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability

There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?

  • First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185 - How to determine the version, edition, and update level of SQL Server and its components.
  • Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.

Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.

Update Number Title Apply if current product version is… This security update also includes servicing releases up through…
5042578 Security update for SQL Server 2022 CU14+GDR 16.0.4003.1 - 16.0.4135.4 KB 5038325 - SQL2022 RTM CU14
5042211 Security update for SQL Server 2022 RTM+GDR 16.0.1000.6 - 16.0.1121.4 KB 5040936 - Previous SQL2022 RTM GDR
5042749 Security update for SQL Server 2019 CU28+GDR 15.0.4003.23 - 15.0.4385.2 KB 5039747 - SQL2019 RTM CU28
5042214 Security update for SQL Server 2019 RTM+GDR 15.0.2000.5 - 15.0.2116.2 KB 5040986 - Previous SQL2019 RTM GDR
5042215 Security update for SQL Server 2017 CU31+GDR 14.0.3006.16 - 14.0.3471.2 KB 5040940 - SQL2017 RTM CU31
5042217 Security update for SQL Server 2017 RTM+GDR 14.0.1000.169 - 14.0.2056.2 KB 5040942 - Previous SQL2017 RTM GDR
5042209 Security update for SQL 2016 Azure Connect Feature Pack 13.0.7000.253 - 13.0.7037.1 KB 5040944 - SQL2016 Azure Connect Feature Pack
5042207 Security update for SQL Server 2016 SP3 RTM+GDR 13.0.6300.2 - 13.0.6441.1 KB 5040946 - Previous SQL2016 RTM GDR

What are the GDR and CU update designations and how do they differ?

The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.

  • GDR updates – cumulatively only contain security updates for the given baseline.
  • CU updates – cumulatively contain all functional fixes and security updates for the given baseline.

For any given baseline, either the GDR or CU updates could be options (see below).

  • If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.
  • If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.
  • If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.

Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.

Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?

Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.


Mitigations:
None
Workarounds:
None
Revision:
1.0    10-Sep-24    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-37966
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft SQL Server 2017 for x64-based Systems (CU 31) 5042215 (Security Update) Important Information Disclosure None Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
14.0.3475.1 Maybe None
Microsoft SQL Server 2017 for x64-based Systems (GDR) 5042217 (Security Update) Important Information Disclosure None Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
14.0.2060.1 Maybe None
Microsoft SQL Server 2019 for x64-based Systems (CU 28) 5042749 (Security Update) Important Information Disclosure None Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
15.0.4390.2 Yes None
Microsoft SQL Server 2019 for x64-based Systems (GDR) 5042214 (Security Update) Important Information Disclosure None Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
15.0.2120.1 Yes None
Microsoft SQL Server 2022 for x64-based Systems (CU 14) 5042578 (Security Update) Important Information Disclosure None Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
16.0.4140.3 Yes None
Microsoft SQL Server 2022 for x64-based Systems (GDR) 5042211 (Security Update) Important Information Disclosure None Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
16.0.1125.1 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-37966 Andrew Ruddick with Microsoft Security Response Center


CVE-2024-37335 - Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-37335
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an authenticated attacker to leverage SQL Server Native Scoring to apply pre-trained models to their data without moving it out of the database.


I am running SQL Server on my system. What action do I need to take?

Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.

I am running my own application on my system. What action do I need to take?

Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.

I am running an application from a software vendor on my system. What action do I need to take?

Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability

There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?

  • First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185 - How to determine the version, edition, and update level of SQL Server and its components.
  • Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.

Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.

Update Number Title Apply if current product version is… This security update also includes servicing releases up through…
5042578 Security update for SQL Server 2022 CU14+GDR 16.0.4003.1 - 16.0.4135.4 KB 5038325 - SQL2022 RTM CU14
5042211 Security update for SQL Server 2022 RTM+GDR 16.0.1000.6 - 16.0.1121.4 KB 5040936 - Previous SQL2022 RTM GDR
5042749 Security update for SQL Server 2019 CU28+GDR 15.0.4003.23 - 15.0.4385.2 KB 5039747 - SQL2019 RTM CU28
5042214 Security update for SQL Server 2019 RTM+GDR 15.0.2000.5 - 15.0.2116.2 KB 5040986 - Previous SQL2019 RTM GDR
5042215 Security update for SQL Server 2017 CU31+GDR 14.0.3006.16 - 14.0.3471.2 KB 5040940 - SQL2017 RTM CU31
5042217 Security update for SQL Server 2017 RTM+GDR 14.0.1000.169 - 14.0.2056.2 KB 5040942 - Previous SQL2017 RTM GDR
5042209 Security update for SQL 2016 Azure Connect Feature Pack 13.0.7000.253 - 13.0.7037.1 KB 5040944 - SQL2016 Azure Connect Feature Pack
5042207 Security update for SQL Server 2016 SP3 RTM+GDR 13.0.6300.2 - 13.0.6441.1 KB 5040946 - Previous SQL2016 RTM GDR

What are the GDR and CU update designations and how do they differ?

The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.

  • GDR updates – cumulatively only contain security updates for the given baseline.
  • CU updates – cumulatively contain all functional fixes and security updates for the given baseline.

For any given baseline, either the GDR or CU updates could be options (see below).

  • If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.
  • If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.
  • If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.

Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.

Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?

Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.


Mitigations:
None
Workarounds:
None
Revision:
1.0    10-Sep-24    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-37335
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft SQL Server 2017 for x64-based Systems (CU 31) 5042215 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
14.0.3475.1 Maybe None
Microsoft SQL Server 2017 for x64-based Systems (GDR) 5042217 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
14.0.2060.1 Maybe None
Microsoft SQL Server 2019 for x64-based Systems (CU 28) 5042749 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
15.0.4390.2 Yes None
Microsoft SQL Server 2019 for x64-based Systems (GDR) 5042214 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
15.0.2120.1 Yes None
Microsoft SQL Server 2022 for x64-based Systems (CU 14) 5042578 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.4140.3 Yes None
Microsoft SQL Server 2022 for x64-based Systems (GDR) 5042211 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.1125.1 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-37335 Andrew Ruddick with Microsoft Security Response Center


CVE-2024-37340 - Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-37340
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an authenticated attacker to leverage SQL Server Native Scoring to apply pre-trained models to their data without moving it out of the database.


I am running SQL Server on my system. What action do I need to take?

Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.

I am running my own application on my system. What action do I need to take?

Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.

I am running an application from a software vendor on my system. What action do I need to take?

Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability

There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?

  • First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185 - How to determine the version, edition, and update level of SQL Server and its components.
  • Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.

Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.

Update Number Title Apply if current product version is… This security update also includes servicing releases up through…
5042578 Security update for SQL Server 2022 CU14+GDR 16.0.4003.1 - 16.0.4135.4 KB 5038325 - SQL2022 RTM CU14
5042211 Security update for SQL Server 2022 RTM+GDR 16.0.1000.6 - 16.0.1121.4 KB 5040936 - Previous SQL2022 RTM GDR
5042749 Security update for SQL Server 2019 CU28+GDR 15.0.4003.23 - 15.0.4385.2 KB 5039747 - SQL2019 RTM CU28
5042214 Security update for SQL Server 2019 RTM+GDR 15.0.2000.5 - 15.0.2116.2 KB 5040986 - Previous SQL2019 RTM GDR
5042215 Security update for SQL Server 2017 CU31+GDR 14.0.3006.16 - 14.0.3471.2 KB 5040940 - SQL2017 RTM CU31
5042217 Security update for SQL Server 2017 RTM+GDR 14.0.1000.169 - 14.0.2056.2 KB 5040942 - Previous SQL2017 RTM GDR
5042209 Security update for SQL 2016 Azure Connect Feature Pack 13.0.7000.253 - 13.0.7037.1 KB 5040944 - SQL2016 Azure Connect Feature Pack
5042207 Security update for SQL Server 2016 SP3 RTM+GDR 13.0.6300.2 - 13.0.6441.1 KB 5040946 - Previous SQL2016 RTM GDR

What are the GDR and CU update designations and how do they differ?

The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.

  • GDR updates – cumulatively only contain security updates for the given baseline.
  • CU updates – cumulatively contain all functional fixes and security updates for the given baseline.

For any given baseline, either the GDR or CU updates could be options (see below).

  • If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.
  • If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.
  • If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.

Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.

Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?

Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.


Mitigations:
None
Workarounds:
None
Revision:
1.0    10-Sep-24    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-37340
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft SQL Server 2017 for x64-based Systems (CU 31) 5042215 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
14.0.3475.1 Maybe None
Microsoft SQL Server 2017 for x64-based Systems (GDR) 5042217 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
14.0.2060.1 Maybe None
Microsoft SQL Server 2019 for x64-based Systems (CU 28) 5042749 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
15.0.4390.2 Yes None
Microsoft SQL Server 2019 for x64-based Systems (GDR) 5042214 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
15.0.2120.1 Yes None
Microsoft SQL Server 2022 for x64-based Systems (CU 14) 5042578 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.4140.3 Yes None
Microsoft SQL Server 2022 for x64-based Systems (GDR) 5042211 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.1125.1 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-37340 Andrew Ruddick with Microsoft Security Response Center


CVE-2024-37339 - Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-37339
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an authenticated attacker to leverage SQL Server Native Scoring to apply pre-trained models to their data without moving it out of the database.


I am running SQL Server on my system. What action do I need to take?

Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.

I am running my own application on my system. What action do I need to take?

Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.

I am running an application from a software vendor on my system. What action do I need to take?

Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability

There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?

  • First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185 - How to determine the version, edition, and update level of SQL Server and its components.
  • Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.

Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.

Update Number Title Apply if current product version is… This security update also includes servicing releases up through…
5042578 Security update for SQL Server 2022 CU14+GDR 16.0.4003.1 - 16.0.4135.4 KB 5038325 - SQL2022 RTM CU14
5042211 Security update for SQL Server 2022 RTM+GDR 16.0.1000.6 - 16.0.1121.4 KB 5040936 - Previous SQL2022 RTM GDR
5042749 Security update for SQL Server 2019 CU28+GDR 15.0.4003.23 - 15.0.4385.2 KB 5039747 - SQL2019 RTM CU28
5042214 Security update for SQL Server 2019 RTM+GDR 15.0.2000.5 - 15.0.2116.2 KB 5040986 - Previous SQL2019 RTM GDR
5042215 Security update for SQL Server 2017 CU31+GDR 14.0.3006.16 - 14.0.3471.2 KB 5040940 - SQL2017 RTM CU31
5042217 Security update for SQL Server 2017 RTM+GDR 14.0.1000.169 - 14.0.2056.2 KB 5040942 - Previous SQL2017 RTM GDR
5042209 Security update for SQL 2016 Azure Connect Feature Pack 13.0.7000.253 - 13.0.7037.1 KB 5040944 - SQL2016 Azure Connect Feature Pack
5042207 Security update for SQL Server 2016 SP3 RTM+GDR 13.0.6300.2 - 13.0.6441.1 KB 5040946 - Previous SQL2016 RTM GDR

What are the GDR and CU update designations and how do they differ?

The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.

  • GDR updates – cumulatively only contain security updates for the given baseline.
  • CU updates – cumulatively contain all functional fixes and security updates for the given baseline.

For any given baseline, either the GDR or CU updates could be options (see below).

  • If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.
  • If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.
  • If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.

Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.

Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?

Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.


Mitigations:
None
Workarounds:
None
Revision:
1.0    10-Sep-24    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-37339
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft SQL Server 2017 for x64-based Systems (CU 31) 5042215 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
14.0.3475.1 Maybe None
Microsoft SQL Server 2017 for x64-based Systems (GDR) 5042217 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
14.0.2060.1 Maybe None
Microsoft SQL Server 2019 for x64-based Systems (CU 28) 5042749 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
15.0.4390.2 Yes None
Microsoft SQL Server 2019 for x64-based Systems (GDR) 5042214 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
15.0.2120.1 Yes None
Microsoft SQL Server 2022 for x64-based Systems (CU 14) 5042578 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.4140.3 Yes None
Microsoft SQL Server 2022 for x64-based Systems (GDR) 5042211 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.1125.1 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-37339 Andrew Ruddick with Microsoft Security Response Center


CVE-2024-37337 - Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-37337
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.1/TemporalScore:6.2
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityLow
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an authenticated attacker to leverage SQL Server Native Scoring to apply pre-trained models to their data without moving it out of the database.


What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.


I am running SQL Server on my system. What action do I need to take?

Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.

I am running my own application on my system. What action do I need to take?

Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.

I am running an application from a software vendor on my system. What action do I need to take?

Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability

There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?

  • First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185 - How to determine the version, edition, and update level of SQL Server and its components.
  • Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.

Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.

Update Number Title Apply if current product version is… This security update also includes servicing releases up through…
5042578 Security update for SQL Server 2022 CU14+GDR 16.0.4003.1 - 16.0.4135.4 KB 5038325 - SQL2022 RTM CU14
5042211 Security update for SQL Server 2022 RTM+GDR 16.0.1000.6 - 16.0.1121.4 KB 5040936 - Previous SQL2022 RTM GDR
5042749 Security update for SQL Server 2019 CU28+GDR 15.0.4003.23 - 15.0.4385.2 KB 5039747 - SQL2019 RTM CU28
5042214 Security update for SQL Server 2019 RTM+GDR 15.0.2000.5 - 15.0.2116.2 KB 5040986 - Previous SQL2019 RTM GDR
5042215 Security update for SQL Server 2017 CU31+GDR 14.0.3006.16 - 14.0.3471.2 KB 5040940 - SQL2017 RTM CU31
5042217 Security update for SQL Server 2017 RTM+GDR 14.0.1000.169 - 14.0.2056.2 KB 5040942 - Previous SQL2017 RTM GDR
5042209 Security update for SQL 2016 Azure Connect Feature Pack 13.0.7000.253 - 13.0.7037.1 KB 5040944 - SQL2016 Azure Connect Feature Pack
5042207 Security update for SQL Server 2016 SP3 RTM+GDR 13.0.6300.2 - 13.0.6441.1 KB 5040946 - Previous SQL2016 RTM GDR

What are the GDR and CU update designations and how do they differ?

The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.

  • GDR updates – cumulatively only contain security updates for the given baseline.
  • CU updates – cumulatively contain all functional fixes and security updates for the given baseline.

For any given baseline, either the GDR or CU updates could be options (see below).

  • If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.
  • If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.
  • If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.

Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.

Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?

Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.


Mitigations:
None
Workarounds:
None
Revision:
1.0    10-Sep-24    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-37337
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft SQL Server 2017 for x64-based Systems (CU 31) 5042215 (Security Update) Important Information Disclosure None Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
14.0.3475.1 Maybe None
Microsoft SQL Server 2017 for x64-based Systems (GDR) 5042217 (Security Update) Important Information Disclosure None Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
14.0.2060.1 Maybe None
Microsoft SQL Server 2019 for x64-based Systems (CU 28) 5042749 (Security Update) Important Information Disclosure None Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
15.0.4390.2 Yes None
Microsoft SQL Server 2019 for x64-based Systems (GDR) 5042214 (Security Update) Important Information Disclosure None Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
15.0.2120.1 Yes None
Microsoft SQL Server 2022 for x64-based Systems (CU 14) 5042578 (Security Update) Important Information Disclosure None Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
16.0.4140.3 Yes None
Microsoft SQL Server 2022 for x64-based Systems (GDR) 5042211 (Security Update) Important Information Disclosure None Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
16.0.1125.1 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-37337 Andrew Ruddick with Microsoft Security Response Center


CVE-2024-37342 - Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-37342
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.1/TemporalScore:6.2
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityLow
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an authenticated attacker to leverage SQL Server Native Scoring to apply pre-trained models to their data without moving it out of the database.


What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.


I am running SQL Server on my system. What action do I need to take?

Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.

I am running my own application on my system. What action do I need to take?

Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.

I am running an application from a software vendor on my system. What action do I need to take?

Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability

There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?

  • First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185 - How to determine the version, edition, and update level of SQL Server and its components.
  • Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.

Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.

Update Number Title Apply if current product version is… This security update also includes servicing releases up through…
5042578 Security update for SQL Server 2022 CU14+GDR 16.0.4003.1 - 16.0.4135.4 KB 5038325 - SQL2022 RTM CU14
5042211 Security update for SQL Server 2022 RTM+GDR 16.0.1000.6 - 16.0.1121.4 KB 5040936 - Previous SQL2022 RTM GDR
5042749 Security update for SQL Server 2019 CU28+GDR 15.0.4003.23 - 15.0.4385.2 KB 5039747 - SQL2019 RTM CU28
5042214 Security update for SQL Server 2019 RTM+GDR 15.0.2000.5 - 15.0.2116.2 KB 5040986 - Previous SQL2019 RTM GDR
5042215 Security update for SQL Server 2017 CU31+GDR 14.0.3006.16 - 14.0.3471.2 KB 5040940 - SQL2017 RTM CU31
5042217 Security update for SQL Server 2017 RTM+GDR 14.0.1000.169 - 14.0.2056.2 KB 5040942 - Previous SQL2017 RTM GDR
5042209 Security update for SQL 2016 Azure Connect Feature Pack 13.0.7000.253 - 13.0.7037.1 KB 5040944 - SQL2016 Azure Connect Feature Pack
5042207 Security update for SQL Server 2016 SP3 RTM+GDR 13.0.6300.2 - 13.0.6441.1 KB 5040946 - Previous SQL2016 RTM GDR

What are the GDR and CU update designations and how do they differ?

The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.

  • GDR updates – cumulatively only contain security updates for the given baseline.
  • CU updates – cumulatively contain all functional fixes and security updates for the given baseline.

For any given baseline, either the GDR or CU updates could be options (see below).

  • If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.
  • If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.
  • If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.

Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.

Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?

Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.


Mitigations:
None
Workarounds:
None
Revision:
1.0    10-Sep-24    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-37342
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft SQL Server 2017 for x64-based Systems (CU 31) 5042215 (Security Update) Important Information Disclosure None Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
14.0.3475.1 Maybe None
Microsoft SQL Server 2017 for x64-based Systems (GDR) 5042217 (Security Update) Important Information Disclosure None Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
14.0.2060.1 Maybe None
Microsoft SQL Server 2019 for x64-based Systems (CU 28) 5042749 (Security Update) Important Information Disclosure None Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
15.0.4390.2 Yes None
Microsoft SQL Server 2019 for x64-based Systems (GDR) 5042214 (Security Update) Important Information Disclosure None Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
15.0.2120.1 Yes None
Microsoft SQL Server 2022 for x64-based Systems (CU 14) 5042578 (Security Update) Important Information Disclosure None Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
16.0.4140.3 Yes None
Microsoft SQL Server 2022 for x64-based Systems (GDR) 5042211 (Security Update) Important Information Disclosure None Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
16.0.1125.1 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-37342 Andrew Ruddick with Microsoft Security Response Center


CVE-2024-26186 - Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-26186
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an authenticated attacker to leverage SQL Server Native Scoring to apply pre-trained models to their data without moving it out of the database.


I am running SQL Server on my system. What action do I need to take?

Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.

I am running my own application on my system. What action do I need to take?

Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.

I am running an application from a software vendor on my system. What action do I need to take?

Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability

There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?

  • First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185 - How to determine the version, edition, and update level of SQL Server and its components.
  • Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.

Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.

Update Number Title Apply if current product version is… This security update also includes servicing releases up through…
5042578 Security update for SQL Server 2022 CU14+GDR 16.0.4003.1 - 16.0.4135.4 KB 5038325 - SQL2022 RTM CU14
5042211 Security update for SQL Server 2022 RTM+GDR 16.0.1000.6 - 16.0.1121.4 KB 5040936 - Previous SQL2022 RTM GDR
5042749 Security update for SQL Server 2019 CU28+GDR 15.0.4003.23 - 15.0.4385.2 KB 5039747 - SQL2019 RTM CU28
5042214 Security update for SQL Server 2019 RTM+GDR 15.0.2000.5 - 15.0.2116.2 KB 5040986 - Previous SQL2019 RTM GDR
5042215 Security update for SQL Server 2017 CU31+GDR 14.0.3006.16 - 14.0.3471.2 KB 5040940 - SQL2017 RTM CU31
5042217 Security update for SQL Server 2017 RTM+GDR 14.0.1000.169 - 14.0.2056.2 KB 5040942 - Previous SQL2017 RTM GDR
5042209 Security update for SQL 2016 Azure Connect Feature Pack 13.0.7000.253 - 13.0.7037.1 KB 5040944 - SQL2016 Azure Connect Feature Pack
5042207 Security update for SQL Server 2016 SP3 RTM+GDR 13.0.6300.2 - 13.0.6441.1 KB 5040946 - Previous SQL2016 RTM GDR

What are the GDR and CU update designations and how do they differ?

The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.

  • GDR updates – cumulatively only contain security updates for the given baseline.
  • CU updates – cumulatively contain all functional fixes and security updates for the given baseline.

For any given baseline, either the GDR or CU updates could be options (see below).

  • If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.
  • If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.
  • If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.

Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.

Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?

Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.


Mitigations:
None
Workarounds:
None
Revision:
1.0    10-Sep-24    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-26186
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft SQL Server 2017 for x64-based Systems (CU 31) 5042215 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
14.0.3475.1 Maybe None
Microsoft SQL Server 2017 for x64-based Systems (GDR) 5042217 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
14.0.2060.1 Maybe None
Microsoft SQL Server 2019 for x64-based Systems (CU 28) 5042749 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
15.0.4390.2 Yes None
Microsoft SQL Server 2019 for x64-based Systems (GDR) 5042214 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
15.0.2120.1 Yes None
Microsoft SQL Server 2022 for x64-based Systems (CU 14) 5042578 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.4140.3 Yes None
Microsoft SQL Server 2022 for x64-based Systems (GDR) 5042211 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.1125.1 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-26186 Andrew Ruddick with Microsoft Security Response Center


CVE-2024-26191 - Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-26191
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an authenticated attacker to leverage SQL Server Native Scoring to apply pre-trained models to their data without moving it out of the database.


I am running SQL Server on my system. What action do I need to take?

Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.

I am running my own application on my system. What action do I need to take?

Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.

I am running an application from a software vendor on my system. What action do I need to take?

Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability

There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?

  • First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185 - How to determine the version, edition, and update level of SQL Server and its components.
  • Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.

Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.

Update Number Title Apply if current product version is… This security update also includes servicing releases up through…
5042578 Security update for SQL Server 2022 CU14+GDR 16.0.4003.1 - 16.0.4135.4 KB 5038325 - SQL2022 RTM CU14
5042211 Security update for SQL Server 2022 RTM+GDR 16.0.1000.6 - 16.0.1121.4 KB 5040936 - Previous SQL2022 RTM GDR
5042749 Security update for SQL Server 2019 CU28+GDR 15.0.4003.23 - 15.0.4385.2 KB 5039747 - SQL2019 RTM CU28
5042214 Security update for SQL Server 2019 RTM+GDR 15.0.2000.5 - 15.0.2116.2 KB 5040986 - Previous SQL2019 RTM GDR
5042215 Security update for SQL Server 2017 CU31+GDR 14.0.3006.16 - 14.0.3471.2 KB 5040940 - SQL2017 RTM CU31
5042217 Security update for SQL Server 2017 RTM+GDR 14.0.1000.169 - 14.0.2056.2 KB 5040942 - Previous SQL2017 RTM GDR
5042209 Security update for SQL 2016 Azure Connect Feature Pack 13.0.7000.253 - 13.0.7037.1 KB 5040944 - SQL2016 Azure Connect Feature Pack
5042207 Security update for SQL Server 2016 SP3 RTM+GDR 13.0.6300.2 - 13.0.6441.1 KB 5040946 - Previous SQL2016 RTM GDR

What are the GDR and CU update designations and how do they differ?

The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.

  • GDR updates – cumulatively only contain security updates for the given baseline.
  • CU updates – cumulatively contain all functional fixes and security updates for the given baseline.

For any given baseline, either the GDR or CU updates could be options (see below).

  • If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.
  • If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.
  • If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.

Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.

Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?

Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.


Mitigations:
None
Workarounds:
None
Revision:
1.0    10-Sep-24    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-26191
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft SQL Server 2017 for x64-based Systems (CU 31) 5042215 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
14.0.3475.1 Maybe None
Microsoft SQL Server 2017 for x64-based Systems (GDR) 5042217 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
14.0.2060.1 Maybe None
Microsoft SQL Server 2019 for x64-based Systems (CU 28) 5042749 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
15.0.4390.2 Yes None
Microsoft SQL Server 2019 for x64-based Systems (GDR) 5042214 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
15.0.2120.1 Yes None
Microsoft SQL Server 2022 for x64-based Systems (CU 14) 5042578 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.4140.3 Yes None
Microsoft SQL Server 2022 for x64-based Systems (GDR) 5042211 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.1125.1 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-26191 Andrew Ruddick with Microsoft Security Response Center


CVE-2024-38018 - Microsoft SharePoint Server Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-38018
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

How could an attacker exploit the vulnerability?

In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the SharePoint Server.


Mitigations:
None
Workarounds:
None
Revision:
1.0    10-Sep-24    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-38018
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft SharePoint Enterprise Server 2016 5002624 (Security Update) Critical Remote Code Execution 5002618
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.5465.1001
Maybe 5002624
Microsoft SharePoint Server 2019 5002639 (Security Update) Critical Remote Code Execution 5002615
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.10414.20002
Maybe 5002639
Microsoft SharePoint Server Subscription Edition 5002640 (Security Update) Critical Remote Code Execution 5002606
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.17928.20086
Maybe 5002640

Acknowledgements

CVE ID Acknowledgements
CVE-2024-38018 Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative


CVE-2024-38216 - Azure Stack Hub Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-38216
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Azure Stack Hub Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.2/TemporalScore:7.1
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeChanged
ConfidentialityHigh
IntegrityLow
AvailabilityLow
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, user interaction is required (UI:R) and privileges required are low (PR:L). What does that mean for this vulnerability?

An authenticated attacker must wait for a victim user to initiate a connection.


What privileges could an attacker gain with a successful exploitation?

An attacker who successfully exploited this vulnerability could gain unauthorized access to system resources, potentially allowing them to perform actions with the same privileges as the compromised process.

This could lead to further system compromise and unauthorized actions within the network.


According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

This vulnerability could lead to the attacker gaining the ability to interact with other tenant’s applications and content.


Mitigations:
None
Workarounds:
None
Revision:
1.0    10-Sep-24    

Information published.


Critical Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-38216
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Stack Hub Release Notes (Security Update) Critical Elevation of Privilege None Base: 8.2
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L/E:U/RL:O/RC:C
1.2311.1.22. Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-38216 Felix Boulet with Centre gouvernemental de cyberdéfense (CGCD)


Mathieu Fiore Laroche with Centre gouvernemental de cyberdéfense (CGCD)


CVE-2024-38220 - Azure Stack Hub Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-38220
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Azure Stack Hub Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:9.0/TemporalScore:7.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

This vulnerability could lead to the attacker gaining the ability to interact with other tenant’s applications and content.


What privileges could an attacker gain with a successful exploitation?

An attacker who successfully exploited this vulnerability could gain unauthorized access to system resources, potentially allowing them to perform actions with the same privileges as the compromised process.

This could lead to further system compromise and unauthorized actions within the network.


According to the CVSS metric, user interaction is required (UI:R) and privileges required are low (PR:L). What does that mean for this vulnerability?

An authenticated attacker must wait for a victim user to initiate a connection.


Mitigations:
None
Workarounds:
None
Revision:
1.0    10-Sep-24    

Information published.


Critical Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-38220
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Stack Hub Release Notes (Security Update) Critical Elevation of Privilege None Base: 9.0
Temporal: 7.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
1.2311.1.22. Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-38220 Mathieu Fiore Laroche with Centre gouvernemental de cyberdéfense (CGCD)


CVE-2024-38188 - Azure Network Watcher VM Agent Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-38188
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.1/TemporalScore:6.2
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

Is there any action I need to take to be protected from this vulnerability?

If you have enabled automatic updates, you will automatically receive the update as soon as it is available. If you have not enabled automatic updates, you will need to update the product manually.

Please see Update Network Watcher extension to the latest version - Azure Virtual Machines | Microsoft Learn for more information.


What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could create, modify, or delete files in the security context of the NT AUTHORITY\SYSTEM account.


According to the CVSS metrics, successful exploitation of this vulnerability does nor impact confidentiality (C:N), but has major impact on integrity (I:H) and availability (A:H). What does that mean for this vulnerability?

Exploitation of this vulnerability does not disclose any confidential information but allows an attacker to modify or delete files containing data which could cause the service to become unavailable.


Mitigations:
None
Workarounds:
None
Revision:
1.0    10-Sep-24    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-38188
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Network Watcher VM Extension for Windows Release Notes (Security Update) Important Elevation of Privilege None Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Unknown Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-38188 Filip Dragović


CVE-2024-38230 - Windows Standards-Based Storage Management Service Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-38230
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Standards-Based Storage Management Service Denial of Service Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    10-Sep-24    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-38230
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows Server 2012 R2 5043138 (Monthly Rollup) Important Denial of Service 5041828 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.3.9600.22175 Yes None
Windows Server 2012 R2 (Server Core installation) 5043138 (Monthly Rollup) Important Denial of Service 5041828 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.3.9600.22175 Yes None
Windows Server 2016 5043051 (Security Update) Important Denial of Service 5041773
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows Server 2016 (Server Core installation) 5043051 (Security Update) Important Denial of Service 5041773
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows Server 2019 5043050 (Security Update) Important Denial of Service 5041578 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows Server 2019 (Server Core installation) 5043050 (Security Update) Important Denial of Service 5041578 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows Server 2022 5042881 (Security Update)
5042880 (SecurityHotpatchUpdate)
Important Denial of Service 5041160
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.20348.2700

10.0.20348.2695
Yes 5042881
Windows Server 2022 (Server Core installation) 5042881 (Security Update)
5042880 (SecurityHotpatchUpdate)
Important Denial of Service 5041160
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.20348.2700

10.0.20348.2695
Yes 5042881

Acknowledgements

CVE ID Acknowledgements
CVE-2024-38230 k0shl with Kunlun Lab


CVE-2024-38236 - DHCP Server Service Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-38236
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: DHCP Server Service Denial of Service Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    10-Sep-24    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-38236
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows Server 2008 for 32-bit Systems Service Pack 2 5043135 (Monthly Rollup)
5043087 (Security Only)
Important Denial of Service 5041850
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.0.6003.22870
Yes 5043135
5043087
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5043135 (Monthly Rollup)
5043087 (Security Only)
Important Denial of Service 5041850
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.0.6003.22870
Yes 5043135
5043087
Windows Server 2008 for x64-based Systems Service Pack 2 5043135 (Monthly Rollup)
5043087 (Security Only)
Important Denial of Service 5041850
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.0.6003.22870
Yes 5043135
5043087
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5043135 (Monthly Rollup)
5043087 (Security Only)
Important Denial of Service 5041850
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.0.6003.22870
Yes 5043135
5043087
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5043129 (Monthly Rollup)
5043092 (Security Only)
Important Denial of Service 5041838
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.1.7601.27320 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5043129 (Monthly Rollup)
5043092 (Security Only)
Important Denial of Service 5041838
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.1.7601.27320 Yes None
Windows Server 2012 5043125 (Monthly Rollup) Important Denial of Service 5041851 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.2.9200.25073 Yes None
Windows Server 2012 (Server Core installation) 5043125 (Monthly Rollup) Important Denial of Service 5041851 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.2.9200.25073 Yes None
Windows Server 2012 R2 5043138 (Monthly Rollup) Important Denial of Service 5041828 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.3.9600.22175 Yes None
Windows Server 2012 R2 (Server Core installation) 5043138 (Monthly Rollup) Important Denial of Service 5041828 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.3.9600.22175 Yes None
Windows Server 2016 5043051 (Security Update) Important Denial of Service 5041773
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows Server 2016 (Server Core installation) 5043051 (Security Update) Important Denial of Service 5041773
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows Server 2019 5043050 (Security Update) Important Denial of Service 5041578 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows Server 2019 (Server Core installation) 5043050 (Security Update) Important Denial of Service 5041578 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows Server 2022 5042881 (Security Update)
5042880 (SecurityHotpatchUpdate)
Important Denial of Service 5041160
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.20348.2700

10.0.20348.2695
Yes 5042881
Windows Server 2022 (Server Core installation) 5042881 (Security Update)
5042880 (SecurityHotpatchUpdate)
Important Denial of Service 5041160
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.20348.2700

10.0.20348.2695
Yes 5042881
Windows Server 2022, 23H2 Edition (Server Core installation) 5043055 (Security Update) Important Denial of Service 5041573 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.25398.1128 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-38236 Anonymous


CVE-2024-38240 - Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-38240
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?

The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.


What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    10-Sep-24    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-38240
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5043083 (Security Update) Important Elevation of Privilege 5041782
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20766
Yes 5043083
Windows 10 for x64-based Systems 5043083 (Security Update) Important Elevation of Privilege 5041782
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20766
Yes 5043083
Windows 10 Version 1607 for 32-bit Systems 5043051 (Security Update) Important Elevation of Privilege 5041773
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows 10 Version 1607 for x64-based Systems 5043051 (Security Update) Important Elevation of Privilege 5041773
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows 10 Version 1809 for 32-bit Systems 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows 10 Version 1809 for x64-based Systems 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5043064 (Security Update) Important Elevation of Privilege 5041580
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4894
Yes 5043064
Windows 10 Version 21H2 for ARM64-based Systems 5043064 (Security Update) Important Elevation of Privilege 5041580
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4894
Yes 5043064
Windows 10 Version 21H2 for x64-based Systems 5043064 (Security Update) Important Elevation of Privilege 5041580
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4894
Yes 5043064
Windows 10 Version 22H2 for 32-bit Systems 5043064 (Security Update) Important Elevation of Privilege
5041580
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4894
Yes 5043064
Windows 10 Version 22H2 for ARM64-based Systems 5043064 (Security Update) Important Elevation of Privilege
5041580
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19041.4894
Yes 5043064
Windows 10 Version 22H2 for x64-based Systems 5043064 (Security Update) Important Elevation of Privilege
5041580
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4894
Yes 5043064
Windows 11 version 21H2 for ARM64-based Systems 5043067 (Security Update) Important Elevation of Privilege 5041592
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3197
Yes 5043067
Windows 11 version 21H2 for x64-based Systems 5043067 (Security Update) Important Elevation of Privilege 5041592
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3197
Yes 5043067
Windows 11 Version 22H2 for ARM64-based Systems 5043076 (Security Update) Important Elevation of Privilege 5041585
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4169
Yes 5043076
Windows 11 Version 22H2 for x64-based Systems 5043076 (Security Update) Important Elevation of Privilege 5041585
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4169
Yes 5043076
Windows 11 Version 23H2 for ARM64-based Systems 5043076 (Security Update) Important Elevation of Privilege 5041585
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4169
Yes 5043076
Windows 11 Version 23H2 for x64-based Systems 5043076 (Security Update) Important Elevation of Privilege
5041585
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.4169
Yes 5043076
Windows 11 Version 24H2 for ARM64-based Systems 5043080 (Security Update) Important Elevation of Privilege Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.1742
Yes 5043080
Windows 11 Version 24H2 for x64-based Systems 5043080 (Security Update) Important Elevation of Privilege Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.1742
Yes 5043080
Windows Server 2012 R2 5043138 (Monthly Rollup) Important Elevation of Privilege 5041828 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22175 Yes None
Windows Server 2012 R2 (Server Core installation) 5043138 (Monthly Rollup) Important Elevation of Privilege 5041828 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22175 Yes None
Windows Server 2016 5043051 (Security Update) Important Elevation of Privilege 5041773
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows Server 2016 (Server Core installation) 5043051 (Security Update) Important Elevation of Privilege 5041773
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows Server 2019 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows Server 2019 (Server Core installation) 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows Server 2022 5042881 (Security Update)
5042880 (SecurityHotpatchUpdate)
Important Elevation of Privilege 5041160
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2700

10.0.20348.2695
Yes 5042881
Windows Server 2022 (Server Core installation) 5042881 (Security Update)
5042880 (SecurityHotpatchUpdate)
Important Elevation of Privilege 5041160
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2700

10.0.20348.2695
Yes 5042881
Windows Server 2022, 23H2 Edition (Server Core installation) 5043055 (Security Update) Important Elevation of Privilege 5041573 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.1128 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-38240 George Hughey with MSRC Vulnerabilities & Mitigations


CVE-2024-38241 - Kernel Streaming Service Driver Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-38241
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Kernel Streaming Service Driver Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?

The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.


What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    10-Sep-24    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-38241
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5043083 (Security Update) Important Elevation of Privilege 5041782
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20766
Yes 5043083
Windows 10 for x64-based Systems 5043083 (Security Update) Important Elevation of Privilege 5041782
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20766
Yes 5043083
Windows 10 Version 1607 for 32-bit Systems 5043051 (Security Update) Important Elevation of Privilege 5041773
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows 10 Version 1607 for x64-based Systems 5043051 (Security Update) Important Elevation of Privilege 5041773
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows 10 Version 1809 for 32-bit Systems 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows 10 Version 1809 for x64-based Systems 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5043064 (Security Update) Important Elevation of Privilege 5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4894
Yes 5043064
Windows 10 Version 21H2 for ARM64-based Systems 5043064 (Security Update) Important Elevation of Privilege 5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4894
Yes 5043064
Windows 10 Version 21H2 for x64-based Systems 5043064 (Security Update) Important Elevation of Privilege 5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4894
Yes 5043064
Windows 10 Version 22H2 for 32-bit Systems 5043064 (Security Update) Important Elevation of Privilege
5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4894
Yes 5043064
Windows 10 Version 22H2 for ARM64-based Systems 5043064 (Security Update) Important Elevation of Privilege
5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19041.4894
Yes 5043064
Windows 10 Version 22H2 for x64-based Systems 5043064 (Security Update) Important Elevation of Privilege
5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4894
Yes 5043064
Windows 11 version 21H2 for ARM64-based Systems 5043067 (Security Update) Important Elevation of Privilege 5041592
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3197
Yes 5043067
Windows 11 version 21H2 for x64-based Systems 5043067 (Security Update) Important Elevation of Privilege 5041592
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3197
Yes 5043067
Windows 11 Version 22H2 for ARM64-based Systems 5043076 (Security Update) Important Elevation of Privilege 5041585
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4169
Yes 5043076
Windows 11 Version 22H2 for x64-based Systems 5043076 (Security Update) Important Elevation of Privilege 5041585
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4169
Yes 5043076
Windows 11 Version 23H2 for ARM64-based Systems 5043076 (Security Update) Important Elevation of Privilege 5041585
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4169
Yes 5043076
Windows 11 Version 23H2 for x64-based Systems 5043076 (Security Update) Important Elevation of Privilege
5041585
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.4169
Yes 5043076
Windows 11 Version 24H2 for ARM64-based Systems 5043080 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.1742
Yes 5043080
Windows 11 Version 24H2 for x64-based Systems 5043080 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.1742
Yes 5043080
Windows Server 2016 5043051 (Security Update) Important Elevation of Privilege 5041773
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows Server 2016 (Server Core installation) 5043051 (Security Update) Important Elevation of Privilege 5041773
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows Server 2019 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows Server 2019 (Server Core installation) 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows Server 2022 5042881 (Security Update)
5042880 (SecurityHotpatchUpdate)
Important Elevation of Privilege 5041160
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2700

10.0.20348.2695
Yes 5042881
Windows Server 2022 (Server Core installation) 5042881 (Security Update)
5042880 (SecurityHotpatchUpdate)
Important Elevation of Privilege 5041160
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2700

10.0.20348.2695
Yes 5042881
Windows Server 2022, 23H2 Edition (Server Core installation) 5043055 (Security Update) Important Elevation of Privilege 5041573 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.1128 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-38241 Angelboy (@scwuaptx) with DEVCORE


CVE-2024-38242 - Kernel Streaming Service Driver Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-38242
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Kernel Streaming Service Driver Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?

The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.


What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    10-Sep-24    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-38242
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5043083 (Security Update) Important Elevation of Privilege 5041782
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20766
Yes 5043083
Windows 10 for x64-based Systems 5043083 (Security Update) Important Elevation of Privilege 5041782
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20766
Yes 5043083
Windows 10 Version 1607 for 32-bit Systems 5043051 (Security Update) Important Elevation of Privilege 5041773
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows 10 Version 1607 for x64-based Systems 5043051 (Security Update) Important Elevation of Privilege 5041773
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows 10 Version 1809 for 32-bit Systems 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows 10 Version 1809 for x64-based Systems 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5043064 (Security Update) Important Elevation of Privilege 5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4894
Yes 5043064
Windows 10 Version 21H2 for ARM64-based Systems 5043064 (Security Update) Important Elevation of Privilege 5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4894
Yes 5043064
Windows 10 Version 21H2 for x64-based Systems 5043064 (Security Update) Important Elevation of Privilege 5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4894
Yes 5043064
Windows 10 Version 22H2 for 32-bit Systems 5043064 (Security Update) Important Elevation of Privilege
5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4894
Yes 5043064
Windows 10 Version 22H2 for ARM64-based Systems 5043064 (Security Update) Important Elevation of Privilege
5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19041.4894
Yes 5043064
Windows 10 Version 22H2 for x64-based Systems 5043064 (Security Update) Important Elevation of Privilege
5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4894
Yes 5043064
Windows 11 version 21H2 for ARM64-based Systems 5043067 (Security Update) Important Elevation of Privilege 5041592
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3197
Yes 5043067
Windows 11 version 21H2 for x64-based Systems 5043067 (Security Update) Important Elevation of Privilege 5041592
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3197
Yes 5043067
Windows 11 Version 22H2 for ARM64-based Systems 5043076 (Security Update) Important Elevation of Privilege 5041585
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4169
Yes 5043076
Windows 11 Version 22H2 for x64-based Systems 5043076 (Security Update) Important Elevation of Privilege 5041585
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4169
Yes 5043076
Windows 11 Version 23H2 for ARM64-based Systems 5043076 (Security Update) Important Elevation of Privilege 5041585
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4169
Yes 5043076
Windows 11 Version 23H2 for x64-based Systems 5043076 (Security Update) Important Elevation of Privilege
5041585
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.4169
Yes 5043076
Windows 11 Version 24H2 for ARM64-based Systems 5043080 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.1742
Yes 5043080
Windows 11 Version 24H2 for x64-based Systems 5043080 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.1742
Yes 5043080
Windows Server 2016 5043051 (Security Update) Important Elevation of Privilege 5041773
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows Server 2016 (Server Core installation) 5043051 (Security Update) Important Elevation of Privilege 5041773
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows Server 2019 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows Server 2019 (Server Core installation) 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows Server 2022 5042881 (Security Update)
5042880 (SecurityHotpatchUpdate)
Important Elevation of Privilege 5041160
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2700

10.0.20348.2695
Yes 5042881
Windows Server 2022 (Server Core installation) 5042881 (Security Update)
5042880 (SecurityHotpatchUpdate)
Important Elevation of Privilege 5041160
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2700

10.0.20348.2695
Yes 5042881
Windows Server 2022, 23H2 Edition (Server Core installation) 5043055 (Security Update) Important Elevation of Privilege 5041573 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.1128 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-38242 Angelboy (@scwuaptx) with DEVCORE


CVE-2024-38249 - Windows Graphics Component Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-38249
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Graphics Component Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?

The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.


What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    10-Sep-24    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-38249
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5043083 (Security Update) Important Elevation of Privilege 5041782
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20766
Yes 5043083
Windows 10 for x64-based Systems 5043083 (Security Update) Important Elevation of Privilege 5041782
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20766
Yes 5043083
Windows 10 Version 1607 for 32-bit Systems 5043051 (Security Update) Important Elevation of Privilege 5041773
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows 10 Version 1607 for x64-based Systems 5043051 (Security Update) Important Elevation of Privilege 5041773
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows 10 Version 1809 for 32-bit Systems 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows 10 Version 1809 for x64-based Systems 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5043064 (Security Update) Important Elevation of Privilege 5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4894
Yes 5043064
Windows 10 Version 21H2 for ARM64-based Systems 5043064 (Security Update) Important Elevation of Privilege 5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4894
Yes 5043064
Windows 10 Version 21H2 for x64-based Systems 5043064 (Security Update) Important Elevation of Privilege 5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4894
Yes 5043064
Windows 10 Version 22H2 for 32-bit Systems 5043064 (Security Update) Important Elevation of Privilege
5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4894
Yes 5043064
Windows 10 Version 22H2 for ARM64-based Systems 5043064 (Security Update) Important Elevation of Privilege
5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19041.4894
Yes 5043064
Windows 10 Version 22H2 for x64-based Systems 5043064 (Security Update) Important Elevation of Privilege
5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4894
Yes 5043064
Windows 11 version 21H2 for ARM64-based Systems 5043067 (Security Update) Important Elevation of Privilege 5041592
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3197
Yes 5043067
Windows 11 version 21H2 for x64-based Systems 5043067 (Security Update) Important Elevation of Privilege 5041592
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3197
Yes 5043067
Windows 11 Version 22H2 for ARM64-based Systems 5043076 (Security Update) Important Elevation of Privilege 5041585
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4169
Yes 5043076
Windows 11 Version 22H2 for x64-based Systems 5043076 (Security Update) Important Elevation of Privilege 5041585
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4169
Yes 5043076
Windows 11 Version 23H2 for ARM64-based Systems 5043076 (Security Update) Important Elevation of Privilege 5041585
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4169
Yes 5043076
Windows 11 Version 23H2 for x64-based Systems 5043076 (Security Update) Important Elevation of Privilege
5041585
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.4169
Yes 5043076
Windows 11 Version 24H2 for ARM64-based Systems 5043080 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.1742
Yes 5043080
Windows 11 Version 24H2 for x64-based Systems 5043080 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.1742
Yes 5043080
Windows Server 2008 for 32-bit Systems Service Pack 2 5043135 (Monthly Rollup)
5043087 (Security Only)
Important Elevation of Privilege 5041850
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22870
Yes 5043135
5043087
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5043135 (Monthly Rollup)
5043087 (Security Only)
Important Elevation of Privilege 5041850
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22870
Yes 5043135
5043087
Windows Server 2008 for x64-based Systems Service Pack 2 5043135 (Monthly Rollup)
5043087 (Security Only)
Important Elevation of Privilege 5041850
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22870
Yes 5043135
5043087
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5043135 (Monthly Rollup)
5043087 (Security Only)
Important Elevation of Privilege 5041850
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22870
Yes 5043135
5043087
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5043129 (Monthly Rollup)
5043092 (Security Only)
Important Elevation of Privilege 5041838
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27320 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5043129 (Monthly Rollup)
5043092 (Security Only)
Important Elevation of Privilege 5041838
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27320 Yes None
Windows Server 2012 5043125 (Monthly Rollup) Important Elevation of Privilege 5041851 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.25073 Yes None
Windows Server 2012 (Server Core installation) 5043125 (Monthly Rollup) Important Elevation of Privilege 5041851 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.25073 Yes None
Windows Server 2012 R2 5043138 (Monthly Rollup) Important Elevation of Privilege 5041828 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22175 Yes None
Windows Server 2012 R2 (Server Core installation) 5043138 (Monthly Rollup) Important Elevation of Privilege 5041828 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22175 Yes None
Windows Server 2016 5043051 (Security Update) Important Elevation of Privilege 5041773
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows Server 2016 (Server Core installation) 5043051 (Security Update) Important Elevation of Privilege 5041773
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows Server 2019 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows Server 2019 (Server Core installation) 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows Server 2022 5042881 (Security Update)
5042880 (SecurityHotpatchUpdate)
Important Elevation of Privilege 5041160
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2700

10.0.20348.2695
Yes 5042881
Windows Server 2022 (Server Core installation) 5042881 (Security Update)
5042880 (SecurityHotpatchUpdate)
Important Elevation of Privilege 5041160
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2700

10.0.20348.2695
Yes 5042881
Windows Server 2022, 23H2 Edition (Server Core installation) 5043055 (Security Update) Important Elevation of Privilege 5041573 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.1128 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-38249 Marcin Wiazowski working with Trend Micro Zero Day Initiative


CVE-2024-38250 - Windows Graphics Component Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-38250
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Graphics Component Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    10-Sep-24    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-38250
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Office for Android Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.16827.2xxxxx Maybe None
Microsoft Office for Universal Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.14326.21xxxx Maybe None
Microsoft Office LTSC for Mac 2021 Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.89.24090815 Maybe None
Windows 10 for 32-bit Systems 5043083 (Security Update) Important Elevation of Privilege 5041782
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20766
Yes 5043083
Windows 10 for x64-based Systems 5043083 (Security Update) Important Elevation of Privilege 5041782
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20766
Yes 5043083
Windows 10 Version 1607 for 32-bit Systems 5043051 (Security Update) Important Elevation of Privilege 5041773
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows 10 Version 1607 for x64-based Systems 5043051 (Security Update) Important Elevation of Privilege 5041773
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows 10 Version 1809 for 32-bit Systems 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows 10 Version 1809 for x64-based Systems 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5043064 (Security Update) Important Elevation of Privilege 5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4894
Yes 5043064
Windows 10 Version 21H2 for ARM64-based Systems 5043064 (Security Update) Important Elevation of Privilege 5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4894
Yes 5043064
Windows 10 Version 21H2 for x64-based Systems 5043064 (Security Update) Important Elevation of Privilege 5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4894
Yes 5043064
Windows 10 Version 22H2 for 32-bit Systems 5043064 (Security Update) Important Elevation of Privilege
5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4894
Yes 5043064
Windows 10 Version 22H2 for ARM64-based Systems 5043064 (Security Update) Important Elevation of Privilege
5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19041.4894
Yes 5043064
Windows 10 Version 22H2 for x64-based Systems 5043064 (Security Update) Important Elevation of Privilege
5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4894
Yes 5043064
Windows 11 version 21H2 for ARM64-based Systems 5043067 (Security Update) Important Elevation of Privilege 5041592
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3197
Yes 5043067
Windows 11 version 21H2 for x64-based Systems 5043067 (Security Update) Important Elevation of Privilege 5041592
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3197
Yes 5043067
Windows 11 Version 22H2 for ARM64-based Systems 5043076 (Security Update) Important Elevation of Privilege 5041585
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4169
Yes 5043076
Windows 11 Version 22H2 for x64-based Systems 5043076 (Security Update) Important Elevation of Privilege 5041585
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4169
Yes 5043076
Windows 11 Version 23H2 for ARM64-based Systems 5043076 (Security Update) Important Elevation of Privilege 5041585
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4169
Yes 5043076
Windows 11 Version 23H2 for x64-based Systems 5043076 (Security Update) Important Elevation of Privilege
5041585
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.4169
Yes 5043076
Windows Server 2008 for 32-bit Systems Service Pack 2 5043135 (Monthly Rollup)
5043087 (Security Only)
Important Elevation of Privilege 5041850
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22870
Yes 5043135
5043087
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5043135 (Monthly Rollup)
5043087 (Security Only)
Important Elevation of Privilege 5041850
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22870
Yes 5043135
5043087
Windows Server 2008 for x64-based Systems Service Pack 2 5043135 (Monthly Rollup)
5043087 (Security Only)
Important Elevation of Privilege 5041850
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22870
Yes 5043135
5043087
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5043135 (Monthly Rollup)
5043087 (Security Only)
Important Elevation of Privilege 5041850
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22870
Yes 5043135
5043087
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5043129 (Monthly Rollup)
5043092 (Security Only)
Important Elevation of Privilege 5041838
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27320 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5043129 (Monthly Rollup)
5043092 (Security Only)
Important Elevation of Privilege 5041838
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27320 Yes None
Windows Server 2012 5043125 (Monthly Rollup) Important Elevation of Privilege 5041851 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.25073 Yes None
Windows Server 2012 (Server Core installation) 5043125 (Monthly Rollup) Important Elevation of Privilege 5041851 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.25073 Yes None
Windows Server 2012 R2 5043138 (Monthly Rollup) Important Elevation of Privilege 5041828 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22175 Yes None
Windows Server 2012 R2 (Server Core installation) 5043138 (Monthly Rollup) Important Elevation of Privilege 5041828 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22175 Yes None
Windows Server 2016 5043051 (Security Update) Important Elevation of Privilege 5041773
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows Server 2016 (Server Core installation) 5043051 (Security Update) Important Elevation of Privilege 5041773
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows Server 2019 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows Server 2019 (Server Core installation) 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows Server 2022 5042881 (Security Update)
5042880 (SecurityHotpatchUpdate)
Important Elevation of Privilege 5041160
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2700

10.0.20348.2695
Yes 5042881
Windows Server 2022 (Server Core installation) 5042881 (Security Update)
5042880 (SecurityHotpatchUpdate)
Important Elevation of Privilege 5041160
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2700

10.0.20348.2695
Yes 5042881
Windows Server 2022, 23H2 Edition (Server Core installation) 5043055 (Security Update) Important Elevation of Privilege 5041573 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.1128 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-38250 Cristi Dudescu


Cristi Dudescu


Cristi Dudescu


Cristi Dudescu


CVE-2024-38252 - Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-38252
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?

The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.


What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    10-Sep-24    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-38252
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 1607 for 32-bit Systems 5043051 (Security Update) Important Elevation of Privilege 5041773
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows 10 Version 1607 for x64-based Systems 5043051 (Security Update) Important Elevation of Privilege 5041773
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows 10 Version 1809 for 32-bit Systems 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows 10 Version 1809 for x64-based Systems 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5043064 (Security Update) Important Elevation of Privilege 5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4894
Yes 5043064
Windows 10 Version 21H2 for ARM64-based Systems 5043064 (Security Update) Important Elevation of Privilege 5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4894
Yes 5043064
Windows 10 Version 21H2 for x64-based Systems 5043064 (Security Update) Important Elevation of Privilege 5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4894
Yes 5043064
Windows 10 Version 22H2 for 32-bit Systems 5043064 (Security Update) Important Elevation of Privilege
5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4894
Yes 5043064
Windows 10 Version 22H2 for ARM64-based Systems 5043064 (Security Update) Important Elevation of Privilege
5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19041.4894
Yes 5043064
Windows 10 Version 22H2 for x64-based Systems 5043064 (Security Update) Important Elevation of Privilege
5041580
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4894
Yes 5043064
Windows 11 version 21H2 for ARM64-based Systems 5043067 (Security Update) Important Elevation of Privilege 5041592
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3197
Yes 5043067
Windows 11 version 21H2 for x64-based Systems 5043067 (Security Update) Important Elevation of Privilege 5041592
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3197
Yes 5043067
Windows 11 Version 22H2 for ARM64-based Systems 5043076 (Security Update) Important Elevation of Privilege 5041585
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4169
Yes 5043076
Windows 11 Version 22H2 for x64-based Systems 5043076 (Security Update) Important Elevation of Privilege 5041585
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4169
Yes 5043076
Windows 11 Version 23H2 for ARM64-based Systems 5043076 (Security Update) Important Elevation of Privilege 5041585
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4169
Yes 5043076
Windows 11 Version 23H2 for x64-based Systems 5043076 (Security Update) Important Elevation of Privilege
5041585
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.4169
Yes 5043076
Windows 11 Version 24H2 for ARM64-based Systems 5043080 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.1742
Yes 5043080
Windows 11 Version 24H2 for x64-based Systems 5043080 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.1742
Yes 5043080
Windows Server 2016 5043051 (Security Update) Important Elevation of Privilege 5041773
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows Server 2016 (Server Core installation) 5043051 (Security Update) Important Elevation of Privilege 5041773
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows Server 2019 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows Server 2019 (Server Core installation) 5043050 (Security Update) Important Elevation of Privilege 5041578 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows Server 2022 5042881 (Security Update)
5042880 (SecurityHotpatchUpdate)
Important Elevation of Privilege 5041160
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2700

10.0.20348.2695
Yes 5042881
Windows Server 2022 (Server Core installation) 5042881 (Security Update)
5042880 (SecurityHotpatchUpdate)
Important Elevation of Privilege 5041160
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2700

10.0.20348.2695
Yes 5042881
Windows Server 2022, 23H2 Edition (Server Core installation) 5043055 (Security Update) Important Elevation of Privilege 5041573 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.1128 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-38252 Benjamin Rodes with Microsoft CodeQL


George Hughey with MSRC Vulnerabilities & Mitigations


CVE-2024-38253 - Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-38253
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?

The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.


What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    10-Sep-24    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-38253
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 11 version 21H2 for ARM64-based Systems 5043067 (Security Update) Important Elevation of Privilege 5041592
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3197
Yes 5043067
Windows 11 version 21H2 for x64-based Systems 5043067 (Security Update) Important Elevation of Privilege 5041592
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3197
Yes 5043067
Windows 11 Version 22H2 for ARM64-based Systems 5043076 (Security Update) Important Elevation of Privilege 5041585
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4169
Yes 5043076
Windows 11 Version 22H2 for x64-based Systems 5043076 (Security Update) Important Elevation of Privilege 5041585
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4169
Yes 5043076
Windows 11 Version 23H2 for ARM64-based Systems 5043076 (Security Update) Important Elevation of Privilege 5041585
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4169
Yes 5043076
Windows 11 Version 23H2 for x64-based Systems 5043076 (Security Update) Important Elevation of Privilege
5041585
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.4169
Yes 5043076
Windows 11 Version 24H2 for ARM64-based Systems 5043080 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.1742
Yes 5043080
Windows 11 Version 24H2 for x64-based Systems 5043080 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.1742
Yes 5043080
Windows Server 2022, 23H2 Edition (Server Core installation) 5043055 (Security Update) Important Elevation of Privilege 5041573 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.1128 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-38253 George Hughey with MSRC Vulnerabilities & Mitigations


Rohit Mothe with MSRC Vulnerabilities & Mitigations


Benjamin Rodes with Microsoft CodeQL


Devin Jensen


CVE-2024-38254 - Windows Authentication Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-38254
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Authentication Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?

The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.


What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.


Mitigations:
None
Workarounds:
None
Revision:
1.0    10-Sep-24    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-38254
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5043083 (Security Update) Important Information Disclosure 5041782
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.10240.20766
Yes 5043083
Windows 10 for x64-based Systems 5043083 (Security Update) Important Information Disclosure 5041782
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.10240.20766
Yes 5043083
Windows 10 Version 1607 for 32-bit Systems 5043051 (Security Update) Important Information Disclosure 5041773
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows 10 Version 1607 for x64-based Systems 5043051 (Security Update) Important Information Disclosure 5041773
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.7336
Yes 5043051
Windows 10 Version 1809 for 32-bit Systems 5043050 (Security Update) Important Information Disclosure 5041578 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5043050 (Security Update) Important Information Disclosure 5041578 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows 10 Version 1809 for x64-based Systems 5043050 (Security Update) Important Information Disclosure 5041578 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.6293 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5043064 (Security Update) Important Information Disclosure 5041580