This report contains detail for the following vulnerabilities:
| CVE Issued by | Tag | CVE ID | CVE Title |
|---|---|---|---|
| Microsoft | .NET and Visual Studio | CVE-2024-30045 | .NET and Visual Studio Remote Code Execution Vulnerability |
| Microsoft | Azure Migrate | CVE-2024-30053 | Azure Migrate Cross-Site Scripting Vulnerability |
| Microsoft | Microsoft Bing | CVE-2024-30041 | Microsoft Bing Search Spoofing Vulnerability |
| Microsoft | Microsoft Brokering File System | CVE-2024-30007 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| Microsoft | Microsoft Dynamics 365 Customer Insights | CVE-2024-30048 | Dynamics 365 Customer Insights Spoofing Vulnerability |
| Microsoft | Microsoft Dynamics 365 Customer Insights | CVE-2024-30047 | Dynamics 365 Customer Insights Spoofing Vulnerability |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-4558 | Chromium: CVE-2024-4558 Use after free in ANGLE |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-4331 | Chromium: CVE-2024-4331 Use after free in Picture In Picture |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-4671 | Chromium: CVE-2024-4671 Use after free in Visuals |
| Microsoft | Microsoft Edge (Chromium-based) | CVE-2024-30055 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-4368 | Chromium: CVE-2024-4368 Use after free in Dawn |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-4559 | Chromium: CVE-2024-4559 Heap buffer overflow in WebAudio |
| Microsoft | Microsoft Intune | CVE-2024-30059 | Microsoft Intune for Android Mobile Application Management Tampering Vulnerability |
| Microsoft | Microsoft Office Excel | CVE-2024-30042 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office SharePoint | CVE-2024-30044 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office SharePoint | CVE-2024-30043 | Microsoft SharePoint Server Information Disclosure Vulnerability |
| Microsoft | Microsoft WDAC OLE DB provider for SQL | CVE-2024-30006 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft Windows SCSI Class System File | CVE-2024-29994 | Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability |
| Microsoft | Microsoft Windows Search Component | CVE-2024-30033 | Windows Search Service Elevation of Privilege Vulnerability |
| Microsoft | Power BI | CVE-2024-30054 | Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability |
| Microsoft | Visual Studio | CVE-2024-30046 | Visual Studio Denial of Service Vulnerability |
| Github | Visual Studio | CVE-2024-32004 | GitHub: CVE-2024-32004 Remote Code Execution while cloning special-crafted local repositories |
| Github | Visual Studio | CVE-2024-32002 | CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution |
| Microsoft | Windows Cloud Files Mini Filter Driver | CVE-2024-30034 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability |
| Microsoft | Windows CNG Key Isolation Service | CVE-2024-30031 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability |
| Microsoft | Windows Common Log File System Driver | CVE-2024-29996 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows Common Log File System Driver | CVE-2024-30037 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows Common Log File System Driver | CVE-2024-30025 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows Cryptographic Services | CVE-2024-30020 | Windows Cryptographic Services Remote Code Execution Vulnerability |
| Microsoft | Windows Cryptographic Services | CVE-2024-30016 | Windows Cryptographic Services Information Disclosure Vulnerability |
| Microsoft | Windows Deployment Services | CVE-2024-30036 | Windows Deployment Services Information Disclosure Vulnerability |
| Microsoft | Windows DHCP Server | CVE-2024-30019 | DHCP Server Service Denial of Service Vulnerability |
| Microsoft | Windows DWM Core Library | CVE-2024-30008 | Windows DWM Core Library Information Disclosure Vulnerability |
| Microsoft | Windows DWM Core Library | CVE-2024-30051 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| Microsoft | Windows DWM Core Library | CVE-2024-30035 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| Microsoft | Windows DWM Core Library | CVE-2024-30032 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| Microsoft | Windows Hyper-V | CVE-2024-30011 | Windows Hyper-V Denial of Service Vulnerability |
| Microsoft | Windows Hyper-V | CVE-2024-30017 | Windows Hyper-V Remote Code Execution Vulnerability |
| Microsoft | Windows Hyper-V | CVE-2024-30010 | Windows Hyper-V Remote Code Execution Vulnerability |
| Microsoft | Windows Kernel | CVE-2024-30018 | Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft | Windows Mark of the Web (MOTW) | CVE-2024-30050 | Windows Mark of the Web Security Feature Bypass Vulnerability |
| Microsoft | Windows Mobile Broadband | CVE-2024-30002 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| Microsoft | Windows Mobile Broadband | CVE-2024-29997 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| Microsoft | Windows Mobile Broadband | CVE-2024-30003 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| Microsoft | Windows Mobile Broadband | CVE-2024-30012 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| Microsoft | Windows Mobile Broadband | CVE-2024-29999 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| Microsoft | Windows Mobile Broadband | CVE-2024-29998 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| Microsoft | Windows Mobile Broadband | CVE-2024-30000 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| Microsoft | Windows Mobile Broadband | CVE-2024-30005 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| Microsoft | Windows Mobile Broadband | CVE-2024-30004 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| Microsoft | Windows Mobile Broadband | CVE-2024-30021 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| Microsoft | Windows Mobile Broadband | CVE-2024-30001 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| Microsoft | Windows MSHTML Platform | CVE-2024-30040 | Windows MSHTML Platform Security Feature Bypass Vulnerability |
| Microsoft | Windows NTFS | CVE-2024-30027 | NTFS Elevation of Privilege Vulnerability |
| Microsoft | Windows Remote Access Connection Manager | CVE-2024-30039 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-30009 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-30024 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-30015 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-30029 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-30023 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-30014 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-30022 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| Microsoft | Windows Task Scheduler | CVE-2024-26238 | Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability |
| Microsoft | Windows Win32K - GRFX | CVE-2024-30030 | Win32k Elevation of Privilege Vulnerability |
| Microsoft | Windows Win32K - ICOMP | CVE-2024-30038 | Win32k Elevation of Privilege Vulnerability |
| Microsoft | Windows Win32K - ICOMP | CVE-2024-30049 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| Microsoft | Windows Win32K - ICOMP | CVE-2024-30028 | Win32k Elevation of Privilege Vulnerability |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-32002
MITRE NVD Issuing CNA: Github |
CVE Title: CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution
CVSS: CVSS:3.1 Highest BaseScore:9.0/TemporalScore:7.8
Executive Summary: None FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in MinGit software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-32002 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.9.62 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-32002 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-29996
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-29996 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5037788 (Security Update) | Important | Elevation of Privilege | 5036925 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 for x64-based Systems | 5037788 (Security Update) | Important | Elevation of Privilege | 5036925 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Elevation of Privilege | 5036967 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Elevation of Privilege | 5036967 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2012 | 5037778 (Monthly Rollup) | Important | Elevation of Privilege | 5036969 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5037778 (Monthly Rollup) | Important | Elevation of Privilege | 5036969 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 R2 | 5037823 (Monthly Rollup) | Important | Elevation of Privilege | 5036960 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5037823 (Monthly Rollup) | Important | Elevation of Privilege | 5036960 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2016 | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Elevation of Privilege | 5036910 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-29996 | Seunghoe Kim and Daejin Lee of S2W Inc. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-29997
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-29997 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2019 | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Remote Code Execution | 5036910 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-29997 | B1aN |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-29998
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-29998 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2019 | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Remote Code Execution | 5036910 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-29998 | B1aN |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-29999
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-29999 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2019 | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Remote Code Execution | 5036910 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-29999 | B1aN |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30000
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30000 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2019 | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Remote Code Execution | 5036910 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30000 | B1aN |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30001
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30001 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2019 | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Remote Code Execution | 5036910 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30001 | B1aN |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30002
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30002 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2019 | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Remote Code Execution | 5036910 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30002 | B1aN |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30003
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30003 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2019 | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Remote Code Execution | 5036910 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30003 | B1aN |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30004
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30004 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2019 | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Remote Code Execution | 5036910 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30004 | B1aN |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30005
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30005 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2019 | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Remote Code Execution | 5036910 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30005 | B1aN |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30006
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable). According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30006 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5037788 (Security Update) | Important | Remote Code Execution | 5036925 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 for x64-based Systems | 5037788 (Security Update) | Important | Remote Code Execution | 5036925 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Remote Code Execution | 5036967 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Remote Code Execution | 5036967 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2012 | 5037778 (Monthly Rollup) | Important | Remote Code Execution | 5036969 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5037778 (Monthly Rollup) | Important | Remote Code Execution | 5036969 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 R2 | 5037823 (Monthly Rollup) | Important | Remote Code Execution | 5036960 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5037823 (Monthly Rollup) | Important | Remote Code Execution | 5036960 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2016 | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Remote Code Execution | 5036910 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30006 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30007
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Brokering File System Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could potentially gain the ability to authenticate against a remote host using the current user’s credentials. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by taking advantage of a security oversight in the driver’s management of network path validations, which could circumvent the established security protocols designed to safeguard user credentials during application interactions with remote hosts. This could potentially grant unauthorized access to network resources and facilitate the execution of unauthorized actions under the assumed identity of a legitimate user. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30007 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Elevation of Privilege | 5036910 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30007 | Naceri with MSRC Vulnerabilities & Mitigations |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30008
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows DWM Core Library Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30008 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5037788 (Security Update) | Important | Information Disclosure | 5036925 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 for x64-based Systems | 5037788 (Security Update) | Important | Information Disclosure | 5036925 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5037763 (Security Update) | Important | Information Disclosure | 5036899 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5037763 (Security Update) | Important | Information Disclosure | 5036899 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Information Disclosure | 5036896 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Information Disclosure | 5036896 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Information Disclosure | 5036896 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Information Disclosure | 5036892 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Information Disclosure | 5036892 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Information Disclosure | 5036892 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Information Disclosure | 5036892 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Information Disclosure | 5036892 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Information Disclosure | 5036892 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Information Disclosure | 5036894 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Information Disclosure | 5036894 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Information Disclosure | 5036893 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Information Disclosure | 5036893 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Information Disclosure | 5036893 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Information Disclosure | 5036893 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2016 | 5037763 (Security Update) | Important | Information Disclosure | 5036899 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Information Disclosure | 5036899 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Information Disclosure | 5036896 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Information Disclosure | 5036896 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Information Disclosure | 5036909 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Information Disclosure | 5036909 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Information Disclosure | 5036910 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30008 | Zhang WangJunJie, He YiSheng with Hillstone Network Security Research Institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30009
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30009 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5037788 (Security Update) | Important | Remote Code Execution | 5036925 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 for x64-based Systems | 5037788 (Security Update) | Important | Remote Code Execution | 5036925 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Remote Code Execution | 5036967 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Remote Code Execution | 5036967 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2012 | 5037778 (Monthly Rollup) | Important | Remote Code Execution | 5036969 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5037778 (Monthly Rollup) | Important | Remote Code Execution | 5036969 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 R2 | 5037823 (Monthly Rollup) | Important | Remote Code Execution | 5036960 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5037823 (Monthly Rollup) | Important | Remote Code Execution | 5036960 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2016 | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Remote Code Execution | 5036910 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30009 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30010
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Hyper-V Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker must be authenticated to be able to exploit this vulnerability. How would an attacker exploit this vulnerability? An attacker who successfully exploited this vulnerability could send malformed packets to Hyper-V Replica endpoints on the host from a remote machine. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30010 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2012 | 5037778 (Monthly Rollup) | Important | Remote Code Execution | 5036969 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5037778 (Monthly Rollup) | Important | Remote Code Execution | 5036969 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 R2 | 5037823 (Monthly Rollup) | Important | Remote Code Execution | 5036960 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5037823 (Monthly Rollup) | Important | Remote Code Execution | 5036960 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2016 | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Remote Code Execution | 5036910 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30010 | ziming zhang with Ant Security Light-Year Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30011
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Hyper-V Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30011 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2012 | 5037778 (Monthly Rollup) | Important | Denial of Service | 5036969 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5037778 (Monthly Rollup) | Important | Denial of Service | 5036969 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 R2 | 5037823 (Monthly Rollup) | Important | Denial of Service | 5036960 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5037823 (Monthly Rollup) | Important | Denial of Service | 5036960 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2016 | 5037763 (Security Update) | Important | Denial of Service | 5036899 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Denial of Service | 5036899 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Denial of Service | 5036896 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Denial of Service | 5036896 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5036909 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5036909 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Denial of Service | 5036910 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30011 | ziming zhang with Ant Security Light-Year Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30012
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30012 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2019 | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Remote Code Execution | 5036910 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30012 | B1aN |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30014
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.6
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30014 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5037788 (Security Update) | Important | Remote Code Execution | 5036925 | Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 for x64-based Systems | 5037788 (Security Update) | Important | Remote Code Execution | 5036925 | Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Remote Code Execution | 5036967 |
Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Remote Code Execution | 5036967 |
Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2012 | 5037778 (Monthly Rollup) | Important | Remote Code Execution | 5036969 | Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5037778 (Monthly Rollup) | Important | Remote Code Execution | 5036969 | Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 R2 | 5037823 (Monthly Rollup) | Important | Remote Code Execution | 5036960 | Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5037823 (Monthly Rollup) | Important | Remote Code Execution | 5036960 | Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2016 | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Remote Code Execution | 5036910 | Base: 7.5 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30014 | Anonymous QingHe Xie and FangMing Gu |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30015
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30015 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5037788 (Security Update) | Important | Remote Code Execution | 5036925 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 for x64-based Systems | 5037788 (Security Update) | Important | Remote Code Execution | 5036925 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Remote Code Execution | 5036967 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Remote Code Execution | 5036967 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2012 | 5037778 (Monthly Rollup) | Important | Remote Code Execution | 5036969 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5037778 (Monthly Rollup) | Important | Remote Code Execution | 5036969 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 R2 | 5037823 (Monthly Rollup) | Important | Remote Code Execution | 5036960 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5037823 (Monthly Rollup) | Important | Remote Code Execution | 5036960 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2016 | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Remote Code Execution | 5036910 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30015 | Anonymous Qinghe Xie Fangming Gu |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30016
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Cryptographic Services Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? For successful exploitation, a locally authenticated attacker needs to send a specially crafted request to the cryptography provider's vulnerable function. What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30016 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5037788 (Security Update) | Important | Information Disclosure | 5036925 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 for x64-based Systems | 5037788 (Security Update) | Important | Information Disclosure | 5036925 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5037763 (Security Update) | Important | Information Disclosure | 5036899 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5037763 (Security Update) | Important | Information Disclosure | 5036899 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Information Disclosure | 5036896 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Information Disclosure | 5036896 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Information Disclosure | 5036896 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Information Disclosure | 5036892 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Information Disclosure | 5036892 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Information Disclosure | 5036892 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Information Disclosure | 5036892 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Information Disclosure | 5036892 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Information Disclosure | 5036892 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Information Disclosure | 5036894 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Information Disclosure | 5036894 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Information Disclosure | 5036893 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Information Disclosure | 5036893 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Information Disclosure | 5036893 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Information Disclosure | 5036893 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Information Disclosure | 5036932 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Information Disclosure | 5036932 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Information Disclosure | 5036932 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Information Disclosure | 5036932 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Information Disclosure | 5036967 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Information Disclosure | 5036967 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2012 | 5037778 (Monthly Rollup) | Important | Information Disclosure | 5036969 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5037778 (Monthly Rollup) | Important | Information Disclosure | 5036969 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 R2 | 5037823 (Monthly Rollup) | Important | Information Disclosure | 5036960 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5037823 (Monthly Rollup) | Important | Information Disclosure | 5036960 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2016 | 5037763 (Security Update) | Important | Information Disclosure | 5036899 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Information Disclosure | 5036899 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Information Disclosure | 5036896 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Information Disclosure | 5036896 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Information Disclosure | 5036909 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Information Disclosure | 5036909 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Information Disclosure | 5036910 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30016 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30017
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Hyper-V Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker must be authenticated to be able to exploit this vulnerability. How would an attacker exploit this vulnerability? This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30017 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for x64-based Systems | 5037788 (Security Update) | Important | Remote Code Execution | 5036925 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2016 | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Remote Code Execution | 5036910 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30017 | ziming zhang with Ant Security Light-Year Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30018
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30018 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2019 | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Elevation of Privilege | 5036910 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30018 | Naceri with MSRC Vulnerabilities & Mitigations |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30019
MITRE NVD Issuing CNA: Microsoft |
CVE Title: DHCP Server Service Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30019 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Denial of Service | 5036932 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Denial of Service | 5036932 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Denial of Service | 5036932 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Denial of Service | 5036932 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Denial of Service | 5036967 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Denial of Service | 5036967 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2012 | 5037778 (Monthly Rollup) | Important | Denial of Service | 5036969 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5037778 (Monthly Rollup) | Important | Denial of Service | 5036969 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 R2 | 5037823 (Monthly Rollup) | Important | Denial of Service | 5036960 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5037823 (Monthly Rollup) | Important | Denial of Service | 5036960 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2016 | 5037763 (Security Update) | Important | Denial of Service | 5036899 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Denial of Service | 5036899 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Denial of Service | 5036896 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Denial of Service | 5036896 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5036909 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5036909 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Denial of Service | 5036910 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30019 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30020
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Cryptographic Services Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack. How could an attacker exploit this vulnerability? For successful exploitation, a malicious certificate needs to be imported on an affected system. An attacker could upload a certificate to a service that processes or imports certificates, or an attacker could convince an authenticated user to import a certificate on their system. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30020 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5037788 (Security Update) | Important | Remote Code Execution | 5036925 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 for x64-based Systems | 5037788 (Security Update) | Important | Remote Code Execution | 5036925 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Remote Code Execution | 5036967 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Remote Code Execution | 5036967 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2012 | 5037778 (Monthly Rollup) | Important | Remote Code Execution | 5036969 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5037778 (Monthly Rollup) | Important | Remote Code Execution | 5036969 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 R2 | 5037823 (Monthly Rollup) | Important | Remote Code Execution | 5036960 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5037823 (Monthly Rollup) | Important | Remote Code Execution | 5036960 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2016 | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Remote Code Execution | 5036910 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30020 | Erik Egsgard with Field Effect Software |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30021
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30021 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2019 | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Remote Code Execution | 5036910 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30021 | B1aN |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30022
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30022 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5037788 (Security Update) | Important | Remote Code Execution | 5036925 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 for x64-based Systems | 5037788 (Security Update) | Important | Remote Code Execution | 5036925 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Remote Code Execution | 5036967 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Remote Code Execution | 5036967 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2012 | 5037778 (Monthly Rollup) | Important | Remote Code Execution | 5036969 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5037778 (Monthly Rollup) | Important | Remote Code Execution | 5036969 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 R2 | 5037823 (Monthly Rollup) | Important | Remote Code Execution | 5036960 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5037823 (Monthly Rollup) | Important | Remote Code Execution | 5036960 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2016 | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Remote Code Execution | 5036910 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30022 | QingHe Xie FangMing Gu Anonymous Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30023
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30023 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5037788 (Security Update) | Important | Remote Code Execution | 5036925 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 for x64-based Systems | 5037788 (Security Update) | Important | Remote Code Execution | 5036925 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Remote Code Execution | 5036967 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Remote Code Execution | 5036967 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2012 | 5037778 (Monthly Rollup) | Important | Remote Code Execution | 5036969 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5037778 (Monthly Rollup) | Important | Remote Code Execution | 5036969 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 R2 | 5037823 (Monthly Rollup) | Important | Remote Code Execution | 5036960 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5037823 (Monthly Rollup) | Important | Remote Code Execution | 5036960 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2016 | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Remote Code Execution | 5036910 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30023 | Anonymous Qinghe Xie Fangming Gu |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30044
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? An authenticated attacker with Site Owner permission can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server. How could an attacker exploit the vulnerability? An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted Sharepoint Server and craft specialized API requests to trigger deserialization of file's parameters. This would enable the attacker to perform remote code execution in the context of the Sharepoint Server. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30044 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SharePoint Enterprise Server 2016 | 5002598 (Security Update) | Critical | Remote Code Execution | 5002583 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5448.1000 | Maybe | None |
| Microsoft SharePoint Server 2019 | 5002596 (Security Update) | Critical | Remote Code Execution | 5002580 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10409.20047 | Maybe | None |
| Microsoft SharePoint Server Subscription Edition | 5002599 (Security Update) | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.17328.20292 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-30044 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30050
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mark of the Web Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.4/TemporalScore:5.0
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L) and some loss of availability (A:L). What does that mean for this vulnerability? An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker could host a file on an attacker-controlled server, then convince a targeted user to download and open the file. This could allow the attacker to interfere with the Mark of the Web functionality. Please see Additional information about Mark of the Web for further clarification Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Moderate | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30050 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5037788 (Security Update) | Moderate | Security Feature Bypass | 5036925 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 for x64-based Systems | 5037788 (Security Update) | Moderate | Security Feature Bypass | 5036925 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5037763 (Security Update) | Moderate | Security Feature Bypass | 5036899 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5037763 (Security Update) | Moderate | Security Feature Bypass | 5036899 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Moderate | Security Feature Bypass | 5036896 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Moderate | Security Feature Bypass | 5036896 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Moderate | Security Feature Bypass | 5036896 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Moderate | Security Feature Bypass | 5036892 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Moderate | Security Feature Bypass | 5036892 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Moderate | Security Feature Bypass | 5036892 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Moderate | Security Feature Bypass | 5036892 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Moderate | Security Feature Bypass | 5036892 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Moderate | Security Feature Bypass | 5036892 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Moderate | Security Feature Bypass | 5036894 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Moderate | Security Feature Bypass | 5036894 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Moderate | Security Feature Bypass | 5036893 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Moderate | Security Feature Bypass | 5036893 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Moderate | Security Feature Bypass | 5036893 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Moderate | Security Feature Bypass | 5036893 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Moderate | Security Feature Bypass | 5036932 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Moderate | Security Feature Bypass | 5036932 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Moderate | Security Feature Bypass | 5036932 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Moderate | Security Feature Bypass | 5036932 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Moderate | Security Feature Bypass | 5036967 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Moderate | Security Feature Bypass | 5036967 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2012 | 5037778 (Monthly Rollup) | Moderate | Security Feature Bypass | 5036969 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5037778 (Monthly Rollup) | Moderate | Security Feature Bypass | 5036969 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 R2 | 5037823 (Monthly Rollup) | Moderate | Security Feature Bypass | 5036960 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5037823 (Monthly Rollup) | Moderate | Security Feature Bypass | 5036960 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2016 | 5037763 (Security Update) | Moderate | Security Feature Bypass | 5036899 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Moderate | Security Feature Bypass | 5036899 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Moderate | Security Feature Bypass | 5036896 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Moderate | Security Feature Bypass | 5036896 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Moderate | Security Feature Bypass | 5036909 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Moderate | Security Feature Bypass | 5036909 |
Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Moderate | Security Feature Bypass | 5036910 | Base: 5.4 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30050 | dwbzn with Aura Information Security |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30053
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure Migrate Cross-Site Scripting Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.9
Executive Summary: None FAQ: What actions do customers need to take to protect themselves from this vulnerability? The vulnerability has been mitigated by the latest change to the Azure Migrate Appliance. See here for information on how to ensure your Azure Migrate Appliance can get the latest Azure Migrate Agent and ConfigManager updates. According to the CVSS metric, the attack vector is Network (AV:N), the attack complexity is Low (AC:L) and the privileges required is None (PR:L). What does this mean for this vulnerability? An authenticated attacker could store a malicious JavaScript code in a parameter. This payload would get stored and execute a Stores-XSS when the webpage is rendered. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30053 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Migrate | Release Notes (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
6.1.294.1008 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-30053 | Andrea Piazza |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30059
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Intune for Android Mobile Application Management Tampering Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.1/TemporalScore:5.8
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker requires access to a rooted target device and must disable certain components of the Intune Mobile Application Manager which do not fully impact availability. An attacker could then gain access to sensitive files based on the targeted device's privileges but does not provide the ability to alter data. How do I know if I am affected by this vulnerability? Customers using Microsoft Intune Mobile Application Management features enabled by the Intune App SDK for Android are affected by this vulnerability. Customers who do not have auto-updates enabled need to update the Intune Company Portal to version 5.0.6215.0 or higher to be protected from this vulnerability. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Tampering | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Unlikely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30059 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Intune Mobile Application Management for Android | Release Notes (Security Update) | Important | Tampering | None | Base: 6.1 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:H/RL:O/RC:C |
5.0.6215.0 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-30059 | Gee Sung with Aon |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-4558
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-4558 Use after free in ANGLE
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 10-May-24 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-4558 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
124.0.2478.97 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-4558 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-4559
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-4559 Heap buffer overflow in WebAudio
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 10-May-24 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-4559 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
124.0.2478.97 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-4559 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-30055
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.4/TemporalScore:4.7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability? Limited information from the victim's browser associated with the vulnerable URL can be sent to the attacker by the malicious code. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.
Mitigations: None Workarounds: None Revision: 1.0 10-May-24 Information published. |
Low | Spoofing | ||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30055 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Low | Spoofing | None | Base: 5.4 Temporal: 4.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C |
124.0.2478.97 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-30055 | Om Apip with ITSEC Asia cloud |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-4671
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-4671 Use after free in Visuals
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2024-4671 exists in the wild. FAQ:
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 10-May-24 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-4671 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
124.0.2478.97 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-4671 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-26238
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. How do I protect myself from this vulnerability? Customers running Windows 10 version 2004 through 20H2 need to have KB 5001716 installed to be protected from this vulnerability. This update will be downloaded and installed automatically from Windows update on all in-support versions of Windows 10. It is also offered to Windows Update Client for some devices that have not installed the most recent updates. If you are running a version of Windows10 that has reached the end of its support lifecycle, or if you have not installed the latest updates in Settings select Windows Update and install KB5001716 if it is listed as available for you to install. Note that it is crucial to install the latest version of Windows to continue receiving security fixes. When installed, update KB5001716 may prompt feature updates to ensure device security and functionality or display a notification informing of the problems. See (KB5001716: Update for Windows Update Service components - Microsoft Support) for more details Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-26238 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| CVE ID | Acknowledgements |
| CVE-2024-26238 | Guillaume André with Synacktiv |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-29994
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-29994 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2019 | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Elevation of Privilege | 5036910 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-29994 | Wen of KunlunLab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30024
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30024 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5037788 (Security Update) | Important | Remote Code Execution | 5036925 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 for x64-based Systems | 5037788 (Security Update) | Important | Remote Code Execution | 5036925 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Remote Code Execution | 5036967 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Remote Code Execution | 5036967 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2012 | 5037778 (Monthly Rollup) | Important | Remote Code Execution | 5036969 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5037778 (Monthly Rollup) | Important | Remote Code Execution | 5036969 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 R2 | 5037823 (Monthly Rollup) | Important | Remote Code Execution | 5036960 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5037823 (Monthly Rollup) | Important | Remote Code Execution | 5036960 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2016 | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Remote Code Execution | 5036910 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30024 | Anonymous Qinghe Xie Fangming Gu |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30025
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30025 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5037788 (Security Update) | Important | Elevation of Privilege | 5036925 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 for x64-based Systems | 5037788 (Security Update) | Important | Elevation of Privilege | 5036925 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Elevation of Privilege | 5036967 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Elevation of Privilege | 5036967 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2012 | 5037778 (Monthly Rollup) | Important | Elevation of Privilege | 5036969 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5037778 (Monthly Rollup) | Important | Elevation of Privilege | 5036969 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 R2 | 5037823 (Monthly Rollup) | Important | Elevation of Privilege | 5036960 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5037823 (Monthly Rollup) | Important | Elevation of Privilege | 5036960 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2016 | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Elevation of Privilege | 5036910 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30025 | Tianyao Xu(@sat0rn3) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30027
MITRE NVD Issuing CNA: Microsoft |
CVE Title: NTFS Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30027 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5037788 (Security Update) | Important | Elevation of Privilege | 5036925 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 for x64-based Systems | 5037788 (Security Update) | Important | Elevation of Privilege | 5036925 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Elevation of Privilege | 5036967 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Elevation of Privilege | 5036967 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2012 | 5037778 (Monthly Rollup) | Important | Elevation of Privilege | 5036969 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5037778 (Monthly Rollup) | Important | Elevation of Privilege | 5036969 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 R2 | 5037823 (Monthly Rollup) | Important | Elevation of Privilege | 5036960 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5037823 (Monthly Rollup) | Important | Elevation of Privilege | 5036960 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2016 | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Elevation of Privilege | 5036910 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30027 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30028
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30028 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5037788 (Security Update) | Important | Elevation of Privilege | 5036925 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 for x64-based Systems | 5037788 (Security Update) | Important | Elevation of Privilege | 5036925 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Elevation of Privilege | 5036967 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Elevation of Privilege | 5036967 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2012 | 5037778 (Monthly Rollup) | Important | Elevation of Privilege | 5036969 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5037778 (Monthly Rollup) | Important | Elevation of Privilege | 5036969 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 R2 | 5037823 (Monthly Rollup) | Important | Elevation of Privilege | 5036960 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5037823 (Monthly Rollup) | Important | Elevation of Privilege | 5036960 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2016 | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Elevation of Privilege | 5036910 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30028 | Guopengfei from Codesafe Team of Legendsec at Qi'anxin Group |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30029
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30029 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5037788 (Security Update) | Important | Remote Code Execution | 5036925 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 for x64-based Systems | 5037788 (Security Update) | Important | Remote Code Execution | 5036925 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Remote Code Execution | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Remote Code Execution | 5036894 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Remote Code Execution | 5036893 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Remote Code Execution | 5036932 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Remote Code Execution | 5036967 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Remote Code Execution | 5036967 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2012 | 5037778 (Monthly Rollup) | Important | Remote Code Execution | 5036969 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5037778 (Monthly Rollup) | Important | Remote Code Execution | 5036969 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 R2 | 5037823 (Monthly Rollup) | Important | Remote Code Execution | 5036960 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5037823 (Monthly Rollup) | Important | Remote Code Execution | 5036960 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2016 | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Remote Code Execution | 5036899 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Remote Code Execution | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5036909 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Remote Code Execution | 5036910 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30029 | Qinghe Xie Fangming Gu Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30030
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, privileges required is Low (PR:L). What does that mean for this vulnerability? To exploit this vulnerability an attacker must have an account with the User role assigned. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30030 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Elevation of Privilege | 5036967 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Elevation of Privilege | 5036967 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30030 | Bryan Gonzalez from Ocelot Team & Metabase Q |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30031
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30031 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5037788 (Security Update) | Important | Elevation of Privilege | 5036925 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 for x64-based Systems | 5037788 (Security Update) | Important | Elevation of Privilege | 5036925 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Elevation of Privilege | 5036967 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Elevation of Privilege | 5036967 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2012 | 5037778 (Monthly Rollup) | Important | Elevation of Privilege | 5036969 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5037778 (Monthly Rollup) | Important | Elevation of Privilege | 5036969 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 R2 | 5037823 (Monthly Rollup) | Important | Elevation of Privilege | 5036960 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5037823 (Monthly Rollup) | Important | Elevation of Privilege | 5036960 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2016 | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Elevation of Privilege | 5036910 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30031 | Microsoft Offensive Research & Security Engineering |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30032
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows DWM Core Library Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30032 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5037788 (Security Update) | Important | Elevation of Privilege | 5036925 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 for x64-based Systems | 5037788 (Security Update) | Important | Elevation of Privilege | 5036925 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2016 | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Elevation of Privilege | 5036910 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30032 | Zhang WangJunJie, He YiSheng with Hillstone Network Security Research Institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30033
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Search Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30033 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| CVE ID | Acknowledgements |
| CVE-2024-30033 | HeeChan Kim (@heegong123) of THEORI working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30034
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain kernel memory content. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30034 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Information Disclosure | 5036896 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Information Disclosure | 5036896 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Information Disclosure | 5036896 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Information Disclosure | 5036892 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Information Disclosure | 5036892 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Information Disclosure | 5036892 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Information Disclosure | 5036892 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Information Disclosure | 5036892 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Information Disclosure | 5036892 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Information Disclosure | 5036894 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Information Disclosure | 5036894 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Information Disclosure | 5036893 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Information Disclosure | 5036893 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Information Disclosure | 5036893 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Information Disclosure | 5036893 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2019 | 5037765 (Security Update) | Important | Information Disclosure | 5036896 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Information Disclosure | 5036896 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Information Disclosure | 5036909 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Information Disclosure | 5036909 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Information Disclosure | 5036910 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30034 | Wei Lei and Sergey Kornienko (@b1thvn_) of PixiePoint Security working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30035
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows DWM Core Library Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30035 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2019 | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Elevation of Privilege | 5036910 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30035 | Zhang WangJunJie, He YiSheng with Hillstone Network Security Research Institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30036
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Deployment Services Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30036 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Information Disclosure | 5036932 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Information Disclosure | 5036932 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Information Disclosure | 5036932 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Information Disclosure | 5036932 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Information Disclosure | 5036967 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Information Disclosure | 5036967 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2012 | 5037778 (Monthly Rollup) | Important | Information Disclosure | 5036969 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5037778 (Monthly Rollup) | Important | Information Disclosure | 5036969 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 R2 | 5037823 (Monthly Rollup) | Important | Information Disclosure | 5036960 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5037823 (Monthly Rollup) | Important | Information Disclosure | 5036960 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2016 | 5037763 (Security Update) | Important | Information Disclosure | 5036899 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Information Disclosure | 5036899 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Information Disclosure | 5036896 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Information Disclosure | 5036896 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Information Disclosure | 5036909 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Information Disclosure | 5036909 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| CVE ID | Acknowledgements |
| CVE-2024-30036 | ziming zhang with Ant Security Light-Year Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30037
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30037 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5037788 (Security Update) | Important | Elevation of Privilege | 5036925 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 for x64-based Systems | 5037788 (Security Update) | Important | Elevation of Privilege | 5036925 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Elevation of Privilege | 5036967 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Elevation of Privilege | 5036967 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2012 | 5037778 (Monthly Rollup) | Important | Elevation of Privilege | 5036969 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5037778 (Monthly Rollup) | Important | Elevation of Privilege | 5036969 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 R2 | 5037823 (Monthly Rollup) | Important | Elevation of Privilege | 5036960 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5037823 (Monthly Rollup) | Important | Elevation of Privilege | 5036960 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2016 | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Elevation of Privilege | 5036910 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30037 | HackInside (Yongil Lee, Ingyu Tae, Louis Hur) working with Trend Micro Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30038
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30038 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5037788 (Security Update) | Important | Elevation of Privilege | 5036925 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 for x64-based Systems | 5037788 (Security Update) | Important | Elevation of Privilege | 5036925 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2012 | 5037778 (Monthly Rollup) | Important | Elevation of Privilege | 5036969 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5037778 (Monthly Rollup) | Important | Elevation of Privilege | 5036969 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 R2 | 5037823 (Monthly Rollup) | Important | Elevation of Privilege | 5036960 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5037823 (Monthly Rollup) | Important | Elevation of Privilege | 5036960 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2016 | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Elevation of Privilege | 5036910 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30038 | Microsoft Offensive Research & Security Engineering |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30039
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30039 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5037788 (Security Update) | Important | Information Disclosure | 5036925 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 for x64-based Systems | 5037788 (Security Update) | Important | Information Disclosure | 5036925 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5037763 (Security Update) | Important | Information Disclosure | 5036899 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5037763 (Security Update) | Important | Information Disclosure | 5036899 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Information Disclosure | 5036896 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Information Disclosure | 5036896 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Information Disclosure | 5036896 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Information Disclosure | 5036892 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Information Disclosure | 5036892 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Information Disclosure | 5036892 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Information Disclosure | 5036892 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Information Disclosure | 5036892 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Information Disclosure | 5036892 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Information Disclosure | 5036894 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Information Disclosure | 5036894 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Information Disclosure | 5036893 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Information Disclosure | 5036893 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Information Disclosure | 5036893 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Information Disclosure | 5036893 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Information Disclosure | 5036932 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Information Disclosure | 5036932 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Information Disclosure | 5036932 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Information Disclosure | 5036932 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Information Disclosure | 5036967 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Information Disclosure | 5036967 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2012 | 5037778 (Monthly Rollup) | Important | Information Disclosure | 5036969 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5037778 (Monthly Rollup) | Important | Information Disclosure | 5036969 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 R2 | 5037823 (Monthly Rollup) | Important | Information Disclosure | 5036960 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5037823 (Monthly Rollup) | Important | Information Disclosure | 5036960 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2016 | 5037763 (Security Update) | Important | Information Disclosure | 5036899 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Information Disclosure | 5036899 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Information Disclosure | 5036896 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Information Disclosure | 5036896 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Information Disclosure | 5036909 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Information Disclosure | 5036909 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Information Disclosure | 5036910 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30039 | George Hughey with MSRC Vulnerabilities & Mitigations |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30040
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows MSHTML Platform Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:8.2
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? This vulnerability bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily click or open the malicious file. How could an attacker exploit this vulnerability? An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through convincing a user to open a malicious document at which point the attacker could execute arbitrary code in the context of the user. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30040 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5037788 (Security Update) | Important | Security Feature Bypass | 5036925 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 for x64-based Systems | 5037788 (Security Update) | Important | Security Feature Bypass | 5036925 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5037763 (Security Update) | Important | Security Feature Bypass | 5036899 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5037763 (Security Update) | Important | Security Feature Bypass | 5036899 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Security Feature Bypass | 5036896 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Security Feature Bypass | 5036896 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Security Feature Bypass | 5036896 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Security Feature Bypass | 5036892 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Security Feature Bypass | 5036892 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Security Feature Bypass | 5036892 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Security Feature Bypass | 5036892 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Security Feature Bypass | 5036892 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Security Feature Bypass | 5036892 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Security Feature Bypass | 5036894 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Security Feature Bypass | 5036894 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Security Feature Bypass | 5036893 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Security Feature Bypass | 5036893 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Security Feature Bypass | 5036893 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Security Feature Bypass | 5036893 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2016 | 5037763 (Security Update) | Important | Security Feature Bypass | 5036899 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Security Feature Bypass | 5036899 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Security Feature Bypass | 5036896 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Security Feature Bypass | 5036896 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Security Feature Bypass | 5036909 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Security Feature Bypass | 5036909 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Security Feature Bypass | 5036910 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30040 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30041
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Bing Search Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.4/TemporalScore:4.7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. How do I get the update for Microsoft Bing Search for iOS?
Alternatively
According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability? Limited information from the victim's browser associated with the vulnerable URL can be sent to the attacker by the malicious code. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30041 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Bing Search for iOS | Release Notes (Security Update) | Important | Spoofing | None | Base: 5.4 Temporal: 4.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C |
28.2.000000000 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-30041 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30042
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30042 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Excel 2016 (32-bit edition) | 5002587 (Security Update) | Important | Remote Code Execution | 5002536 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5448.1000 | Maybe | None |
| Microsoft Excel 2016 (64-bit edition) | 5002587 (Security Update) | Important | Remote Code Execution | 5002536 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5448.1000 | Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.85.24051214 | Maybe | None |
| Office Online Server | 5002503 (Security Update) | Important | Remote Code Execution | 5002470 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10410.20003 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-30042 | Quan Jin with DBAPPSecurity WeBin Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30043
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content. The scope of file content which could be accessed is dependent on the privileges of compromised user. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30043 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SharePoint Enterprise Server 2016 | 5002598 (Security Update) | Important | Information Disclosure | 5002583 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.0.5448.1000 | Maybe | None |
| Microsoft SharePoint Server 2019 | 5002596 (Security Update) | Important | Information Disclosure | 5002580 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.0.10409.20047 | Maybe | None |
| Microsoft SharePoint Server Subscription Edition | 5002599 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.0.17328.20292 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-30043 | Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30045
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET and Visual Studio Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.3/TemporalScore:5.5
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability? While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that a user trigger the payload in the application. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30045 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| .NET 7.0 | 5038351 (Security Update) | Important | Remote Code Execution | None | Base: 6.3 Temporal: 5.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
7.0.19 | Maybe | None |
| .NET 8.0 | 5038352 (Security Update) | Important | Remote Code Execution | None | Base: 6.3 Temporal: 5.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
8.0.5 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.4 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 6.3 Temporal: 5.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
17.4.19 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 6.3 Temporal: 5.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
17.6.15 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 6.3 Temporal: 5.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
17.8.10 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.9 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 6.3 Temporal: 5.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
17.9.7 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-30045 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30046
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Visual Studio Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.2
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30046 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Visual Studio 2022 version 17.4 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
17.4.19 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
17.6.15 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
17.8.10 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.9 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
17.9.7 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-30046 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30047
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Dynamics 365 Customer Insights Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.6/TemporalScore:6.6
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The user would need to access the URL of the malicious website, which could spoof the content of a legitimate website, and then click a popup displayed on that site. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. How do I get the update for Customer Insights - Journeys? Customer Insights - Journeys updates are pushed to all customers automatically. Customer Insights - Journeys follows a phased deployment approach aligned with the platform deployment schedule. You can also update your solutions manually for early validations. Manual updates allow customers to apply and test updates on a sandbox instance before applying them to a production system. See Keep Dynamics 365 Customer Insights - Journeys up to date for more information. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30047 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Dynamics 365 Customer Insights | Release Notes (Security Update) | Important | Spoofing | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
1.38813.80 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-30047 | Niraj Mahajan Tomer Nahum with Semperis |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30048
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Dynamics 365 Customer Insights Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.6/TemporalScore:6.6
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to navigate to a page with malicious content to be compromised by the attacker. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. How do I get the update for Customer Insights - Journeys? Customer Insights - Journeys updates are pushed to all customers automatically. Customer Insights - Journeys follows a phased deployment approach aligned with the platform deployment schedule. You can also update your solutions manually for early validations. Manual updates allow customers to apply and test updates on a sandbox instance before applying them to a production system. See Keep Dynamics 365 Customer Insights - Journeys up to date for more information. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30048 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Dynamics 365 Customer Insights | Release Notes (Security Update) | Important | Spoofing | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
1.38813.80 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-30048 | NGO VAN TU (@tusnj) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30049
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30049 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5037788 (Security Update) | Important | Elevation of Privilege | 5036925 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 for x64-based Systems | 5037788 (Security Update) | Important | Elevation of Privilege | 5036925 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5037800 (Monthly Rollup) 5037836 (Security Only) |
Important | Elevation of Privilege | 5036932 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22668 |
Yes | 5037800 5037836 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Elevation of Privilege | 5036967 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5037780 (Monthly Rollup) 5037803 (Security Only) |
Important | Elevation of Privilege | 5036967 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27117 | Yes | None |
| Windows Server 2012 | 5037778 (Monthly Rollup) | Important | Elevation of Privilege | 5036969 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5037778 (Monthly Rollup) | Important | Elevation of Privilege | 5036969 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24868 | Yes | None |
| Windows Server 2012 R2 | 5037823 (Monthly Rollup) | Important | Elevation of Privilege | 5036960 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5037823 (Monthly Rollup) | Important | Elevation of Privilege | 5036960 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21972 | Yes | None |
| Windows Server 2016 | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5037781 (Security Update) | Important | Elevation of Privilege | 5036910 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.887 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30049 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30051
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows DWM Core Library Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.2
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | Yes | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30051 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5037788 (Security Update) | Important | Elevation of Privilege | 5036925 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 for x64-based Systems | 5037788 (Security Update) | Important | Elevation of Privilege | 5036925 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.10240.20651 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 21H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19044.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for 32-bit Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 10 Version 22H2 for x64-based Systems | 5037768 (Security Update) | Important | Elevation of Privilege | 5036892 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19045.4412 |
Yes | 5037768 |
| Windows 11 version 21H2 for ARM64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 version 21H2 for x64-based Systems | 5037770 (Security Update) | Important | Elevation of Privilege | 5036894 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22000.2960 |
Yes | 5037770 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 22H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22621.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows 11 Version 23H2 for x64-based Systems | 5037771 (Security Update) | Important | Elevation of Privilege | 5036893 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22631.3593 |
Yes | 5037771 |
| Windows Server 2016 | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5037763 (Security Update) | Important | Elevation of Privilege | 5036899 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.6981 | Yes | None |
| Windows Server 2019 | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5037765 (Security Update) | Important | Elevation of Privilege | 5036896 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.5820 | Yes | None |
| Windows Server 2022 | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| Windows Server 2022 (Server Core installation) | 5037782 (Security Update) 5037848 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5036909 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.20348.2461 10.0.20348.2458 |
Yes | 5037782 |
| CVE ID | Acknowledgements |
| CVE-2024-30051 | Vlad Stolyarov and Benoit Sevens of Google Threat Analysis Group
Bryce Abdo and Adam Brunner of Google Mandiant Quan Jin with DBAPPSecurity WeBin Lab Guoxian Zhong with DBAPPSecurity WeBin Lab Mert Degirmenci and Boris Larin with Kaspersky |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-32004
MITRE NVD Issuing CNA: Github |
CVE Title: GitHub: CVE-2024-32004 Remote Code Execution while cloning special-crafted local repositories
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in MinGit software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-32004 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.9.62 | Maybe | None |
| Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.11.36 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.4 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.4.19 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.6.15 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.8.10 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.9 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.9.7 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-32004 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30054
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to navigate to a page with malicious content to be compromised by the attacker. Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30054 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| PowerBI-client JS SDK | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
2.23.1 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-30054 | Marcelo Takizawa with itigo |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-4331
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-4331 Use after free in Picture In Picture
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 02-May-24 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-4331 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
124.0.2478.80 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-4331 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-4368
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-4368 Use after free in Dawn
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 02-May-24 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-4368 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
124.0.2478.80 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-4368 | None |