This report contains detail for the following vulnerabilities:
CVE Issued by | Tag | CVE ID | CVE Title |
---|---|---|---|
Microsoft | Azure Data Science Virtual Machines | CVE-2024-37325 | Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability |
Microsoft | Azure File Sync | CVE-2024-35253 | Microsoft Azure File Sync Elevation of Privilege Vulnerability |
Microsoft | Azure Monitor | CVE-2024-35254 | Azure Monitor Agent Elevation of Privilege Vulnerability |
Microsoft | Azure SDK | CVE-2024-35255 | Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability |
Microsoft | Azure Storage Library | CVE-2024-35252 | Azure Storage Movement Client Library Denial of Service Vulnerability |
Microsoft | Dynamics Business Central | CVE-2024-35248 | Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability |
Microsoft | Dynamics Business Central | CVE-2024-35249 | Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability |
Microsoft | Microsoft Dynamics | CVE-2024-35263 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability |
Chrome | Microsoft Edge (Chromium-based) | CVE-2024-5498 | Chromium: CVE-2024-5498 Use after free in Presentation API |
Chrome | Microsoft Edge (Chromium-based) | CVE-2024-5493 | Chromium: CVE-2024-5493 Heap buffer overflow in WebRTC |
Chrome | Microsoft Edge (Chromium-based) | CVE-2024-5497 | Chromium: CVE-2024-5497 Out of bounds memory access in Keyboard Inputs |
Chrome | Microsoft Edge (Chromium-based) | CVE-2024-5495 | Chromium: CVE-2024-5495 Use after free in Dawn |
Chrome | Microsoft Edge (Chromium-based) | CVE-2024-5499 | Chromium: CVE-2024-5499 Out of bounds write in Streams API |
Chrome | Microsoft Edge (Chromium-based) | CVE-2024-5494 | Chromium: CVE-2024-5494 Use after free in Dawn |
Chrome | Microsoft Edge (Chromium-based) | CVE-2024-5496 | Chromium: CVE-2024-5496 Use after free in Media Session |
Microsoft | Microsoft Office | CVE-2024-30101 | Microsoft Office Remote Code Execution Vulnerability |
Microsoft | Microsoft Office | CVE-2024-30104 | Microsoft Office Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Outlook | CVE-2024-30103 | Microsoft Outlook Remote Code Execution Vulnerability |
Microsoft | Microsoft Office SharePoint | CVE-2024-30100 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Word | CVE-2024-30102 | Microsoft Office Remote Code Execution Vulnerability |
Microsoft | Microsoft Streaming Service | CVE-2024-30090 | Microsoft Streaming Service Elevation of Privilege Vulnerability |
Microsoft | Microsoft Streaming Service | CVE-2024-30089 | Microsoft Streaming Service Elevation of Privilege Vulnerability |
Microsoft | Microsoft WDAC OLE DB provider for SQL | CVE-2024-30077 | Windows OLE Remote Code Execution Vulnerability |
MITRE Corporation | Microsoft Windows | CVE-2023-50868 | MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU |
Microsoft | Microsoft Windows Speech | CVE-2024-30097 | Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability |
Microsoft | Visual Studio | CVE-2024-30052 | Visual Studio Remote Code Execution Vulnerability |
Microsoft | Visual Studio | CVE-2024-29060 | Visual Studio Elevation of Privilege Vulnerability |
GitHub | Visual Studio | CVE-2024-29187 | GitHub: CVE-2024-29187 WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM |
Microsoft | Windows Cloud Files Mini Filter Driver | CVE-2024-30085 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
Microsoft | Windows Container Manager Service | CVE-2024-30076 | Windows Container Manager Service Elevation of Privilege Vulnerability |
Microsoft | Windows Cryptographic Services | CVE-2024-30096 | Windows Cryptographic Services Information Disclosure Vulnerability |
Microsoft | Windows DHCP Server | CVE-2024-30070 | DHCP Server Service Denial of Service Vulnerability |
Microsoft | Windows Distributed File System (DFS) | CVE-2024-30063 | Windows Distributed File System (DFS) Remote Code Execution Vulnerability |
Microsoft | Windows Event Logging Service | CVE-2024-30072 | Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability |
Microsoft | Windows Kernel | CVE-2024-30068 | Windows Kernel Elevation of Privilege Vulnerability |
Microsoft | Windows Kernel | CVE-2024-30064 | Windows Kernel Elevation of Privilege Vulnerability |
Microsoft | Windows Kernel-Mode Drivers | CVE-2024-30084 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
Microsoft | Windows Kernel-Mode Drivers | CVE-2024-35250 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
Microsoft | Windows Link Layer Topology Discovery Protocol | CVE-2024-30075 | Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability |
Microsoft | Windows Link Layer Topology Discovery Protocol | CVE-2024-30074 | Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability |
Microsoft | Windows NT OS Kernel | CVE-2024-30099 | Windows Kernel Elevation of Privilege Vulnerability |
Microsoft | Windows NT OS Kernel | CVE-2024-30088 | Windows Kernel Elevation of Privilege Vulnerability |
Microsoft | Windows Perception Service | CVE-2024-35265 | Windows Perception Service Elevation of Privilege Vulnerability |
Microsoft | Windows Remote Access Connection Manager | CVE-2024-30069 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-30095 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-30094 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Microsoft | Windows Server Service | CVE-2024-30062 | Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability |
Microsoft | Windows Server Service | CVE-2024-30080 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
Microsoft | Windows Standards-Based Storage Management Service | CVE-2024-30083 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
Microsoft | Windows Storage | CVE-2024-30093 | Windows Storage Elevation of Privilege Vulnerability |
Microsoft | Windows Themes | CVE-2024-30065 | Windows Themes Denial of Service Vulnerability |
Microsoft | Windows Wi-Fi Driver | CVE-2024-30078 | Windows Wi-Fi Driver Remote Code Execution Vulnerability |
Microsoft | Windows Win32 Kernel Subsystem | CVE-2024-30086 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
Microsoft | Windows Win32K - GRFX | CVE-2024-30087 | Win32k Elevation of Privilege Vulnerability |
Microsoft | Windows Win32K - GRFX | CVE-2024-30091 | Win32k Elevation of Privilege Vulnerability |
Microsoft | Windows Win32K - GRFX | CVE-2024-30082 | Win32k Elevation of Privilege Vulnerability |
Microsoft | Winlogon | CVE-2024-30067 | Winlogon Elevation of Privilege Vulnerability |
Microsoft | Winlogon | CVE-2024-30066 | Winlogon Elevation of Privilege Vulnerability |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30069
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.7/TemporalScore:4.1
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30069 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5039225 (Security Update) | Important | Information Disclosure | 5037788 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 for x64-based Systems | 5039225 (Security Update) | Important | Information Disclosure | 5037788 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5039214 (Security Update) | Important | Information Disclosure | 5037763 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5039214 (Security Update) | Important | Information Disclosure | 5037763 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Important | Information Disclosure | 5037765 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Important | Information Disclosure | 5037765 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Information Disclosure | 5037765 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Important | Information Disclosure | 5037768 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Information Disclosure | 5037768 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Information Disclosure | 5037768 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Important | Information Disclosure | 5037768 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Information Disclosure | 5037768 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Information Disclosure | 5037768 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Information Disclosure | 5037770 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Information Disclosure | 5037770 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Information Disclosure | 5037771 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Information Disclosure | 5037771 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Information Disclosure | 5037771 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Information Disclosure | 5037771 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Information Disclosure | 5037763 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Information Disclosure | 5037763 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Information Disclosure | 5037765 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Information Disclosure | 5037765 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Information Disclosure | 5037782 5037848 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Information Disclosure | 5037782 5037848 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Information Disclosure | 5037781 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30069 | George Hughey with MSRC Vulnerabilities & Mitigations |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30070
MITRE NVD Issuing CNA: Microsoft |
CVE Title: DHCP Server Service Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.7
Executive Summary: None FAQ: None Mitigations: The following mitigating factors might be helpful in your situation: Customers who have not configured their DHCP server as a failover are not affected by this vulnerability. Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30070 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2012 | 5039260 (Monthly Rollup) | Important | Denial of Service | 5037778 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 (Server Core installation) | 5039260 (Monthly Rollup) | Important | Denial of Service | 5037778 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 R2 | 5039294 (Monthly Rollup) | Important | Denial of Service | 5037823 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5039294 (Monthly Rollup) | Important | Denial of Service | 5037823 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Denial of Service | 5037763 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Denial of Service | 5037763 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Denial of Service | 5037765 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Denial of Service | 5037765 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30070 | YanZiShuang@BigCJTeam of cyberkl |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30072
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30072 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Remote Code Execution | 5037781 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30072 | Laith AL-Satari |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30074
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.0/TemporalScore:7.2
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. How could an attacker exploit the vulnerability? An unauthenticated attacker could send a malicious networking packet to an adjacent system where a user is running the Network Map functionality over a WiFi networking adapter, which could enable remote code execution. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30074 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 8.0 Temporal: 7.2 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 8.0 Temporal: 7.2 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 8.0 Temporal: 7.2 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 8.0 Temporal: 7.2 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Remote Code Execution | 5037780 |
Base: 8.0 Temporal: 7.2 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Remote Code Execution | 5037780 |
Base: 8.0 Temporal: 7.2 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30074 | Wei in Kunlun Lab with Cyber KunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30075
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.0/TemporalScore:7.0
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. How could an attacker exploit the vulnerability? An unauthenticated attacker could send a malicious networking packet to an adjacent system where a user is running the Network Map functionality over a WiFi networking adapter, which could enable remote code execution. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30075 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Remote Code Execution | 5037780 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Remote Code Execution | 5037780 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30075 | Wei in Kunlun Lab with Cyber KunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30076
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Container Manager Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability? This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30076 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1607 for x64-based Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Elevation of Privilege | 5037781 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30076 | Jakub Štrom |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30077
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows OLE Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.0/TemporalScore:7.0
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30077 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5039225 (Security Update) | Important | Remote Code Execution | 5037788 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 for x64-based Systems | 5039225 (Security Update) | Important | Remote Code Execution | 5037788 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Remote Code Execution | 5037770 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Remote Code Execution | 5037770 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Remote Code Execution | 5037780 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Remote Code Execution | 5037780 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2012 | 5039260 (Monthly Rollup) | Important | Remote Code Execution | 5037778 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 (Server Core installation) | 5039260 (Monthly Rollup) | Important | Remote Code Execution | 5037778 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 R2 | 5039294 (Monthly Rollup) | Important | Remote Code Execution | 5037823 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5039294 (Monthly Rollup) | Important | Remote Code Execution | 5037823 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Remote Code Execution | 5037782 5037848 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Remote Code Execution | 5037782 5037848 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Remote Code Execution | 5037781 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30077 | bee13oy with Cyber Kunlun Lab Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30078
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Wi-Fi Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. How could an attacker exploit the vulnerability? An unauthenticated attacker could send a malicious networking packet to an adjacent system that is employing a Wi-Fi networking adapter, which could enable remote code execution. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30078 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5039225 (Security Update) | Important | Remote Code Execution | 5037788 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 for x64-based Systems | 5039225 (Security Update) | Important | Remote Code Execution | 5037788 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Remote Code Execution | 5037770 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Remote Code Execution | 5037770 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Remote Code Execution | 5037780 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Remote Code Execution | 5037780 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2012 | 5039260 (Monthly Rollup) | Important | Remote Code Execution | 5037778 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 (Server Core installation) | 5039260 (Monthly Rollup) | Important | Remote Code Execution | 5037778 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 R2 | 5039294 (Monthly Rollup) | Important | Remote Code Execution | 5037823 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5039294 (Monthly Rollup) | Important | Remote Code Execution | 5037823 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Remote Code Execution | 5037782 5037848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Remote Code Execution | 5037782 5037848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Remote Code Execution | 5037781 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30078 | Wei in Kunlun Lab with Cyber KunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30080
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.8/TemporalScore:8.5
Executive Summary: None FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side. Mitigations: Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation: The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel. You can check to see if there is a service running named Message Queuing and TCP port 1801 is listening on the machine. Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30080 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5039225 (Security Update) | Critical | Remote Code Execution | 5037788 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 for x64-based Systems | 5039225 (Security Update) | Critical | Remote Code Execution | 5037788 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5039214 (Security Update) | Critical | Remote Code Execution | 5037763 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5039214 (Security Update) | Critical | Remote Code Execution | 5037763 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Critical | Remote Code Execution | 5037765 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Critical | Remote Code Execution | 5037765 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Critical | Remote Code Execution | 5037765 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Critical | Remote Code Execution | 5037768 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Critical | Remote Code Execution | 5037768 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Critical | Remote Code Execution | 5037768 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Critical | Remote Code Execution | 5037768 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Critical | Remote Code Execution | 5037768 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Critical | Remote Code Execution | 5037768 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Critical | Remote Code Execution | 5037770 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Critical | Remote Code Execution | 5037770 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Critical | Remote Code Execution | 5037771 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Critical | Remote Code Execution | 5037771 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Critical | Remote Code Execution | 5037771 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Critical | Remote Code Execution | 5037771 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Critical | Remote Code Execution | 5037800 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Critical | Remote Code Execution | 5037800 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Critical | Remote Code Execution | 5037800 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Critical | Remote Code Execution | 5037800 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Critical | Remote Code Execution | 5037780 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Critical | Remote Code Execution | 5037780 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2012 | 5039260 (Monthly Rollup) | Critical | Remote Code Execution | 5037778 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 (Server Core installation) | 5039260 (Monthly Rollup) | Critical | Remote Code Execution | 5037778 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 R2 | 5039294 (Monthly Rollup) | Critical | Remote Code Execution | 5037823 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5039294 (Monthly Rollup) | Critical | Remote Code Execution | 5037823 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Critical | Remote Code Execution | 5037763 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Critical | Remote Code Execution | 5037763 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Critical | Remote Code Execution | 5037765 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Critical | Remote Code Execution | 5037765 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Critical | Remote Code Execution | 5037782 5037848 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Critical | Remote Code Execution | 5037782 5037848 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Critical | Remote Code Execution | 5037781 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30080 | k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30082
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30082 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 for x64-based Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Elevation of Privilege | 5037780 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Elevation of Privilege | 5037780 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2012 | 5039260 (Monthly Rollup) | Important | Elevation of Privilege | 5037778 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 (Server Core installation) | 5039260 (Monthly Rollup) | Important | Elevation of Privilege | 5037778 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 R2 | 5039294 (Monthly Rollup) | Important | Elevation of Privilege | 5037823 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5039294 (Monthly Rollup) | Important | Elevation of Privilege | 5037823 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Elevation of Privilege | 5037781 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30082 | Marcin Wiazowski with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-35250
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-35250 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 for x64-based Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Elevation of Privilege | 5037780 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Elevation of Privilege | 5037780 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2012 | 5039260 (Monthly Rollup) | Important | Elevation of Privilege | 5037778 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 (Server Core installation) | 5039260 (Monthly Rollup) | Important | Elevation of Privilege | 5037778 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 R2 | 5039294 (Monthly Rollup) | Important | Elevation of Privilege | 5037823 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5039294 (Monthly Rollup) | Important | Elevation of Privilege | 5037823 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Elevation of Privilege | 5037781 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-35250 | Angelboy (@scwuaptx) from DEVCORE Research Team
with Trend Micro Zero Day Initiative Angelboy (@scwuaptx) with DEVCORE |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-35255
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited the vulnerability could elevate privileges and read any file on the file system with SYSTEM access permissions. According to the CVSS metric, Integrity and Availability impact is None (I:N/A:N). What does that mean for this vulnerability? An attacker who successfully exploits this vulnerability can only obtain read access to the system files by exploiting this vulnerability. The attacker cannot perform write or delete operations on the files. Which credential types provided by the Azure Identity client library are affected? The vulnerability exists in the following credential types:
Which credential types provided by the Azure Identity client library are affected? The vulnerability exists in the following credential types:
Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-35255 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Identity Library for .NET | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
1.11.4 | Maybe | None |
Azure Identity Library for C++ | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
1.7.0 | Maybe | None |
Azure Identity Library for Go | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
1.6.0 | Maybe | None |
Azure Identity Library for Java | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
1.12.2 | Maybe | None |
Azure Identity Library for JavaScript | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
4.2.1 | Maybe | None |
Azure Identity Library for Python | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
1.16.1 | Maybe | None |
Microsoft Authentication Library (MSAL) for .NET | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
4.61.3 | Maybe | None |
Microsoft Authentication Library (MSAL) for Java | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
1.15.1 | Maybe | None |
Microsoft Authentication Library (MSAL) for Node.js | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
2.9.2 | Maybe | None |
Microsoft Authentication Library (MSAL) for Python | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
1.28.0 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-35255 | Vladimir Abramzon with Microsoft Eli Arbel with Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2023-50868
MITRE NVD Issuing CNA: MITRE Corporation |
CVE Title: MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: Why is the MITRE Corporation the assigning CNA (CVE Numbering Authority)? CVE-2023-50868 is regarding a vulnerability in DNSSEC validation where an attacker could exploit standard DNSSEC protocols intended for DNS integrity by using excessive resources on a resolver, causing a denial of service for legitimate users. MITRE created this CVE on their behalf. Please see CVE-2023-50868 for more information. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
CVE-2023-50868 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2012 | 5039260 (Monthly Rollup) | Important | Denial of Service | 5037778 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 (Server Core installation) | 5039260 (Monthly Rollup) | Important | Denial of Service | 5037778 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 R2 | 5039294 (Monthly Rollup) | Important | Denial of Service | 5037823 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5039294 (Monthly Rollup) | Important | Denial of Service | 5037823 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Denial of Service | 5037763 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Denial of Service | 5037763 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Denial of Service | 5037765 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Denial of Service | 5037765 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Denial of Service | 5037782 5037848 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Denial of Service | 5037782 5037848 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Denial of Service | 5037781 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2023-50868 | Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner from the German National Research Center for Applied Cybersecurity ATHENE |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-29187
MITRE NVD Issuing CNA: GitHub |
CVE Title: GitHub: CVE-2024-29187 WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? An authorized attacker must send the user a malicious file and convince the user to open it. Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Wix Toolset software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-29187 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.9.63 | Maybe | None |
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.11.37 | Maybe | None |
Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.10.2 | Maybe | None |
Microsoft Visual Studio 2022 version 17.4 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.4.20 | Maybe | None |
Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.6.16 | Maybe | None |
Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.8.11 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-29187 | Naceri with MSRC Vulnerabilities & Mitigations |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
CVE-2024-5493
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-5493 Heap buffer overflow in WebRTC
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    03-Jun-24     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-5493 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
125.0.2535.85 | No | None |
CVE ID | Acknowledgements |
CVE-2024-5493 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
CVE-2024-5498
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-5498 Use after free in Presentation API
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    03-Jun-24     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-5498 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
125.0.2535.85 | No | None |
CVE ID | Acknowledgements |
CVE-2024-5498 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
CVE-2024-5496
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-5496 Use after free in Media Session
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    03-Jun-24     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-5496 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
125.0.2535.85 | No | None |
CVE ID | Acknowledgements |
CVE-2024-5496 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
CVE-2024-5499
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-5499 Out of bounds write in Streams API
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    03-Jun-24     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-5499 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
125.0.2535.85 | No | None |
CVE ID | Acknowledgements |
CVE-2024-5499 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
CVE-2024-5494
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-5494 Use after free in Dawn
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    03-Jun-24     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-5494 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
125.0.2535.85 | No | None |
CVE ID | Acknowledgements |
CVE-2024-5494 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
CVE-2024-5497
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-5497 Out of bounds memory access in Keyboard Inputs
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    03-Jun-24     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-5497 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
125.0.2535.85 | No | None |
CVE ID | Acknowledgements |
CVE-2024-5497 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
CVE-2024-5495
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-5495 Use after free in Dawn
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    03-Jun-24     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-5495 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
125.0.2535.85 | No | None |
CVE ID | Acknowledgements |
CVE-2024-5495 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-29060
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Visual Studio Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.7/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability? An authorized attacker could create a malicious extension and then wait for an authenticated user to create a new Visual Studio project that uses that extension. The result is that the attacker could gain the privileges of the user. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability? The performance can be interrupted and/or reduced, but the attacker cannot fully deny service. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-29060 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C |
15.9.63 | Maybe | None |
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C |
16.11.37 | Maybe | None |
Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C |
17.10.2 | Maybe | None |
Microsoft Visual Studio 2022 version 17.4 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C |
17.4.20 | Maybe | None |
Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C |
17.6.16 | Maybe | None |
Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C |
17.8.11 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-29060 | Filip Dragović |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30062
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.0
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? A user would have to restart the compromised service on the server to trigger the vulnerability. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30062 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2012 R2 | 5039294 (Monthly Rollup) | Important | Remote Code Execution | 5037823 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5039294 (Monthly Rollup) | Important | Remote Code Execution | 5037823 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Remote Code Execution | 5037782 5037848 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Remote Code Execution | 5037782 5037848 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
CVE ID | Acknowledgements |
CVE-2024-30062 | k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30063
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Distributed File System (DFS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.7/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? This vulnerability could be triggered when a user connects a Windows client to a malicious server. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to have obtained low privileged code execution on target host first. According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability? Exploiting this vulnerability requires an attacker to be on the same network segment as the target system. Traffic associated with exploitation of this vulnerability is not routable and is bound to the data link layer of the OSI model. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30063 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5039225 (Security Update) | Important | Remote Code Execution | 5037788 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 for x64-based Systems | 5039225 (Security Update) | Important | Remote Code Execution | 5037788 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Remote Code Execution | 5037770 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Remote Code Execution | 5037770 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Remote Code Execution | 5037780 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Remote Code Execution | 5037780 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2012 | 5039260 (Monthly Rollup) | Important | Remote Code Execution | 5037778 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 (Server Core installation) | 5039260 (Monthly Rollup) | Important | Remote Code Execution | 5037778 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 R2 | 5039294 (Monthly Rollup) | Important | Remote Code Execution | 5037823 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5039294 (Monthly Rollup) | Important | Remote Code Execution | 5037823 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Remote Code Execution | 5037782 5037848 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Remote Code Execution | 5037782 5037848 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Remote Code Execution | 5037781 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30063 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30064
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? This vulnerability could lead to a contained execution environment escape. Please refer to AppContainer Isolation for more information. How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. What privileges could an attacker gain with a successful exploitation? An attacker who successfully exploited this vulnerability could gain unauthorized access to system resources, potentially allowing them to perform actions with the same privileges as the compromised process. This could lead to further system compromise and unauthorized actions within the network. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30064 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Elevation of Privilege | 5037781 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30064 | k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30065
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Themes Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30065 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5039225 (Security Update) | Important | Denial of Service | 5037788 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 for x64-based Systems | 5039225 (Security Update) | Important | Denial of Service | 5037788 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5039214 (Security Update) | Important | Denial of Service | 5037763 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5039214 (Security Update) | Important | Denial of Service | 5037763 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Important | Denial of Service | 5037765 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Important | Denial of Service | 5037765 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Denial of Service | 5037765 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Important | Denial of Service | 5037768 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Denial of Service | 5037768 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Denial of Service | 5037768 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Important | Denial of Service | 5037768 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Denial of Service | 5037768 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Denial of Service | 5037768 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Denial of Service | 5037770 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Denial of Service | 5037770 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Denial of Service | 5037771 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Denial of Service | 5037771 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Denial of Service | 5037771 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Denial of Service | 5037771 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2012 | 5039260 (Monthly Rollup) | Important | Denial of Service | 5037778 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 (Server Core installation) | 5039260 (Monthly Rollup) | Important | Denial of Service | 5037778 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 R2 | 5039294 (Monthly Rollup) | Important | Denial of Service | 5037823 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5039294 (Monthly Rollup) | Important | Denial of Service | 5037823 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Denial of Service | 5037763 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Denial of Service | 5037763 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Denial of Service | 5037765 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Denial of Service | 5037765 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Denial of Service | 5037782 5037848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Denial of Service | 5037782 5037848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Denial of Service | 5037781 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30065 | goodbyeselene |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30066
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Winlogon Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of integrity (I:H). What does that mean for this vulnerability? An authenticated attacker could replace valid file content with specially crafted file content. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30066 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 for x64-based Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2012 | 5039260 (Monthly Rollup) | Important | Elevation of Privilege | 5037778 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 (Server Core installation) | 5039260 (Monthly Rollup) | Important | Elevation of Privilege | 5037778 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 R2 | 5039294 (Monthly Rollup) | Important | Elevation of Privilege | 5037823 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5039294 (Monthly Rollup) | Important | Elevation of Privilege | 5037823 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Elevation of Privilege | 5037781 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30066 | goodbyeselene |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30067
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Winlogon Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of integrity (I:H). What does that mean for this vulnerability? An authenticated attacker could replace valid file content with specially crafted file content. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30067 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 for x64-based Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2012 | 5039260 (Monthly Rollup) | Important | Elevation of Privilege | 5037778 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 (Server Core installation) | 5039260 (Monthly Rollup) | Important | Elevation of Privilege | 5037778 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 R2 | 5039294 (Monthly Rollup) | Important | Elevation of Privilege | 5037823 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5039294 (Monthly Rollup) | Important | Elevation of Privilege | 5037823 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Elevation of Privilege | 5037781 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30067 | goodbyeselene |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30068
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30068 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 for x64-based Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Elevation of Privilege | 5037781 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30068 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30083
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Standards-Based Storage Management Service Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30083 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2012 R2 | 5039294 (Monthly Rollup) | Important | Denial of Service | 5037823 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5039294 (Monthly Rollup) | Important | Denial of Service | 5037823 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Denial of Service | 5037763 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Denial of Service | 5037763 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Denial of Service | 5037765 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Denial of Service | 5037765 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Denial of Service | 5037782 5037848 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Denial of Service | 5037782 5037848 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
CVE ID | Acknowledgements |
CVE-2024-30083 | Azure Yang with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30084
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30084 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 for x64-based Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Elevation of Privilege | 5037780 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Elevation of Privilege | 5037780 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2012 | 5039260 (Monthly Rollup) | Important | Elevation of Privilege | 5037778 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 (Server Core installation) | 5039260 (Monthly Rollup) | Important | Elevation of Privilege | 5037778 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 R2 | 5039294 (Monthly Rollup) | Important | Elevation of Privilege | 5037823 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5039294 (Monthly Rollup) | Important | Elevation of Privilege | 5037823 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Elevation of Privilege | 5037781 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30084 | Angelboy (@scwuaptx) from DEVCORE Research Team with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30085
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.0
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30085 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Elevation of Privilege | 5037781 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30085 | Gwangun Jung(@pr0ln) and Junoh Lee(@bbbig12) at Theori(@theori_io) with Trend Micro Zero Day Initiative Alex Birnberg for TyphoonPWN24 Anonymous with SSD Secure Disclosure |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30086
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30086 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 for x64-based Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2012 | 5039260 (Monthly Rollup) | Important | Elevation of Privilege | 5037778 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 (Server Core installation) | 5039260 (Monthly Rollup) | Important | Elevation of Privilege | 5037778 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 R2 | 5039294 (Monthly Rollup) | Important | Elevation of Privilege | 5037823 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5039294 (Monthly Rollup) | Important | Elevation of Privilege | 5037823 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Elevation of Privilege | 5037781 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30086 | Bruno Pujos from REverse Tactics with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30087
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? The attacker would gain the rights of the user that is running the affected application. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30087 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 for x64-based Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Elevation of Privilege | 5037780 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Elevation of Privilege | 5037780 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2012 | 5039260 (Monthly Rollup) | Important | Elevation of Privilege | 5037778 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 (Server Core installation) | 5039260 (Monthly Rollup) | Important | Elevation of Privilege | 5037778 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 R2 | 5039294 (Monthly Rollup) | Important | Elevation of Privilege | 5037823 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5039294 (Monthly Rollup) | Important | Elevation of Privilege | 5037823 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Elevation of Privilege | 5037781 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30087 | Marcin Wiazowski with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30088
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.3
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30088 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 for x64-based Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Elevation of Privilege | 5037781 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30088 | Emma Kirkpatrick (@carrot_c4k3) working with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30089
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Streaming Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30089 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Elevation of Privilege | 5037781 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30089 | Valentina Palmiotti, IBM X-Force with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30090
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Streaming Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30090 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 for x64-based Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Elevation of Privilege | 5037780 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Elevation of Privilege | 5037780 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2012 | 5039260 (Monthly Rollup) | Important | Elevation of Privilege | 5037778 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 (Server Core installation) | 5039260 (Monthly Rollup) | Important | Elevation of Privilege | 5037778 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 R2 | 5039294 (Monthly Rollup) | Important | Elevation of Privilege | 5037823 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5039294 (Monthly Rollup) | Important | Elevation of Privilege | 5037823 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Elevation of Privilege | 5037781 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30090 | Angelboy (@scwuaptx) with DEVCORE |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30091
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.0
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? The attacker would gain the rights of the user that is running the affected application. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30091 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 for x64-based Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Elevation of Privilege | 5037780 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Elevation of Privilege | 5037780 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2012 | 5039260 (Monthly Rollup) | Important | Elevation of Privilege | 5037778 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 (Server Core installation) | 5039260 (Monthly Rollup) | Important | Elevation of Privilege | 5037778 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 R2 | 5039294 (Monthly Rollup) | Important | Elevation of Privilege | 5037823 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5039294 (Monthly Rollup) | Important | Elevation of Privilege | 5037823 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Elevation of Privilege | 5037781 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30091 | Tobias Klein |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30093
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Storage Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metrics, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? An authenticated attacker would need to perform specific actions on a vulnerable system, then convince another user on that system to interact with the Volume Shadow Copy functionality. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30093 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 for x64-based Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Elevation of Privilege | 5037800 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Elevation of Privilege | 5037780 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Elevation of Privilege | 5037780 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2012 | 5039260 (Monthly Rollup) | Important | Elevation of Privilege | 5037778 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 (Server Core installation) | 5039260 (Monthly Rollup) | Important | Elevation of Privilege | 5037778 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 R2 | 5039294 (Monthly Rollup) | Important | Elevation of Privilege | 5037823 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5039294 (Monthly Rollup) | Important | Elevation of Privilege | 5037823 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Elevation of Privilege | 5037781 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30093 | Or Yair with SafeBreach |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30094
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30094 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5039225 (Security Update) | Important | Remote Code Execution | 5037788 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 for x64-based Systems | 5039225 (Security Update) | Important | Remote Code Execution | 5037788 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Remote Code Execution | 5037770 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Remote Code Execution | 5037770 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Remote Code Execution | 5037780 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Remote Code Execution | 5037780 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2012 | 5039260 (Monthly Rollup) | Important | Remote Code Execution | 5037778 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 (Server Core installation) | 5039260 (Monthly Rollup) | Important | Remote Code Execution | 5037778 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 R2 | 5039294 (Monthly Rollup) | Important | Remote Code Execution | 5037823 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5039294 (Monthly Rollup) | Important | Remote Code Execution | 5037823 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Remote Code Execution | 5037782 5037848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Remote Code Execution | 5037782 5037848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Remote Code Execution | 5037781 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30094 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30095
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30095 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5039225 (Security Update) | Important | Remote Code Execution | 5037788 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 for x64-based Systems | 5039225 (Security Update) | Important | Remote Code Execution | 5037788 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Remote Code Execution | 5037770 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Remote Code Execution | 5037770 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5039245 (Monthly Rollup) 5039266 (Security Only) |
Important | Remote Code Execution | 5037800 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22720 |
Yes | 5039245 5039266 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Remote Code Execution | 5037780 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5039289 (Monthly Rollup) 5039274 (Security Only) |
Important | Remote Code Execution | 5037780 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27170 | Yes | None |
Windows Server 2012 | 5039260 (Monthly Rollup) | Important | Remote Code Execution | 5037778 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 (Server Core installation) | 5039260 (Monthly Rollup) | Important | Remote Code Execution | 5037778 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24919 | Yes | None |
Windows Server 2012 R2 | 5039294 (Monthly Rollup) | Important | Remote Code Execution | 5037823 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5039294 (Monthly Rollup) | Important | Remote Code Execution | 5037823 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22023 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Remote Code Execution | 5037782 5037848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Remote Code Execution | 5037782 5037848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Remote Code Execution | 5037781 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30095 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30096
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Cryptographic Services Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Windows cryptographic secrets. What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could disclose sensitive information such as KeyGuard (KG) keys, which are intended to be per-boot and used to protect sensitive data. If an attacker can persist these keys, they could potentially decrypt any information that was encrypted with the KG key, leading to the exposure of a wide range of sensitive and confidential information. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30096 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Important | Information Disclosure | 5037765 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Important | Information Disclosure | 5037765 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Information Disclosure | 5037765 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Important | Information Disclosure | 5037768 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Information Disclosure | 5037768 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Information Disclosure | 5037768 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Important | Information Disclosure | 5037768 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Information Disclosure | 5037768 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Information Disclosure | 5037768 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Information Disclosure | 5037770 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Information Disclosure | 5037770 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Information Disclosure | 5037771 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Information Disclosure | 5037771 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Information Disclosure | 5037771 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Information Disclosure | 5037771 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Information Disclosure | 5037765 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Information Disclosure | 5037765 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Information Disclosure | 5037782 5037848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Information Disclosure | 5037782 5037848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Information Disclosure | 5037781 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30096 | Brandon Zhang and Mohsen Mohammadi with Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30097
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. How could an attacker exploit this vulnerability? An attacker could exploit a double free vulnerability within the OS SAPI component to cause a denial of service or execute arbitrary code, compromising system integrity and availability. According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an authenticated client to click a link in order in for an unauthenticated attacker to obtain remote code execution. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30097 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5039225 (Security Update) | Important | Remote Code Execution | 5037788 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 for x64-based Systems | 5039225 (Security Update) | Important | Remote Code Execution | 5037788 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Remote Code Execution | 5037768 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Remote Code Execution | 5037770 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Remote Code Execution | 5037770 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Remote Code Execution | 5037771 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Remote Code Execution | 5037763 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Remote Code Execution | 5037765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Remote Code Execution | 5037782 5037848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Remote Code Execution | 5037782 5037848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Remote Code Execution | 5037781 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30097 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30099
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.3
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30099 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 for x64-based Systems | 5039225 (Security Update) | Important | Elevation of Privilege | 5037788 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.10240.20680 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2016 | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2016 (Server Core installation) | 5039214 (Security Update) | Important | Elevation of Privilege | 5037763 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.14393.7070 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2022 | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022 (Server Core installation) | 5039227 (Security Update) 5039330 (Security Hotpatch Update) |
Important | Elevation of Privilege | 5037782 5037848 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.20348.2527 10.0.20348.2522 |
Yes | 5039227 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5039236 (Security Update) | Important | Elevation of Privilege | 5037781 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
10.0.25398.950 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-30099 | George Hughey with MSRC Vulnerabilities and Mitigations |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30100
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30100 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SharePoint Enterprise Server 2016 | 5002604 (Security Update) | Important | Remote Code Execution | 5002598 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5452.1000 | Maybe | None |
Microsoft SharePoint Server 2019 | 5002602 (Security Update) | Important | Remote Code Execution | 5002596 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10411.20004 | Maybe | None |
Microsoft SharePoint Server Subscription Edition | 5002603 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.17328.20362 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-30100 | cjM00n & Edwardzpeng |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30101
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Successful exploitation of this vulnerability requires a user to open a malicious email with an affected version of Microsoft Outlook and then perform specific actions to trigger the vulnerability. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Is the Preview Pane an attack vector for this vulnerability? Yes. The Preview Pane is an attack vector, but additional user interaction is required. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30101 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2016 (32-bit edition) | 5002591 (Security Update) 5002575 (Security Update) |
Important | Remote Code Execution | 5002537 5002467 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5452.1000 | Maybe | None |
Microsoft Office 2016 (64-bit edition) | 5002591 (Security Update) 5002575 (Security Update) |
Important | Remote Code Execution | 5002537 5002467 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5452.1000 | Maybe | None |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
CVE ID | Acknowledgements |
CVE-2024-30101 | 849db8e253fb723f1bb056416bce0922 |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30102
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30102 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
CVE ID | Acknowledgements |
CVE-2024-30102 | Quan Jin with DBAPPSecurity WeBin Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30103
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Outlook Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: Is the Preview Pane an attack vector for this vulnerability? Yes, the Preview Pane is an attack vector. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker must be authenticated using valid Exchange user credentials. How could an attacker exploit this vulnerability? An attacker who successfully exploited this vulnerability could bypass Outlook registry block lists and enable the creation of malicious DLL files. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30103 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Outlook 2016 (32-bit edition) | 5002600 (Security Update) | Important | Remote Code Execution | 5002543 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5452.1000 | Maybe | None |
Microsoft Outlook 2016 (64-bit edition) | 5002600 (Security Update) | Important | Remote Code Execution | 5002543 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5452.1000 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-30103 | Shmuel Uzan with Morphisec Michael Gorelik with Morphisec |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30104
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30104 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2016 (32-bit edition) | 5002591 (Security Update) 5002575 (Security Update) |
Important | Remote Code Execution | 5002537 5002467 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5452.1000 | Maybe | None |
Microsoft Office 2016 (64-bit edition) | 5002591 (Security Update) 5002575 (Security Update) |
Important | Remote Code Execution | 5002537 5002467 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5452.1000 | Maybe | None |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
CVE ID | Acknowledgements |
CVE-2024-30104 | Luke Papandrea, Microsoft Corporation |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-35248
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability? While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack. What privileges could be gained by an attacker who successfully exploited the vulnerability? The attacker would gain the rights of the user that is running the affected application. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-35248 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Dynamics 365 Business Central 2023 Release Wave 1 | 5038529 (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
Application Build 22.13.64344, Platform Build 22.0 | Maybe | None |
Microsoft Dynamics 365 Business Central 2023 Release Wave 2 | 5038530 (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
Application Build 23.7.18957, Platform Build 23.0. | Maybe | None |
Microsoft Dynamics 365 Business Central 2024 Release Wave 1 | 5038531 (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
Application Build 24.1.19498, Platform Build 24.0. | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-35248 | Dr. Florian Hauser @frycos with CODE WHITE GmbH |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-35249
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-35249 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Dynamics 365 Business Central 2023 Release Wave 1 | 5038529 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Application Build 22.13.64344, Platform Build 22.0 | Maybe | None |
Microsoft Dynamics 365 Business Central 2023 Release Wave 2 | 5038530 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Application Build 23.7.18957, Platform Build 23.0. | Maybe | None |
Microsoft Dynamics 365 Business Central 2024 Release Wave 1 | 5038531 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Application Build 24.1.19498, Platform Build 24.0. | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-35249 | Dr. Florian Hauser @frycos with CODE WHITE GmbH |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-35252
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure Storage Movement Client Library Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-35252 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Storage Movement Client Library for .NET | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
2.0.5 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-35252 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-35253
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Azure File Sync Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.4/TemporalScore:4.2
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. What privileges could be gained by an attacker who successfully exploited the vulnerability? Exploiting this vulnerability would allow the attacker to perform arbitrary deletion of files that are not accessible to unprivileged users on the victim machine. According to the CVSS metric, user interaction is Required (UI:R). What does that mean for this vulnerability? The successful exploitation of this vulnerability requires a user with administrator privileges to perform specific operations on the endpoint targeted by the attacker. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-35253 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure File Sync v16.0 | 5039814 (Security Update) | Important | Elevation of Privilege | None | Base: 4.4 Temporal: 4.2 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:H/RL:O/RC:C |
17.3 | Maybe | None |
Azure File Sync v17.0 | 5039814 (Security Update) | Important | Elevation of Privilege | None | Base: 4.4 Temporal: 4.2 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:H/RL:O/RC:C |
17.3 | Maybe | None |
Azure File Sync v18.0 | 5023058 (Security Update) | Important | Elevation of Privilege | None | Base: 4.4 Temporal: 4.2 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:H/RL:O/RC:C |
18.1 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-35253 | 3wyeye5 with OSR Fangming Gu with OSR chino71 with OSR |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-35254
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure Monitor Agent Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.1/TemporalScore:6.2
Executive Summary: None FAQ: What actions do customers need to take to protect themselves from this vulnerability? Customers who have disabled Automatic Extension Upgrades or would like to upgrade an extension immediately must manually update their Azure Monitor Agent to the latest version. For more information on how to perform a manual update, see Manage Azure Monitor Agent. How could an attacker exploit this vulnerability and what privileges could an attacker gain? An authenticated attacker with read access permissions can exploit this vulnerability to perform arbitrary file and folder deletion on the host where the Azure Monitor Agent is installed. According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability? This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-35254 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Monitor Agent | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
1.26.0 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-35254 | R4nger & Zhiniang Peng |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-35263
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.7/TemporalScore:5.0
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. What type of information could be disclosed by this vulnerability? This vulnerability allows exfiltration of all the data that the logged-in user can access. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-35263 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Dynamics 365 (on-premises) version 9.1 | 5039459 (Security Update) | Important | Information Disclosure | None | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
1.29 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-35263 | Erik Donker |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-35265
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Perception Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could create or delete files in the security context of the “NT AUTHORITY\ LOCAL SERVICE” account. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, privileges required is Low (PR:L). What does that mean for this vulnerability? To exploit this vulnerability an attacker must have an account with the User role assigned. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-35265 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 21H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 10 Version 22H2 for x64-based Systems | 5039211 (Security Update) | Important | Elevation of Privilege | 5037768 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.4529 |
Yes | 5039211 |
Windows 11 version 21H2 for ARM64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 version 21H2 for x64-based Systems | 5039213 (Security Update) | Important | Elevation of Privilege | 5037770 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3019 |
Yes | 5039213 |
Windows 11 Version 22H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3737 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5039212 (Security Update) | Important | Elevation of Privilege | 5037771 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3737 | Yes | None |
Windows Server 2019 | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
Windows Server 2019 (Server Core installation) | 5039217 (Security Update) | Important | Elevation of Privilege | 5037765 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5936 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-35265 | goodbyeselene |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-37325
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.3
Executive Summary: None FAQ: What actions do customers need to take to protect themselves from this vulnerability? Only customers using Linux/Ubuntu Data Science Virtual Machines (DSVM) with versions prior to 24.05.24 may be affected. For guidance on how to update your resources, reference the following: Upgrade your Data Science Virtual Machine to Ubuntu 20.04. Customers who deploy DSVMs using CLI or scripts may also need to update the DSVM version specified in their deployment parameters. How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted request to the target machine to gain access to credentials of authorized users. This could enable an attacker to impersonate the user and perform any operations the compromised user is permitted to perform. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain the privileges of the compromised user. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-37325 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Data Science Virtual Machines for Linux | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
24.05.24 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-37325 | Yanir Tsarimi |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-30052
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Visual Studio Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.7/TemporalScore:4.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0    11-Jun-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30052 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
15.9.63 | Maybe | None |
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
16.11.37 | Maybe | None |
Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
17.10.2 | Maybe | None |
Microsoft Visual Studio 2022 version 17.4 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
17.4.20 | Maybe | None |
Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
17.6.16 | Maybe | None |
Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
17.8.11 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-30052 | goodbyeselene |