This report contains detail for the following vulnerabilities:
CVE Issued by | Tag | CVE ID | CVE Title |
---|---|---|---|
Microsoft | .NET and Visual Studio | CVE-2024-38229 | .NET and Visual Studio Remote Code Execution Vulnerability |
Microsoft | .NET and Visual Studio | CVE-2024-43485 | .NET and Visual Studio Denial of Service Vulnerability |
Microsoft | .NET, .NET Framework, Visual Studio | CVE-2024-43484 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability |
Microsoft | .NET, .NET Framework, Visual Studio | CVE-2024-43483 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability |
Microsoft | Azure CLI | CVE-2024-43591 | Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability |
Microsoft | Azure Monitor | CVE-2024-38097 | Azure Monitor Agent Elevation of Privilege Vulnerability |
Microsoft | Azure Stack | CVE-2024-38179 | Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability |
Microsoft | BranchCache | CVE-2024-43506 | BranchCache Denial of Service Vulnerability |
Microsoft | BranchCache | CVE-2024-38149 | BranchCache Denial of Service Vulnerability |
Microsoft | Code Integrity Guard | CVE-2024-43585 | Code Integrity Guard Security Feature Bypass Vulnerability |
Microsoft | DeepSpeed | CVE-2024-43497 | DeepSpeed Remote Code Execution Vulnerability |
Microsoft | Internet Small Computer Systems Interface (iSCSI) | CVE-2024-43515 | Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability |
Microsoft | Microsoft ActiveX | CVE-2024-43517 | Microsoft ActiveX Data Objects Remote Code Execution Vulnerability |
Microsoft | Microsoft Configuration Manager | CVE-2024-43468 | Microsoft Configuration Manager Remote Code Execution Vulnerability |
Microsoft | Microsoft Defender for Endpoint | CVE-2024-43614 | Microsoft Defender for Endpoint for Linux Spoofing Vulnerability |
Chrome | Microsoft Edge (Chromium-based) | CVE-2024-9369 | Chromium: CVE-2024-9369 Insufficient data validation in Mojo |
Chrome | Microsoft Edge (Chromium-based) | CVE-2024-9370 | Chromium: CVE-2024-9370 Inappropriate implementation in V8 |
Chrome | Microsoft Edge (Chromium-based) | CVE-2024-7025 | Chromium: CVE-2024-7025 Integer overflow in Layout |
Microsoft | Microsoft Graphics Component | CVE-2024-43534 | Windows Graphics Component Information Disclosure Vulnerability |
Microsoft | Microsoft Graphics Component | CVE-2024-43508 | Windows Graphics Component Information Disclosure Vulnerability |
Microsoft | Microsoft Graphics Component | CVE-2024-43556 | Windows Graphics Component Elevation of Privilege Vulnerability |
Microsoft | Microsoft Graphics Component | CVE-2024-43509 | Windows Graphics Component Elevation of Privilege Vulnerability |
Microsoft | Microsoft Management Console | CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability |
Microsoft | Microsoft Office | CVE-2024-43616 | Microsoft Office Remote Code Execution Vulnerability |
Microsoft | Microsoft Office | CVE-2024-43576 | Microsoft Office Remote Code Execution Vulnerability |
Microsoft | Microsoft Office | CVE-2024-43609 | Microsoft Office Spoofing Vulnerability |
Microsoft | Microsoft Office Excel | CVE-2024-43504 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft | Microsoft Office SharePoint | CVE-2024-43503 | Microsoft SharePoint Elevation of Privilege Vulnerability |
Microsoft | Microsoft Office Visio | CVE-2024-43505 | Microsoft Office Visio Remote Code Execution Vulnerability |
Microsoft | Microsoft Simple Certificate Enrollment Protocol | CVE-2024-43544 | Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability |
Microsoft | Microsoft Simple Certificate Enrollment Protocol | CVE-2024-43541 | Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability |
Microsoft | Microsoft WDAC OLE DB provider for SQL | CVE-2024-43519 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
Microsoft | Microsoft Windows Speech | CVE-2024-43574 | Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability |
Microsoft | OpenSSH for Windows | CVE-2024-43615 | Microsoft OpenSSH for Windows Remote Code Execution Vulnerability |
Microsoft | OpenSSH for Windows | CVE-2024-43581 | Microsoft OpenSSH for Windows Remote Code Execution Vulnerability |
Microsoft | OpenSSH for Windows | CVE-2024-38029 | Microsoft OpenSSH for Windows Remote Code Execution Vulnerability |
Microsoft | Outlook for Android | CVE-2024-43604 | Outlook for Android Elevation of Privilege Vulnerability |
Microsoft | Power BI | CVE-2024-43612 | Power BI Report Server Spoofing Vulnerability |
Microsoft | Power BI | CVE-2024-43481 | Power BI Report Server Spoofing Vulnerability |
Microsoft | Remote Desktop Client | CVE-2024-43533 | Remote Desktop Client Remote Code Execution Vulnerability |
Microsoft | Remote Desktop Client | CVE-2024-43599 | Remote Desktop Client Remote Code Execution Vulnerability |
Microsoft | Role: Windows Hyper-V | CVE-2024-43521 | Windows Hyper-V Denial of Service Vulnerability |
Microsoft | Role: Windows Hyper-V | CVE-2024-20659 | Windows Hyper-V Security Feature Bypass Vulnerability |
Microsoft | Role: Windows Hyper-V | CVE-2024-43567 | Windows Hyper-V Denial of Service Vulnerability |
Microsoft | Role: Windows Hyper-V | CVE-2024-43575 | Windows Hyper-V Denial of Service Vulnerability |
Microsoft | RPC Endpoint Mapper Service | CVE-2024-43532 | Remote Registry Service Elevation of Privilege Vulnerability |
Microsoft | Service Fabric | CVE-2024-43480 | Azure Service Fabric for Linux Remote Code Execution Vulnerability |
Microsoft | Sudo for Windows | CVE-2024-43571 | Sudo for Windows Spoofing Vulnerability |
Microsoft | Visual C++ Redistributable Installer | CVE-2024-43590 | Visual C++ Redistributable Installer Elevation of Privilege Vulnerability |
Microsoft | Visual Studio | CVE-2024-43603 | Visual Studio Collector Service Denial of Service Vulnerability |
Microsoft | Visual Studio Code | CVE-2024-43488 | Visual Studio Code extension for Arduino Remote Code Execution Vulnerability |
Microsoft | Visual Studio Code | CVE-2024-43601 | Visual Studio Code for Linux Remote Code Execution Vulnerability |
Microsoft | Windows Ancillary Function Driver for WinSock | CVE-2024-43563 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
Microsoft | Windows BitLocker | CVE-2024-43513 | BitLocker Security Feature Bypass Vulnerability |
Microsoft | Windows Common Log File System Driver | CVE-2024-43501 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Microsoft | Windows Cryptographic Services | CVE-2024-43546 | Windows Cryptographic Information Disclosure Vulnerability |
Hackerone | Windows cURL Implementation | CVE-2024-6197 | Open Source Curl Remote Code Execution Vulnerability |
Microsoft | Windows EFI Partition | CVE-2024-37982 | Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability |
Microsoft | Windows EFI Partition | CVE-2024-37976 | Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability |
Microsoft | Windows EFI Partition | CVE-2024-37983 | Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability |
Microsoft | Windows Hyper-V | CVE-2024-30092 | Windows Hyper-V Remote Code Execution Vulnerability |
Microsoft | Windows Kerberos | CVE-2024-43547 | Windows Kerberos Information Disclosure Vulnerability |
Microsoft | Windows Kerberos | CVE-2024-38129 | Windows Kerberos Elevation of Privilege Vulnerability |
Microsoft | Windows Kernel | CVE-2024-43502 | Windows Kernel Elevation of Privilege Vulnerability |
Microsoft | Windows Kernel | CVE-2024-43511 | Windows Kernel Elevation of Privilege Vulnerability |
Microsoft | Windows Kernel | CVE-2024-43520 | Windows Kernel Denial of Service Vulnerability |
Microsoft | Windows Kernel | CVE-2024-43527 | Windows Kernel Elevation of Privilege Vulnerability |
Microsoft | Windows Kernel | CVE-2024-43570 | Windows Kernel Elevation of Privilege Vulnerability |
Microsoft | Windows Kernel | CVE-2024-37979 | Windows Kernel Elevation of Privilege Vulnerability |
Microsoft | Windows Kernel-Mode Drivers | CVE-2024-43554 | Windows Kernel-Mode Driver Information Disclosure Vulnerability |
Microsoft | Windows Kernel-Mode Drivers | CVE-2024-43535 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
Microsoft | Windows Local Security Authority (LSA) | CVE-2024-43522 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability |
Microsoft | Windows Mobile Broadband | CVE-2024-43555 | Windows Mobile Broadband Driver Denial of Service Vulnerability |
Microsoft | Windows Mobile Broadband | CVE-2024-43540 | Windows Mobile Broadband Driver Denial of Service Vulnerability |
Microsoft | Windows Mobile Broadband | CVE-2024-43536 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Microsoft | Windows Mobile Broadband | CVE-2024-43538 | Windows Mobile Broadband Driver Denial of Service Vulnerability |
Microsoft | Windows Mobile Broadband | CVE-2024-43525 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Microsoft | Windows Mobile Broadband | CVE-2024-43559 | Windows Mobile Broadband Driver Denial of Service Vulnerability |
Microsoft | Windows Mobile Broadband | CVE-2024-43561 | Windows Mobile Broadband Driver Denial of Service Vulnerability |
Microsoft | Windows Mobile Broadband | CVE-2024-43558 | Windows Mobile Broadband Driver Denial of Service Vulnerability |
Microsoft | Windows Mobile Broadband | CVE-2024-43542 | Windows Mobile Broadband Driver Denial of Service Vulnerability |
Microsoft | Windows Mobile Broadband | CVE-2024-43557 | Windows Mobile Broadband Driver Denial of Service Vulnerability |
Microsoft | Windows Mobile Broadband | CVE-2024-43526 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Microsoft | Windows Mobile Broadband | CVE-2024-43543 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Microsoft | Windows Mobile Broadband | CVE-2024-43523 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Microsoft | Windows Mobile Broadband | CVE-2024-43524 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Microsoft | Windows Mobile Broadband | CVE-2024-43537 | Windows Mobile Broadband Driver Denial of Service Vulnerability |
Microsoft | Windows MSHTML Platform | CVE-2024-43573 | Windows MSHTML Platform Spoofing Vulnerability |
Microsoft | Windows Netlogon | CVE-2024-38124 | Windows Netlogon Elevation of Privilege Vulnerability |
Microsoft | Windows Network Address Translation (NAT) | CVE-2024-43562 | Windows Network Address Translation (NAT) Denial of Service Vulnerability |
Microsoft | Windows Network Address Translation (NAT) | CVE-2024-43565 | Windows Network Address Translation (NAT) Denial of Service Vulnerability |
Microsoft | Windows NT OS Kernel | CVE-2024-43553 | NT OS Kernel Elevation of Privilege Vulnerability |
Microsoft | Windows NTFS | CVE-2024-43514 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
Microsoft | Windows Online Certificate Status Protocol (OCSP) | CVE-2024-43545 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability |
Microsoft | Windows Print Spooler Components | CVE-2024-43529 | Windows Print Spooler Elevation of Privilege Vulnerability |
Microsoft | Windows Remote Desktop | CVE-2024-43582 | Remote Desktop Protocol Server Remote Code Execution Vulnerability |
Microsoft | Windows Remote Desktop Licensing Service | CVE-2024-38262 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
Microsoft | Windows Remote Desktop Services | CVE-2024-43456 | Windows Remote Desktop Services Tampering Vulnerability |
Microsoft | Windows Resilient File System (ReFS) | CVE-2024-43500 | Windows Resilient File System (ReFS) Information Disclosure Vulnerability |
Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-43592 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-43589 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-38212 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-43593 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-38261 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-43611 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-43453 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-38265 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-43607 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-43549 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-43608 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-43564 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Microsoft | Windows Scripting | CVE-2024-43584 | Windows Scripting Engine Security Feature Bypass Vulnerability |
Microsoft | Windows Secure Channel | CVE-2024-43550 | Windows Secure Channel Spoofing Vulnerability |
Microsoft | Windows Secure Kernel Mode | CVE-2024-43516 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
Microsoft | Windows Secure Kernel Mode | CVE-2024-43528 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
Microsoft | Windows Shell | CVE-2024-43552 | Windows Shell Remote Code Execution Vulnerability |
Microsoft | Windows Standards-Based Storage Management Service | CVE-2024-43512 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
Microsoft | Windows Storage | CVE-2024-43551 | Windows Storage Elevation of Privilege Vulnerability |
Microsoft | Windows Storage Port Driver | CVE-2024-43560 | Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability |
Microsoft | Windows Telephony Server | CVE-2024-43518 | Windows Telephony Server Remote Code Execution Vulnerability |
Microsoft | Winlogon | CVE-2024-43583 | Winlogon Elevation of Privilege Vulnerability |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38097
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure Monitor Agent Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.1/TemporalScore:6.2
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability does not impact confidentiality (C:N), but has major impact on integrity (I:H) and availability (A:H). What does that mean for this vulnerability? Exploitation of this vulnerability does not disclose any confidential information but allows an attacker to modify or delete files containing data which could cause the service to become unavailable. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could create, modify, or delete files in the security context of the NT AUTHORITY\SYSTEM account. What actions do customers need to take to protect themselves from this vulnerability? Customers who have disabled Automatic Extension Upgrades or would like to upgrade an extension immediately must manually update their Azure Monitor Agent to the latest version. For more information on how to perform a manual update, see Manage Azure Monitor Agent. Mitigations: None Workarounds: None Revision: 1.0    08-Oct-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Unlikely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38097 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Monitor Agent | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
1.30.0 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-38097 | @sim0nsecurity Filip Dragović BochengXiang(@Crispr) with FDU R4nger & Zhiniang Peng |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43516
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    08-Oct-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43516 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Elevation of Privilege | 5043083 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20796 | Yes | None |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Elevation of Privilege | 5043083 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20796 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Elevation of Privilege | 5043051 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Elevation of Privilege | 5043051 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Elevation of Privilege | 5043050 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Elevation of Privilege | 5043050 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | 5043064 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | 5043064 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | 5043064 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | 5043064 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | 5043064 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | 5043064 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | 5043067 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3260 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | 5043067 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3260 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | 5043076 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4317 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | 5043076 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4317 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | 5043076 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4317 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | 5043076 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4317 | Yes | None |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | 5043080 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2033 |
Yes | 5044284 |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | 5043080 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2033 |
Yes | 5044284 |
Windows Server 2016 | 5044293 (Security Update) | Important | Elevation of Privilege | 5043051 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Elevation of Privilege | 5043051 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows Server 2019 | 5044277 (Security Update) | Important | Elevation of Privilege | 5043050 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Elevation of Privilege | 5043050 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows Server 2022 | 5044281 (Security Update) | Important | Elevation of Privilege | 5042881 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348..2762 |
Yes | 5044281 |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Elevation of Privilege | 5042881 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348..2762 |
Yes | 5044281 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Elevation of Privilege | 5043055 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1189 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-43516 | Microsoft Offensive Research & Security Engineering (MORSE) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38179
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? Successful exploitation of this vulnerability could allow an attacker to perform operations in the victim's hybrid cloud environment with the same privileges as the compromised managed identity. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain the privileges of the compromised managed identity. How could an attacker exploit this vulnerability? An attacker with basic user privileges could compromise an unencrypted service principal for a managed identity and perform service management operations on other resources in the hybrid environment the managed identity is permitted to manage. Mitigations: None Workarounds: None Revision: 1.0    08-Oct-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38179 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Stack HCI 22H2 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
20349.2762 | Maybe | None |
Azure Stack HCI 23H2 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
25398.1189 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-38179 | Barry Markey with Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38261
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0    08-Oct-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38261 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | 5043135 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22918 |
Yes | 5044320 5044306 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | 5043135 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22918 |
Yes | 5044320 5044306 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | 5043135 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22918 |
Yes | 5044320 5044306 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | 5043135 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22918 |
Yes | 5044320 5044306 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | 5043129 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27366 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | 5043129 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27366 | Yes | None |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Remote Code Execution | 5043125 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25118 | Yes | None |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Remote Code Execution | 5043125 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25118 | Yes | None |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Remote Code Execution | 5043138 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22221 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Remote Code Execution | 5043138 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22221 | Yes | None |
Windows Server 2016 | 5044293 (Security Update) | Important | Remote Code Execution | 5043051 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Remote Code Execution | 5043051 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | 5043050 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | 5043050 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | 5042881 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348..2762 |
Yes | 5044281 |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | 5042881 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348..2762 |
Yes | 5044281 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | 5043055 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1189 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-38261 | Nirmala Nawale with Microsoft Dan Reynolds with MSRC Vulnerabilities & Mitigations Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43480
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure Service Fabric for Linux Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? An attacker is required to compromise the credential of a victim who has been assigned the role of “Cluster Admin” or “Cluster Operator” by an administrator prior to attempting to exploit the vulnerability. According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. Only users with roles “Cluster Admin” and “Cluster Operator” can access this. Mitigations: None Workarounds: None Revision: 1.0    08-Oct-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43480 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Service Fabric 10.0 for Linux | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.2345.1 | Maybe | None |
Azure Service Fabric 10.1 for Linux | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.1.2308.1 | Maybe | None |
Azure Service Fabric 9.1 for Linux | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.1.2498.1 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-43480 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43481
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Power BI Report Server Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. Mitigations: None Workarounds: None Revision: 1.0    08-Oct-24     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43481 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Power BI Report Server - May 2024 | XXXXXXX (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
15.0.1116.121 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-43481 | Omar Alatwi |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-38229
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET and Visual Studio Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: None Workarounds: None Revision: 1.0    08-Oct-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38229 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
.NET 8.0 installed on Linux | 5045993 (Security Update) | Important | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.0.10 | Maybe | None |
.NET 8.0 installed on Mac OS | 5045993 (Security Update) | Important | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.0.10 | Maybe | None |
.NET 8.0 installed on Windows | 5045993 (Security Update) | Important | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.0.10 | Maybe | None |
Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.10.8 | Maybe | None |
Microsoft Visual Studio 2022 version 17.11 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.11.5 | Maybe | None |
Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.6.20 | Maybe | None |
Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.8.15 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-38229 | Brennan Conroy of Microsoft Corporation |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43502
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.1/TemporalScore:6.2
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), have no effect on integrity (I:N) and have a high impact on availability (A:H). What does that mean for this vulnerability? This vulnerability could allow an attacker to disclose confidential information or make the service unavailable but does not allow the attacker to modify any data. Mitigations: None Workarounds: None Revision: 1.0    08-Oct-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43502 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Elevation of Privilege | 5043050 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Elevation of Privilege | 5043050 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | 5043064 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | 5043064 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | 5043064 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | 5043064 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | 5043064 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | 5043064 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows Server 2019 | 5044277 (Security Update) | Important | Elevation of Privilege | 5043050 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Elevation of Privilege | 5043050 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-43502 | Florian Schweins |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43503
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    08-Oct-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43503 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SharePoint Enterprise Server 2016 | 5002645 (Security Update) | Important | Elevation of Privilege | 5002624 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5469.1000 | Maybe | None |
Microsoft SharePoint Server 2019 | 5002647 (Security Update) | Important | Elevation of Privilege | 5002639 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10415.20001 | Maybe | None |
Microsoft SharePoint Server Subscription Edition | 5002649 (Security Update) | Important | Elevation of Privilege | 5002640 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.17928.20162 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-43503 | zcgonvh |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43504
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0    08-Oct-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43504 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Excel 2016 (32-bit edition) | 5002643 (Security Update) | Important | Remote Code Execution | 5002605 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5469.1000 | Maybe | None |
Microsoft Excel 2016 (64-bit edition) | 5002643 (Security Update) | Important | Remote Code Execution | 5002605 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5469.1000 | Maybe | None |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
CVE ID | Acknowledgements |
CVE-2024-43504 | Haifei Li with Check Point Research |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43505
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Visio Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0    08-Oct-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43505 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
CVE ID | Acknowledgements |
CVE-2024-43505 | Luke Papandrea, Microsoft Corporation |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43506
MITRE NVD Issuing CNA: Microsoft |
CVE Title: BranchCache Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    08-Oct-24     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43506 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Denial of Service | 5043083 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20796 | Yes | None |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Denial of Service | 5043083 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20796 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Denial of Service | 5043051 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Denial of Service | 5043051 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Denial of Service | 5043050 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Denial of Service | 5043050 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | 5043064 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | 5043064 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | 5043064 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | 5043064 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | 5043064 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | 5043064 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Denial of Service | 5043067 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3260 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Denial of Service | 5043067 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3260 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | 5043076 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4317 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | 5043076 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4317 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | 5043076 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4317 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | 5043076 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4317 | Yes | None |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Denial of Service | 5043080 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2033 |
Yes | 5044284 |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Denial of Service | 5043080 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2033 |
Yes | 5044284 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Denial of Service | 5043129 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27366 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Denial of Service | 5043129 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27366 | Yes | None |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Denial of Service | 5043125 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25118 | Yes | None |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Denial of Service | 5043125 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25118 | Yes | None |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Denial of Service | 5043138 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22221 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Denial of Service | 5043138 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22221 | Yes | None |
Windows Server 2016 | 5044293 (Security Update) | Important | Denial of Service | 5043051 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Denial of Service | 5043051 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows Server 2019 | 5044277 (Security Update) | Important | Denial of Service | 5043050 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Denial of Service | 5043050 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows Server 2022 | 5044281 (Security Update) | Important | Denial of Service | 5042881 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348..2762 |
Yes | 5044281 |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Denial of Service | 5042881 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348..2762 |
Yes | 5044281 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Denial of Service | 5043055 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1189 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-43506 | k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43508
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Graphics Component Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0    08-Oct-24     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43508 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | 5043076 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4317 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | 5043076 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4317 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | 5043076 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4317 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | 5043076 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4317 | Yes | None |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Information Disclosure | 5043080 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2033 |
Yes | 5044284 |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Information Disclosure | 5043080 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2033 |
Yes | 5044284 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Information Disclosure | 5043055 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1189 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-43508 | Cristi Dudescu |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43513
MITRE NVD Issuing CNA: Microsoft |
CVE Title: BitLocker Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.4/TemporalScore:5.6
Executive Summary: None FAQ: Is there a prerequisite for installing the security update? Yes. For Windows Server 2012 R2 only, to apply this update, you must have KB2919355 installed. Are there additional steps that I need to take to be protected from this vulnerability? Depending on the version of Windows you are running, you may need to take additional steps to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. For the latest version of Windows the process of updating WinRE is now fully automated. The following versions of Windows require no additional steps as WinRE will be updated as a part of the Latest Cumulative Update if you are getting updates from Windows Update and WSUS.:
For the following versions of Windows, the Windows Recovery Environment updates listed are available. These updates automatically apply the latest Safe OS Dynamic Update to WinRE from the running Windows OS:
As an alternative to updates provided in the preceding list or if your version of Windows is not listed in the list, you can download the latest Windows Safe OS Dynamic Update from the Microsoft Update Catalog. You can then apply the WinRE update. See Add an update package to Windows RE. To automate your installation Microsoft has developed a sample script that can help with updating WinRE from the running Windows OS. Please see KB5034957: Updating the WinRE partition on deployed devices to address security vulnerabilities in CVE-2024-20666 for more information. How do I check whether WinRE has successfully updated? Use DISM /Get-Packages on a mounted WinRE image to ensure latest Safe OS Dynamic Update package is present. For more information, see Check the WinRE image version. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to physically access the target device. To gain access, an attacker must acquire the device after being unlocked by a legitimate user (target of opportunity) or possess the ability to pass device authentication or password protection mechanisms. Are there additional steps that I need to take to be protected from this vulnerability? Yes. You must apply the applicable Windows security update to your Windows Recovery Environment (WinRE). For more information about how to apply the WinRE update, see Add an update package to Windows RE. IMPORTANT: End users and enterprises who are updating Windows devices which are already deployed in their environment can instead use the latest Windows Safe OS Dynamic Updates to update WinRE when the partition is too small to install the full Windows update. You can download the latest Windows Safe OS Dynamic Update from the Microsoft Update Catalog. Mitigations: None Workarounds: None Revision: 1.0    08-Oct-24     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43513 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Security Feature Bypass | 5043083 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20796 | Yes | None |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Security Feature Bypass | 5043083 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20796 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Security Feature Bypass | 5043051 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Security Feature Bypass | 5043051 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Security Feature Bypass | 5043050 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Security Feature Bypass | 5043050 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Security Feature Bypass | 5043064 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | 5043064 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | 5043064 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Security Feature Bypass | 5043064 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | 5043064 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | 5043064 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Security Feature Bypass | 5043067 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3260 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Security Feature Bypass | 5043067 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3260 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | 5043076 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4317 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | 5043076 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4317 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | 5043076 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4317 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | 5043076 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4317 | Yes | None |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Security Feature Bypass | 5043080 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2033 |
Yes | 5044284 |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Security Feature Bypass | 5043080 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2033 |
Yes | 5044284 |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Security Feature Bypass | 5043138 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22221 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Security Feature Bypass | 5043138 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22221 | Yes | None |
Windows Server 2016 | 5044293 (Security Update) | Important | Security Feature Bypass | 5043051 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Security Feature Bypass | 5043051 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows Server 2019 | 5044277 (Security Update) | Important | Security Feature Bypass | 5043050 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Security Feature Bypass | 5043050 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows Server 2022 | 5044281 (Security Update) | Important | Security Feature Bypass | 5042881 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348..2762 |
Yes | 5044281 |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Security Feature Bypass | 5042881 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348..2762 |
Yes | 5044281 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Security Feature Bypass | 5043055 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1189 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-43513 | Maxim Suhanov with CICADA8 |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43515
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    08-Oct-24     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43515 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Denial of Service | 5043083 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20796 | Yes | None |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Denial of Service | 5043083 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20796 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Denial of Service | 5043051 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Denial of Service | 5043051 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Denial of Service | 5043050 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Denial of Service | 5043050 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | 5043064 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | 5043064 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | 5043064 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | 5043064 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | 5043064 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | 5043064 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Denial of Service | 5043067 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3260 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Denial of Service | 5043067 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3260 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | 5043076 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4317 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | 5043076 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4317 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | 5043076 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4317 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | 5043076 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4317 | Yes | None |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Denial of Service | 5043080 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2033 |
Yes | 5044284 |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Denial of Service | 5043080 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2033 |
Yes | 5044284 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Denial of Service | 5043135 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22918 |
Yes | 5044320 5044306 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Denial of Service | 5043135 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22918 |
Yes | 5044320 5044306 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Denial of Service | 5043135 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22918 |
Yes | 5044320 5044306 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Denial of Service | 5043135 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22918 |
Yes | 5044320 5044306 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Denial of Service | 5043129 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27366 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Denial of Service | 5043129 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27366 | Yes | None |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Denial of Service | 5043125 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25118 | Yes | None |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Denial of Service | 5043125 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25118 | Yes | None |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Denial of Service | 5043138 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22221 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Denial of Service | 5043138 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22221 | Yes | None |
Windows Server 2016 | 5044293 (Security Update) | Important | Denial of Service | 5043051 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Denial of Service | 5043051 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows Server 2019 | 5044277 (Security Update) | Important | Denial of Service | 5043050 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Denial of Service | 5043050 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows Server 2022 | 5044281 (Security Update) | Important | Denial of Service | 5042881 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348..2762 |
Yes | 5044281 |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Denial of Service | 5042881 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348..2762 |
Yes | 5044281 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Denial of Service | 5043055 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1189 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-43515 | Azure Yang with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43518
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by remotely managing another machine's Telephony server using the tapisnap.dll tool. This could result in a heap-based buffer out-of-bounds write due to malicious data returned by the Telephony server's RPC interface. Mitigations: None Workarounds: None Revision: 1.0    08-Oct-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43518 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Remote Code Execution | 5043083 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20796 | Yes | None |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Remote Code Execution | 5043083 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20796 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Remote Code Execution | 5043051 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Remote Code Execution | 5043051 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Remote Code Execution | 5043050 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Remote Code Execution | 5043050 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | 5043064 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | 5043064 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | 5043064 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | 5043064 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | 5043064 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | 5043064 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | 5043067 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3260 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | 5043067 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3260 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | 5043076 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4317 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | 5043076 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4317 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | 5043076 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4317 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | 5043076 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4317 | Yes | None |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | 5043080 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2033 |
Yes | 5044284 |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | 5043080 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2033 |
Yes | 5044284 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | 5043135 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22918 |
Yes | 5044320 5044306 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | 5043135 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22918 |
Yes | 5044320 5044306 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | 5043135 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22918 |
Yes | 5044320 5044306 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | 5043135 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22918 |
Yes | 5044320 5044306 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | 5043129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27366 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | 5043129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27366 | Yes | None |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Remote Code Execution | 5043125 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25118 | Yes | None |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Remote Code Execution | 5043125 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25118 | Yes | None |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Remote Code Execution | 5043138 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22221 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Remote Code Execution | 5043138 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22221 | Yes | None |
Windows Server 2016 | 5044293 (Security Update) | Important | Remote Code Execution | 5043051 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Remote Code Execution | 5043051 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | 5043050 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | 5043050 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | 5042881 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348..2762 |
Yes | 5044281 |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | 5042881 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348..2762 |
Yes | 5044281 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | 5043055 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1189 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-43518 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43519
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable). Mitigations: None Workarounds: None Revision: 1.0    08-Oct-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43519 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Remote Code Execution | 5043083 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20796 | Yes | None |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Remote Code Execution | 5043083 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20796 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Remote Code Execution | 5043051 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Remote Code Execution | 5043051 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Remote Code Execution | 5043050 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Remote Code Execution | 5043050 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | 5043064 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | 5043064 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | 5043064 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | 5043064 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | 5043064 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | 5043064 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | 5043067 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3260 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | 5043067 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3260 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | 5043076 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4317 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | 5043076 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4317 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | 5043076 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4317 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | 5043076 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4317 | Yes | None |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | 5043080 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2033 |
Yes | 5044284 |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | 5043080 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2033 |
Yes | 5044284 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | 5043135 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22918 |
Yes | 5044320 5044306 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | 5043135 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22918 |
Yes | 5044320 5044306 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | 5043135 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22918 |
Yes | 5044320 5044306 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | 5043135 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22918 |
Yes | 5044320 5044306 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | 5043129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27366 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | 5043129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27366 | Yes | None |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Remote Code Execution | 5043125 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25118 | Yes | None |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Remote Code Execution | 5043125 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25118 | Yes | None |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Remote Code Execution | 5043138 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22221 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Remote Code Execution | 5043138 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22221 | Yes | None |
Windows Server 2016 | 5044293 (Security Update) | Important | Remote Code Execution | 5043051 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Remote Code Execution | 5043051 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | 5043050 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | 5043050 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | 5042881 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348..2762 |
Yes | 5044281 |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | 5042881 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348..2762 |
Yes | 5044281 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | 5043055 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1189 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-43519 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43525
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Mitigations: None Workarounds: None Revision: 1.0    08-Oct-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43525 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Remote Code Execution | 5043050 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Remote Code Execution | 5043050 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | 5043064 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | 5043064 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | 5043064 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | 5043064 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | 5043064 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | 5043064 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | 5043067 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3260 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | 5043067 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3260 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | 5043076 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4317 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | 5043076 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4317 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | 5043076 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4317 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | 5043076 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4317 | Yes | None |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | 5043080 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2033 |
Yes | 5044284 |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | 5043080 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2033 |
Yes | 5044284 |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | 5043050 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | 5043050 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | 5043055 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1189 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-43525 | Wen with CyberKunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43526
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Mitigations: None Workarounds: None Revision: 1.0    08-Oct-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43526 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Remote Code Execution | 5043050 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Remote Code Execution | 5043050 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | 5043064 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | 5043064 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | 5043064 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | 5043064 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | 5043064 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | 5043064 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | 5043067 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3260 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | 5043067 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3260 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | 5043076 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4317 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | 5043076 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4317 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | 5043076 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4317 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | 5043076 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4317 | Yes | None |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | 5043080 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2033 |
Yes | 5044284 |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | 5043080 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2033 |
Yes | 5044284 |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | 5043050 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | 5043050 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | 5043055 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1189 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-43526 | Wen with CyberKunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43527
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    08-Oct-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43527 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | 5043080 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2033 |
Yes | 5044284 |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | 5043080 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2033 |
Yes | 5044284 |
CVE ID | Acknowledgements |
CVE-2024-43527 | Microsoft Offensive Research & Security Engineering (MORSE) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43529
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Print Spooler Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? A user with low privileges would need to initiate an RPC call to the print spooler which runs as SYSTEM. Mitigations: None Workarounds: None Revision: 1.0    08-Oct-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43529 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | 5043064 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | 5043064 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | 5043064 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | 5043064 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | 5043064 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | 5043064 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | 5043067 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3260 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | 5043067 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3260 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | 5043076 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4317 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | 5043076 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4317 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | 5043076 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4317 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | 5043076 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4317 | Yes | None |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | 5043080 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2033 |
Yes | 5044284 |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | 5043080 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2033 |
Yes | 5044284 |
Windows Server 2022 | 5044281 (Security Update) | Important | Elevation of Privilege | 5042881 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348..2762 |
Yes | 5044281 |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Elevation of Privilege | 5042881 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348..2762 |
Yes | 5044281 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Elevation of Privilege | 5043055 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1189 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-43529 | floesen |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-43532
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Remote Registry Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker could execute a specially crafted malicious script which executes an RPC call to an RPC host. This could result in elevation of privilege on the server. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    08-Oct-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43532 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Elevation of Privilege | 5043083 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20796 | Yes | None |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Elevation of Privilege | 5043083 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20796 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Elevation of Privilege | 5043051 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Elevation of Privilege | 5043051 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Elevation of Privilege | 5043050 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Elevation of Privilege | 5043050 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | 5043064 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | 5043064 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | 5043064 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | 5043064 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | 5043064 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | 5043064 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5011 |
Yes | 5044273 |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | 5043067 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3260 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | 5043067 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3260 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | 5043076 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4317 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | 5043076 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4317 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | 5043076 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4317 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | 5043076 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4317 | Yes | None |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | 5043080 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2033 |
Yes | 5044284 |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | 5043080 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2033 |
Yes | 5044284 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | 5043135 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22918 |
Yes | 5044320 5044306 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | 5043135 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22918 |
Yes | 5044320 5044306 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | 5043135 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22918 |
Yes | 5044320 5044306 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | 5043135 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22918 |
Yes | 5044320 5044306 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Elevation of Privilege | 5043129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27366 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Elevation of Privilege | 5043129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27366 | Yes | None |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | 5043125 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25118 | Yes | None |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | 5043125 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25118 | Yes | None |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | 5043138 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22221 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | 5043138 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22221 | Yes | None |
Windows Server 2016 | 5044293 (Security Update) | Important | Elevation of Privilege | 5043051 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Elevation of Privilege | 5043051 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7428 | Yes | None |
Windows Server 2019 | 5044277 (Security Update) | Important | Elevation of Privilege | 5043050 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Elevation of Privilege | 5043050 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6414 | Yes | None |
Windows Server 2022 | 5044281 (Security Update) | Important | Elevation of Privilege | 5042881 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348..2762 |
Yes | 5044281 |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Elevation of Privilege | 5042881 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348..2762 |
Yes | 5044281 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Elevation of Privilege | 5043055 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1189 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-43532 | Stiv Kupchik with Akamai |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | |||||||||||||||||||||
CVE-2024-43533
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Remote Desktop Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
|