This report contains detail for the following vulnerabilities:
| CVE Issued by | Tag | CVE ID | CVE Title |
|---|---|---|---|
| Microsoft | .NET | CVE-2024-21386 | .NET Denial of Service Vulnerability |
| Microsoft | .NET | CVE-2024-21404 | .NET Denial of Service Vulnerability |
| Microsoft | Azure Active Directory | CVE-2024-21401 | Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability |
| Microsoft | Azure Active Directory | CVE-2024-21381 | Microsoft Azure Active Directory B2C Spoofing Vulnerability |
| Microsoft | Azure Connected Machine Agent | CVE-2024-21329 | Azure Connected Machine Agent Elevation of Privilege Vulnerability |
| Microsoft | Azure DevOps | CVE-2024-20667 | Azure DevOps Server Remote Code Execution Vulnerability |
| Microsoft | Azure File Sync | CVE-2024-21397 | Microsoft Azure File Sync Elevation of Privilege Vulnerability |
| Microsoft | Azure Site Recovery | CVE-2024-21364 | Microsoft Azure Site Recovery Elevation of Privilege Vulnerability |
| Microsoft | Azure Stack | CVE-2024-20679 | Azure Stack Hub Spoofing Vulnerability |
| Microsoft | Internet Shortcut Files | CVE-2024-21412 | Internet Shortcut Files Security Feature Bypass Vulnerability |
| security-advisories@github.com | Mariner | CVE-2024-21626 | Unknown |
| Microsoft | Microsoft ActiveX | CVE-2024-21349 | Microsoft ActiveX Data Objects Remote Code Execution Vulnerability |
| Microsoft | Microsoft Azure Kubernetes Service | CVE-2024-21403 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability |
| Microsoft | Microsoft Azure Kubernetes Service | CVE-2024-21376 | Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability |
| Microsoft | Microsoft Defender for Endpoint | CVE-2024-21315 | Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability |
| Microsoft | Microsoft Dynamics | CVE-2024-21393 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| Microsoft | Microsoft Dynamics | CVE-2024-21389 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| Microsoft | Microsoft Dynamics | CVE-2024-21395 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| Microsoft | Microsoft Dynamics | CVE-2024-21380 | Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability |
| Microsoft | Microsoft Dynamics | CVE-2024-21328 | Dynamics 365 Sales Spoofing Vulnerability |
| Microsoft | Microsoft Dynamics | CVE-2024-21394 | Dynamics 365 Field Service Spoofing Vulnerability |
| Microsoft | Microsoft Dynamics | CVE-2024-21396 | Dynamics 365 Sales Spoofing Vulnerability |
| Microsoft | Microsoft Dynamics | CVE-2024-21327 | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-1284 | Chromium: CVE-2024-1284 Use after free in Mojo |
| Microsoft | Microsoft Edge (Chromium-based) | CVE-2024-21399 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-1060 | Chromium: CVE-2024-1060 Use after free in Canvas |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-1077 | Chromium: CVE-2024-1077 Use after free in Network |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-1283 | Chromium: CVE-2024-1283 Heap buffer overflow in Skia |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-1059 | Chromium: CVE-2024-1059 Use after free in WebRTC |
| Microsoft | Microsoft Exchange Server | CVE-2024-21410 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| Microsoft | Microsoft Office | CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office | CVE-2024-20673 | Microsoft Office Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office OneNote | CVE-2024-21384 | Microsoft Office OneNote Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Outlook | CVE-2024-21378 | Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Outlook | CVE-2024-21402 | Microsoft Outlook Elevation of Privilege Vulnerability |
| Microsoft | Microsoft Office Word | CVE-2024-21379 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft | Microsoft Teams for Android | CVE-2024-21374 | Microsoft Teams for Android Information Disclosure |
| Microsoft | Microsoft WDAC ODBC Driver | CVE-2024-21353 | Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability |
| Microsoft | Microsoft WDAC OLE DB provider for SQL | CVE-2024-21370 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft WDAC OLE DB provider for SQL | CVE-2024-21350 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft WDAC OLE DB provider for SQL | CVE-2024-21368 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft WDAC OLE DB provider for SQL | CVE-2024-21359 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft WDAC OLE DB provider for SQL | CVE-2024-21365 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft WDAC OLE DB provider for SQL | CVE-2024-21367 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft WDAC OLE DB provider for SQL | CVE-2024-21420 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft WDAC OLE DB provider for SQL | CVE-2024-21366 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft WDAC OLE DB provider for SQL | CVE-2024-21369 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft WDAC OLE DB provider for SQL | CVE-2024-21375 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft WDAC OLE DB provider for SQL | CVE-2024-21361 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft WDAC OLE DB provider for SQL | CVE-2024-21358 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft WDAC OLE DB provider for SQL | CVE-2024-21391 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft WDAC OLE DB provider for SQL | CVE-2024-21360 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft WDAC OLE DB provider for SQL | CVE-2024-21352 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft Windows | CVE-2024-21406 | Windows Printing Service Spoofing Vulnerability |
| Microsoft | Microsoft Windows DNS | CVE-2024-21377 | Windows DNS Information Disclosure Vulnerability |
| MITRE | Role: DNS Server | CVE-2023-50387 | MITRE: CVE-2023-50387 DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers |
| Microsoft | Role: DNS Server | CVE-2024-21342 | Windows DNS Client Denial of Service Vulnerability |
| Microsoft | Skype for Business | CVE-2024-20695 | Skype for Business Information Disclosure Vulnerability |
| Microsoft | SQL Server | CVE-2024-21347 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
| Microsoft | Trusted Compute Base | CVE-2024-21304 | Trusted Compute Base Elevation of Privilege Vulnerability |
| Microsoft | Windows Hyper-V | CVE-2024-20684 | Windows Hyper-V Denial of Service Vulnerability |
| Microsoft | Windows Internet Connection Sharing (ICS) | CVE-2024-21343 | Windows Network Address Translation (NAT) Denial of Service Vulnerability |
| Microsoft | Windows Internet Connection Sharing (ICS) | CVE-2024-21348 | Internet Connection Sharing (ICS) Denial of Service Vulnerability |
| Microsoft | Windows Internet Connection Sharing (ICS) | CVE-2024-21357 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability |
| Microsoft | Windows Internet Connection Sharing (ICS) | CVE-2024-21344 | Windows Network Address Translation (NAT) Denial of Service Vulnerability |
| Microsoft | Windows Kernel | CVE-2024-21371 | Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft | Windows Kernel | CVE-2024-21338 | Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft | Windows Kernel | CVE-2024-21341 | Windows Kernel Remote Code Execution Vulnerability |
| Microsoft | Windows Kernel | CVE-2024-21345 | Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft | Windows Kernel | CVE-2024-21362 | Windows Kernel Security Feature Bypass Vulnerability |
| Microsoft | Windows Kernel | CVE-2024-21340 | Windows Kernel Information Disclosure Vulnerability |
| Microsoft | Windows LDAP - Lightweight Directory Access Protocol | CVE-2024-21356 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2024-21363 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2024-21355 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2024-21405 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2024-21354 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability |
| Microsoft | Windows OLE | CVE-2024-21372 | Windows OLE Remote Code Execution Vulnerability |
| Microsoft | Windows SmartScreen | CVE-2024-21351 | Windows SmartScreen Security Feature Bypass Vulnerability |
| Microsoft | Windows USB Serial Driver | CVE-2024-21339 | Windows USB Generic Parent Driver Remote Code Execution Vulnerability |
| Microsoft | Windows Win32K - ICOMP | CVE-2024-21346 | Win32k Elevation of Privilege Vulnerability |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
| CVE-2024-1283
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-1283 Heap buffer overflow in Skia
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 08-Feb-24 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-1283 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
121.0.2277.113 | No | None |
| Microsoft Edge (Chromium-based) Extended Stable | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
120.0.2210.175 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-1283 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
| CVE-2024-1284
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-1284 Use after free in Mojo
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 08-Feb-24 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-1284 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
121.0.2277.113 | No | None |
| Microsoft Edge (Chromium-based) Extended Stable | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
120.0.2210.175 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-1284 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20667
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure DevOps Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N), attack complexity is high (AC:H), and privilege required is low (PR:L). What is the target used in the context of the remote code execution? Successful exploitation of this vulnerability requires the attacker to have Queue Build permissions and for the target Azure DevOps pipeline to meet certain conditions for an attacker to exploit this vulnerability. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20667 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure DevOps Server 2019.1.2 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
20240126.6 | Maybe | None |
| Azure DevOps Server 2020.1.2 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
20240126.2 | Maybe | None |
| Azure DevOps Server 2022.1 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
20240126.4 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-20667 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2023-50387
MITRE NVD Issuing CNA: MITRE |
CVE Title: MITRE: CVE-2023-50387 DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers
CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2023-50387 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Denial of Service | 5034169 |
Base: N/A Temporal: N/A Vector: N/A |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Denial of Service | 5034169 |
Base: N/A Temporal: N/A Vector: N/A |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Denial of Service | 5034184 | Base: N/A Temporal: N/A Vector: N/A |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Denial of Service | 5034184 | Base: N/A Temporal: N/A Vector: N/A |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Denial of Service | 5034171 | Base: N/A Temporal: N/A Vector: N/A |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Denial of Service | 5034171 | Base: N/A Temporal: N/A Vector: N/A |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Denial of Service | 5034119 | Base: N/A Temporal: N/A Vector: N/A |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Denial of Service | 5034119 | Base: N/A Temporal: N/A Vector: N/A |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Denial of Service | 5034127 | Base: N/A Temporal: N/A Vector: N/A |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Denial of Service | 5034127 | Base: N/A Temporal: N/A Vector: N/A |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Denial of Service | 5034129 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Denial of Service | 5034129 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Denial of Service | 5034130 | Base: N/A Temporal: N/A Vector: N/A |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2023-50387 | Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner from the German National Research Center for Applied Cybersecurity ATHENE |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21327
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.6/TemporalScore:6.6
Executive Summary: None FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to navigate to a page with malicious content to be compromised by the attacker. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21327 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Dynamics 365 Customer Engagement V9.1 | 5035110 (Security Update) | Important | Spoofing | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
TBD | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-21327 | Dhiral Patel |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21329
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability? A non-admin local user who has sufficient permissions to create symbolic links on a Windows computer that has Azure Connected Machine Agent installed (or before the agent is installed) could create links from a directory used by the agent to other privileged files on the computer. If the administrator later installs virtual machine extensions on the machine, those files could be deleted. What privileges could an attacker gain with successful exploitation? An attacker who successfully exploited the vulnerability could add symlinks and cause an arbitrary file delete as SYSTEM. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21329 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Connected Machine Agent | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
1.38 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-21329 | R4nger & Zhiniang Peng |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21338
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21338 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Elevation of Privilege | 5034121 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Elevation of Privilege | 5034121 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Elevation of Privilege | 5034129 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Elevation of Privilege | 5034129 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Elevation of Privilege | 5034130 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21338 | Jan Vojtěšek with Avast |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21340
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.6/TemporalScore:4.0
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21340 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Information Disclosure | 5034134 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Information Disclosure | 5034134 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Information Disclosure | 5034119 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Information Disclosure | 5034119 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Information Disclosure | 5034127 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Information Disclosure | 5034127 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Information Disclosure | 5034127 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Information Disclosure | 5034122 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Information Disclosure | 5034122 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Information Disclosure | 5034122 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Information Disclosure | 5034122 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Information Disclosure | 5034122 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Information Disclosure | 5034122 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Information Disclosure | 5034121 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Information Disclosure | 5034121 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Information Disclosure | 5034123 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Information Disclosure | 5034123 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Information Disclosure | 5034123 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Information Disclosure | 5034123 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Information Disclosure | 5034173 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Information Disclosure | 5034173 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Information Disclosure | 5034173 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Information Disclosure | 5034173 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Information Disclosure | 5034169 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Information Disclosure | 5034169 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Information Disclosure | 5034184 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Information Disclosure | 5034184 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Information Disclosure | 5034171 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Information Disclosure | 5034171 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Information Disclosure | 5034119 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Information Disclosure | 5034119 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Information Disclosure | 5034127 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Information Disclosure | 5034127 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Information Disclosure | 5034129 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Information Disclosure | 5034129 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Information Disclosure | 5034130 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21340 | Wei in Kunlun Lab with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21349
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft ActiveX Data Objects Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. How could an attacker exploit this vulnerability? An attacker would need to set up a malicious server and create a proof-of-concept script. The victim would then need to be convinced, possibly through social engineering techniques, to run this script, which would connect to the malicious server and potentially allow for remote code execution on the victim’s machine. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21349 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Remote Code Execution | 5034130 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21349 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21350
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21350 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Remote Code Execution | 5034130 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21350 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21351
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows SmartScreen Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.6/TemporalScore:6.6
Executive Summary: None FAQ: What is the relationship between Mark of the Web and Windows SmartScreen? When you download a file from the internet, Windows adds the zone identifier or Mark of the Web as an NTFS stream to the file. So, when you run the file, Windows SmartScreen checks if there is a zone identifier Alternate Data Stream (ADS) attached to the file. If the ADS indicates ZoneId=3 which means that the file was downloaded from the internet, the SmartScreen does a reputation check. For more information on SmartScreen, please visit Microsoft Defender SmartScreen overview | Microsoft Learn. According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? An authorized attacker must send the user a malicious file and convince the user to open it. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass the SmartScreen user experience. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), a total loss of integrity (I:H), and some loss of availability (A:L). What does that mean for this vulnerability? The vulnerability allows a malicious actor to inject code into SmartScreen and potentially gain code execution, which could potentially lead to some data exposure, lack of system availability, or both. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Moderate | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21351 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Moderate | Security Feature Bypass | 5034134 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Moderate | Security Feature Bypass | 5034134 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Moderate | Security Feature Bypass | 5034119 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Moderate | Security Feature Bypass | 5034119 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Moderate | Security Feature Bypass | 5034127 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Moderate | Security Feature Bypass | 5034127 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Moderate | Security Feature Bypass | 5034127 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Moderate | Security Feature Bypass | 5034122 |
Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Moderate | Security Feature Bypass | 5034122 |
Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Moderate | Security Feature Bypass | 5034122 |
Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Moderate | Security Feature Bypass | 5034122 |
Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Moderate | Security Feature Bypass | 5034122 |
Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Moderate | Security Feature Bypass | 5034122 |
Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Moderate | Security Feature Bypass | 5034121 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Moderate | Security Feature Bypass | 5034121 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Moderate | Security Feature Bypass | 5034123 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Moderate | Security Feature Bypass | 5034123 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Moderate | Security Feature Bypass | 5034123 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Moderate | Security Feature Bypass | 5034123 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Moderate | Security Feature Bypass | 5034119 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Moderate | Security Feature Bypass | 5034127 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Moderate | Security Feature Bypass | 5034129 |
Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| CVE ID | Acknowledgements |
| CVE-2024-21351 | Eric Lawrence with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21352
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable). Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21352 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Remote Code Execution | 5034130 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21352 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21354
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21354 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Elevation of Privilege | 5034134 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Elevation of Privilege | 5034134 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Elevation of Privilege | 5034119 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Elevation of Privilege | 5034119 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Elevation of Privilege | 5034121 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Elevation of Privilege | 5034121 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Elevation of Privilege | 5034173 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Elevation of Privilege | 5034173 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Elevation of Privilege | 5034173 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Elevation of Privilege | 5034173 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Elevation of Privilege | 5034169 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Elevation of Privilege | 5034169 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Elevation of Privilege | 5034184 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Elevation of Privilege | 5034184 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Elevation of Privilege | 5034171 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Elevation of Privilege | 5034171 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Elevation of Privilege | 5034119 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Elevation of Privilege | 5034119 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Elevation of Privilege | 5034129 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Elevation of Privilege | 5034129 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Elevation of Privilege | 5034130 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21354 | Yuki Chen with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21357
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability? This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21357 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Critical | Remote Code Execution | 5034134 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Critical | Remote Code Execution | 5034134 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Critical | Remote Code Execution | 5034119 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Critical | Remote Code Execution | 5034119 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Critical | Remote Code Execution | 5034127 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Critical | Remote Code Execution | 5034127 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Critical | Remote Code Execution | 5034127 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Critical | Remote Code Execution | 5034122 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Critical | Remote Code Execution | 5034122 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Critical | Remote Code Execution | 5034122 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Critical | Remote Code Execution | 5034122 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Critical | Remote Code Execution | 5034122 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Critical | Remote Code Execution | 5034122 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Critical | Remote Code Execution | 5034121 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Critical | Remote Code Execution | 5034121 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Critical | Remote Code Execution | 5034123 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Critical | Remote Code Execution | 5034123 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Critical | Remote Code Execution | 5034123 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Critical | Remote Code Execution | 5034123 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Critical | Remote Code Execution | 5034173 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Critical | Remote Code Execution | 5034173 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Critical | Remote Code Execution | 5034173 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Critical | Remote Code Execution | 5034173 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Critical | Remote Code Execution | 5034169 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Critical | Remote Code Execution | 5034169 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Critical | Remote Code Execution | 5034184 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Critical | Remote Code Execution | 5034184 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Critical | Remote Code Execution | 5034171 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Critical | Remote Code Execution | 5034171 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Critical | Remote Code Execution | 5034119 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Critical | Remote Code Execution | 5034119 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Critical | Remote Code Execution | 5034127 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Critical | Remote Code Execution | 5034127 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Critical | Remote Code Execution | 5034129 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Critical | Remote Code Execution | 5034129 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Critical | Remote Code Execution | 5034130 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21357 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21358
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21358 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Remote Code Execution | 5034130 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21358 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21360
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21360 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Remote Code Execution | 5034130 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21360 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21361
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21361 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Remote Code Execution | 5034130 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21361 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21366
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21366 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Remote Code Execution | 5034130 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21366 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21369
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21369 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Remote Code Execution | 5034130 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21369 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21371
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21371 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Elevation of Privilege | 5034134 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Elevation of Privilege | 5034134 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Elevation of Privilege | 5034119 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Elevation of Privilege | 5034119 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Elevation of Privilege | 5034121 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Elevation of Privilege | 5034121 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Elevation of Privilege | 5034184 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Elevation of Privilege | 5034184 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Elevation of Privilege | 5034171 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Elevation of Privilege | 5034171 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Elevation of Privilege | 5034119 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Elevation of Privilege | 5034119 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Elevation of Privilege | 5034129 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Elevation of Privilege | 5034129 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Elevation of Privilege | 5034130 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21371 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21372
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows OLE Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21372 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Remote Code Execution | 5034130 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21372 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21375
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable). Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21375 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Remote Code Execution | 5034130 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21375 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21379
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Word Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: Is the Preview Pane an attack vector for this vulnerability? Yes, the Preview Pane is an attack vector. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21379 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Word 2016 (32-bit edition) | 5002542 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5435.1000 | Maybe | None |
| Microsoft Word 2016 (64-bit edition) | 5002542 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5435.1000 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-21379 | Anonymous working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21381
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Azure Active Directory B2C Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:6.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack. How does the update address this vulnerability? As part of Azure AD Business-to-Customer's (B2C) ongoing commitment to our customers, we recently rolled out an update to our behavior for the Proof Key for Code Exchange (PKCE) as outlined in our documentation here. This update adds additional enforcement on B2C’s In effect, this change reduces the possibility for attackers to send fraudulent authorization codes to your consuming service, and is aligned with the “OAuth 2.0 Security Best Current Practice” document here. What actions do customers need to take to protect themselves from this vulnerability? The vast majority of customers have received the update automatically and do not need to take any action to update their applications. A small subset of customers are required to take an action and have been notified directly via Azure Service Health Alerts under Tracking ID: 6MFP-NTZ. If you did not receive this notification, there is no action required. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21381 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Azure Active Directory B2C | Update Guidance (Security Update) | Important | Spoofing | None | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Unknown | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-21381 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21386
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21386 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| ASP.NET Core 6.0 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
6.0.27 | Maybe | None |
| ASP.NET Core 7.0 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
7.0.16 | Maybe | None |
| ASP.NET Core 8.0 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
8.0.2 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.4 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
17.4.16 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
17.6.12 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
17.8.7 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-21386 | Brennan Conroy of Microsoft Corporation |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21389
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.6/TemporalScore:6.6
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21389 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Dynamics 365 (on-premises) version 9.1 | 5035110 (Security Update) | Important | Spoofing | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
TBD | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-21389 | batram |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21393
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.6/TemporalScore:6.6
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21393 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Dynamics 365 (on-premises) version 9.1 | 5035110 (Security Update) | Important | Spoofing | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
TBD | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-21393 | batram |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21394
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Dynamics 365 Field Service Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.6/TemporalScore:6.6
Executive Summary: None FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to navigate to a page with malicious content to be compromised by the attacker. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21394 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Dynamics 365 (on-premises) version 9.1 | 5035110 (Security Update) | Important | Spoofing | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
TBD | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-21394 | NGO VAN TU (@tusnj) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21396
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Dynamics 365 Sales Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.6/TemporalScore:6.6
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21396 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Dynamics 365 (on-premises) version 9.1 | 5035110 (Security Update) | Important | Spoofing | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
TBD | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-21396 | Erik Donker |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21401
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.8/TemporalScore:8.8
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker (PR:N) could exploit this vulnerability by running a script to access a targeted Jira server over the internet. Is there any action I need to take to be protected from this vulnerability? Customers running the Azure AD Jira sso plugin need to update to version 1.1.2 from the Microsoft Download Center or from Atlassian Marketplace. What privileges could an attacker gain with successful exploitation of this vulnerability? An attacker does not need to login to exploit this vulnerability. Exploiting this vulnerability could allow an attacker to fully update Entra ID SAML metadata and info for the plugin. The attacker could then change the authentication of the application to their tenant as needed. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21401 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Entra Jira Single-Sign-On Plugin | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 9.8 Temporal: 8.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
1.1.2 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-21401 | thongvv of GE Security (VNG) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21402
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Outlook Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.1/TemporalScore:6.2
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? The attacker would gain the rights of the user that is running the affected application. According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) and major loss of integrity (I:H) but have no effect on availability (A:N). What does that mean for this vulnerability? Exploiting this vulnerability could allow an attacker to disclose files and modify data, but the attacker cannot impact the availability of the files. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21402 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-21402 | Aaron Erlandson, Trevor Harris, Jeff Klouda and Maggie Li |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21404
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.7
Executive Summary: None FAQ: None Mitigations: The following mitigating factors might be helpful in your situation: Only .NET services running on non-Windows platforms are affected by this vulnerability. If your web server is running on Windows, an attacker cannot use this DoS vector to bring down your web server. Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21404 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| .NET 6.0 | 5035119 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
6.0.27 | Maybe | None |
| .NET 7.0 | 5035120 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
7.0.16 | Maybe | None |
| .NET 8.0 | 5035121 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
8.0.2 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.4 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
17.4.16 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
17.6.12 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
17.8.7 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-21404 | Bahaa Naamneh with Crosspoint Labs |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-21413
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Outlook Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.8/TemporalScore:8.5
Executive Summary: None FAQ: Is the Preview Pane an attack vector for this vulnerability? Yes, the Preview Pane is an attack vector. What kind of security feature could be bypassed by successfully exploiting this vulnerability? Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode. If I am running Office 2016 (32-bit edition) or Office 2016 (64-bit edition, what do I need to do to be protected from this vulnerability? To be protected, customers running Office 2016 need to install all the updates listed for their edition in the following tables. For Office 2016 (32-bit edition):
For Office 2016 (64-bit edition):
According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality. How could the attacker exploit this vulnerability? An attacker could craft a malicious link that bypasses the Protected View Protocol, which leads to the leaking of local NTLM credential information and remote code execution (RCE). Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21413 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2016 (32-bit edition) | 5002537 (Security Update) 5002467 (Security Update) 5002522 (Security Update) 5002519 (Security Update) |
Critical | Remote Code Execution | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5435.1001 16.0.5435.1000 |
Maybe | None | |
| Microsoft Office 2016 (64-bit edition) | 5002537 (Security Update) 5002467 (Security Update) 5002522 (Security Update) 5002519 (Security Update) |
Critical | Remote Code Execution | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5435.1001 16.0.5435.1000 |
Maybe | None | |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-21413 | Haifei Li of Check Point Research (https://research.checkpoint.com/) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21420
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21420 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Remote Code Execution | 5034130 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21420 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-20673
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. If I am running Office 2016 (32-bit edition) or Office 2016 (64-bit edition, what do I need to do to be protected from this vulnerability? To be protected, customers running Office 2016 need to install all the updates listed for their edition in the following tables. For Office 2016 (32-bit edition):
For Office 2016 (64-bit edition):
According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20673 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Excel 2016 (32-bit edition) | 5002536 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5435.1000 | Maybe | None |
| Microsoft Excel 2016 (64-bit edition) | 5002536 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5435.1000 | Maybe | None |
| Microsoft Office 2016 (32-bit edition) | 5002537 (Security Update) 5002467 (Security Update) 5002522 (Security Update) 5002469 (Security Update) |
Important | Remote Code Execution | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5435.1001 | Maybe | None | |
| Microsoft Office 2016 (64-bit edition) | 5002537 (Security Update) 5002467 (Security Update) 5002522 (Security Update) 5002469 (Security Update) |
Important | Remote Code Execution | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5435.1001 | Maybe | None | |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft PowerPoint 2016 (32-bit edition) | 5002495 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5435.1000 | Maybe | None |
| Microsoft PowerPoint 2016 (64-bit edition) | 5002495 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5435.1000 | Maybe | None |
| Microsoft Publisher 2016 (32-bit edition) | 5002492 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5435.1000 | Maybe | None |
| Microsoft Publisher 2016 (64-bit edition) | 5002492 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5435.1000 | Maybe | None |
| Microsoft Visio 2016 (32-bit edition) | 5002491 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5435.1000 | Maybe | None |
| Microsoft Visio 2016 (64-bit edition) | 5002491 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5435.1000 | Maybe | None |
| Microsoft Word 2016 (32-bit edition) | 5002542 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5435.1000 | Maybe | None |
| Microsoft Word 2016 (64-bit edition) | 5002542 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5435.1000 | Maybe | None |
| Skype for Business 2016 (32-bit) | 5002181 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5435.1000 | Maybe | None |
| Skype for Business 2016 (64-bit) | 5002181 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5435.1000 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-20673 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20679
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure Stack Hub Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20679 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Stack Hub | Release Notes (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
1.2311.1.22 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-20679 | Felix Boulet with Centre gouvernemental de cyberdéfense (CGCD) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21304
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Trusted Compute Base Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.1/TemporalScore:3.6
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21304 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 4.1 Temporal: 3.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 4.1 Temporal: 3.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 4.1 Temporal: 3.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 4.1 Temporal: 3.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 4.1 Temporal: 3.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 4.1 Temporal: 3.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 4.1 Temporal: 3.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 4.1 Temporal: 3.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 4.1 Temporal: 3.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Elevation of Privilege | 5034121 | Base: 4.1 Temporal: 3.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Elevation of Privilege | 5034121 | Base: 4.1 Temporal: 3.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 4.1 Temporal: 3.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 4.1 Temporal: 3.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 4.1 Temporal: 3.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 4.1 Temporal: 3.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 4.1 Temporal: 3.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 4.1 Temporal: 3.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Elevation of Privilege | 5034129 |
Base: 4.1 Temporal: 3.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Elevation of Privilege | 5034129 |
Base: 4.1 Temporal: 3.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Elevation of Privilege | 5034130 | Base: 4.1 Temporal: 3.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21304 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21315
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21315 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Defender for Endpoint for Windows on Windows 10 for 32-bit Systems | 5032199 (Security Update) | Important | Elevation of Privilege | 5031377 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20308 | Yes | None |
| Microsoft Defender for Endpoint for Windows on Windows 10 for x64-based Systems | 5032199 (Security Update) | Important | Elevation of Privilege | 5031377 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20308 | Yes | None |
| Microsoft Defender for Endpoint for Windows on Windows 10 Version 1607 for 32-bit Systems | 5032197 (Security Update) | Important | Elevation of Privilege | 5031362 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
| Microsoft Defender for Endpoint for Windows on Windows 10 Version 1607 for x64-based Systems | 5032197 (Security Update) | Important | Elevation of Privilege | 5031362 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
| Microsoft Defender for Endpoint for Windows on Windows 10 Version 1809 for 32-bit Systems | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
| Microsoft Defender for Endpoint for Windows on Windows 10 Version 1809 for ARM64-based Systems | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
| Microsoft Defender for Endpoint for Windows on Windows 10 Version 1809 for x64-based Systems | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
| Microsoft Defender for Endpoint for Windows on Windows 10 Version 21H2 for 32-bit Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19041.3693 |
Yes | 5032189 |
| Microsoft Defender for Endpoint for Windows on Windows 10 Version 21H2 for ARM64-based Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.3693 |
Yes | 5032189 |
| Microsoft Defender for Endpoint for Windows on Windows 10 Version 21H2 for x64-based Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19043.3693 |
Yes | 5032189 |
| Microsoft Defender for Endpoint for Windows on Windows 10 Version 22H2 for 32-bit Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
| Microsoft Defender for Endpoint for Windows on Windows 10 Version 22H2 for ARM64-based Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
| Microsoft Defender for Endpoint for Windows on Windows 10 Version 22H2 for x64-based Systems | 5032189 (Security Update) | Important | Elevation of Privilege | 5031356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3693 |
Yes | 5032189 |
| Microsoft Defender for Endpoint for Windows on Windows 11 version 21H2 for ARM64-based Systems | 5032192 (Security Update) | Important | Elevation of Privilege | 5031358 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2600 |
Yes | 5032192 |
| Microsoft Defender for Endpoint for Windows on Windows 11 version 21H2 for x64-based Systems | 5032192 (Security Update) | Important | Elevation of Privilege | 5031358 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2600 |
Yes | 5032192 |
| Microsoft Defender for Endpoint for Windows on Windows 11 Version 22H2 for ARM64-based Systems | 5032190 (Security Update) | Important | Elevation of Privilege | 5031354 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
| Microsoft Defender for Endpoint for Windows on Windows 11 Version 22H2 for x64-based Systems | 5032190 (Security Update) | Important | Elevation of Privilege | 5031354 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.2715 |
Yes | 5032190 |
| Microsoft Defender for Endpoint for Windows on Windows 11 Version 23H2 for ARM64-based Systems | 5032190 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.2715 |
Yes | 5032190 | |
| Microsoft Defender for Endpoint for Windows on Windows 11 Version 23H2 for x64-based Systems | 5032190 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.2715 |
Yes | 5032190 | |
| Microsoft Defender for Endpoint for Windows on Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Elevation of Privilege | 5034184 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Microsoft Defender for Endpoint for Windows on Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Elevation of Privilege | 5034184 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Microsoft Defender for Endpoint for Windows on Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Elevation of Privilege | 5034171 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Microsoft Defender for Endpoint for Windows on Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Elevation of Privilege | 5034171 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Microsoft Defender for Endpoint for Windows on Windows Server 2016 | 5032197 (Security Update) | Important | Elevation of Privilege | 5031362 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
| Microsoft Defender for Endpoint for Windows on Windows Server 2016 (Server Core installation) | 5032197 (Security Update) | Important | Elevation of Privilege | 5031362 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6452 | Yes | None |
| Microsoft Defender for Endpoint for Windows on Windows Server 2019 | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
| Microsoft Defender for Endpoint for Windows on Windows Server 2019 (Server Core installation) | 5032196 (Security Update) | Important | Elevation of Privilege | 5031361 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5122 |
Yes | 5032196 |
| Microsoft Defender for Endpoint for Windows on Windows Server 2022 | 5032198 (Security Update) | Important | Elevation of Privilege | 5031364 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2113 | Yes | None |
| Microsoft Defender for Endpoint for Windows on Windows Server 2022 (Server Core installation) | 5032247 (Monthly Rollup) | Important | Elevation of Privilege | 5031442 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24569 | Yes | None |
| Microsoft Defender for Endpoint for Windows on Windows Server 2022, 23H2 Edition (Server Core installation) | 5032202 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.531 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21315 | Achmea Red Team with Achmea Achmea Red Team with Achmea |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20695
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Skype for Business Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.7/TemporalScore:5.0
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require machine-in-the-middle (MITM) type setups or that rely on initially gaining a foothold in another environment. What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. There is no download information for Skype for Business Server 2019 CU7 in the Security Updates table. How do I protect myself from this vulnerability? Follow the steps to create a file share as outlined in Create a file share in Skype for Business Server. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20695 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Skype for Business Server 2019 CU7 | Important | Information Disclosure | None | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Unknown | Unknown | None | |
| CVE ID | Acknowledgements |
| CVE-2024-20695 | Fin Hume with WithSecure |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21328
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Dynamics 365 Sales Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.6/TemporalScore:6.6
Executive Summary: None FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to navigate to a page with malicious content to be compromised by the attacker. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21328 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Dynamics 365 (on-premises) version 9.1 | 5035110 (Security Update) | Important | Spoofing | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
TBD | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-21328 | NGO VAN TU (@tusnj) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20684
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Hyper-V Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Critical | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20684 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Critical | Denial of Service | 5034121 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Critical | Denial of Service | 5034121 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Critical | Denial of Service | 5034123 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Critical | Denial of Service | 5034123 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Critical | Denial of Service | 5034123 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Critical | Denial of Service | 5034123 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Critical | Denial of Service | 5034129 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Critical | Denial of Service | 5034129 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Critical | Denial of Service | 5034130 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20684 | Microsoft Offensive Research & Security Engineering with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21339
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows USB Generic Parent Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.4/TemporalScore:5.6
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21339 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Remote Code Execution | 5034130 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21339 | Wei in Kunlun Lab with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21341
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21341 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Remote Code Execution | 5034130 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21341 | Wei in Kunlun Lab with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21342
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows DNS Client Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21342 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Denial of Service | 5034123 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Denial of Service | 5034123 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Denial of Service | 5034123 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Denial of Service | 5034123 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Denial of Service | 5034130 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21342 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21343
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.2
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21343 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Denial of Service | 5034134 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Denial of Service | 5034134 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Denial of Service | 5034119 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Denial of Service | 5034119 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Denial of Service | 5034127 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Denial of Service | 5034127 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Denial of Service | 5034127 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Denial of Service | 5034122 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Denial of Service | 5034122 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Denial of Service | 5034122 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Denial of Service | 5034122 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Denial of Service | 5034122 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Denial of Service | 5034122 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Denial of Service | 5034121 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Denial of Service | 5034121 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Denial of Service | 5034123 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Denial of Service | 5034123 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Denial of Service | 5034123 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Denial of Service | 5034123 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Denial of Service | 5034171 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Denial of Service | 5034171 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Denial of Service | 5034119 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Denial of Service | 5034119 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Denial of Service | 5034127 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Denial of Service | 5034127 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Denial of Service | 5034129 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Denial of Service | 5034129 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Denial of Service | 5034130 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21343 | Wei in Kunlun Lab with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21344
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.2
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21344 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Denial of Service | 5034134 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Denial of Service | 5034134 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Denial of Service | 5034119 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Denial of Service | 5034119 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Denial of Service | 5034127 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Denial of Service | 5034127 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Denial of Service | 5034127 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Denial of Service | 5034122 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Denial of Service | 5034122 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Denial of Service | 5034122 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Denial of Service | 5034122 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Denial of Service | 5034122 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Denial of Service | 5034122 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Denial of Service | 5034121 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Denial of Service | 5034121 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Denial of Service | 5034123 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Denial of Service | 5034123 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Denial of Service | 5034123 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Denial of Service | 5034123 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Denial of Service | 5034171 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Denial of Service | 5034171 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Denial of Service | 5034119 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Denial of Service | 5034119 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Denial of Service | 5034127 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Denial of Service | 5034127 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Denial of Service | 5034129 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Denial of Service | 5034129 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Denial of Service | 5034130 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21344 | Wei in Kunlun Lab with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21345
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? This vulnerability could lead to a contained execution environment escape. Please refer to AppContainer Isolation for more information. How could an attacker exploit this vulnerability? An authenticated attacker could run a specially crafted application that would give them control of the targeted destination and source of the copy. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21345 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Elevation of Privilege | 5034130 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21345 | Gabe Kirkpatrick |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21346
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21346 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Elevation of Privilege | 5034121 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Elevation of Privilege | 5034121 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Elevation of Privilege | 5034130 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21346 | Laith AL-Satari Abdelhamid Naceri |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21347
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft ODBC Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21347 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Remote Code Execution | 5034130 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21347 | 1/2 gojo satoru |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21348
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Internet Connection Sharing (ICS) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21348 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Denial of Service | 5034134 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Denial of Service | 5034134 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Denial of Service | 5034119 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Denial of Service | 5034119 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Denial of Service | 5034127 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Denial of Service | 5034127 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Denial of Service | 5034127 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Denial of Service | 5034122 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Denial of Service | 5034122 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Denial of Service | 5034122 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Denial of Service | 5034122 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Denial of Service | 5034122 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Denial of Service | 5034122 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Denial of Service | 5034121 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Denial of Service | 5034121 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Denial of Service | 5034123 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Denial of Service | 5034123 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Denial of Service | 5034123 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Denial of Service | 5034123 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Denial of Service | 5034184 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Denial of Service | 5034184 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Denial of Service | 5034171 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Denial of Service | 5034171 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Denial of Service | 5034119 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Denial of Service | 5034119 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Denial of Service | 5034127 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Denial of Service | 5034127 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Denial of Service | 5034129 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Denial of Service | 5034129 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Denial of Service | 5034130 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21348 | Wei in Kunlun Lab with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21353
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21353 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Remote Code Execution | 5034130 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21353 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21355
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21355 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Elevation of Privilege | 5034134 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Elevation of Privilege | 5034134 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Elevation of Privilege | 5034119 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Elevation of Privilege | 5034119 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Elevation of Privilege | 5034121 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Elevation of Privilege | 5034121 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Elevation of Privilege | 5034173 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Elevation of Privilege | 5034173 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Elevation of Privilege | 5034173 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Elevation of Privilege | 5034173 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Elevation of Privilege | 5034169 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Elevation of Privilege | 5034169 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Elevation of Privilege | 5034184 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Elevation of Privilege | 5034184 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Elevation of Privilege | 5034171 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Elevation of Privilege | 5034171 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Elevation of Privilege | 5034119 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Elevation of Privilege | 5034119 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Elevation of Privilege | 5034129 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Elevation of Privilege | 5034129 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Elevation of Privilege | 5034130 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21355 | Yuki Chen with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21356
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21356 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Denial of Service | 5034134 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Denial of Service | 5034134 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Denial of Service | 5034119 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Denial of Service | 5034119 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Denial of Service | 5034127 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Denial of Service | 5034127 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Denial of Service | 5034127 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Denial of Service | 5034122 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Denial of Service | 5034122 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Denial of Service | 5034122 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Denial of Service | 5034122 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Denial of Service | 5034122 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Denial of Service | 5034122 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Denial of Service | 5034121 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Denial of Service | 5034121 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Denial of Service | 5034123 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Denial of Service | 5034123 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Denial of Service | 5034123 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Denial of Service | 5034123 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Denial of Service | 5034173 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Denial of Service | 5034173 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Denial of Service | 5034173 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Denial of Service | 5034173 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Denial of Service | 5034169 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Denial of Service | 5034169 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Denial of Service | 5034184 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Denial of Service | 5034184 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Denial of Service | 5034171 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Denial of Service | 5034171 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Denial of Service | 5034119 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Denial of Service | 5034119 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Denial of Service | 5034127 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Denial of Service | 5034127 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Denial of Service | 5034129 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Denial of Service | 5034129 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Denial of Service | 5034130 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21356 | Microsoft Offensive Research & Security Engineering |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21359
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21359 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Remote Code Execution | 5034130 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21359 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21362
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass the Windows Code Integrity Guard (CIG). According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of integrity (I:H). What does that mean for this vulnerability? An authenticated attacker could replace valid file content with specially crafted file content. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21362 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Security Feature Bypass | 5034134 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Security Feature Bypass | 5034134 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Security Feature Bypass | 5034119 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Security Feature Bypass | 5034119 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Security Feature Bypass | 5034127 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Security Feature Bypass | 5034127 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Security Feature Bypass | 5034127 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Security Feature Bypass | 5034122 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Security Feature Bypass | 5034122 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Security Feature Bypass | 5034122 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Security Feature Bypass | 5034122 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Security Feature Bypass | 5034122 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Security Feature Bypass | 5034122 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Security Feature Bypass | 5034121 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Security Feature Bypass | 5034121 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Security Feature Bypass | 5034123 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Security Feature Bypass | 5034123 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Security Feature Bypass | 5034123 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Security Feature Bypass | 5034123 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Security Feature Bypass | 5034119 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Security Feature Bypass | 5034119 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Security Feature Bypass | 5034127 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Security Feature Bypass | 5034127 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Security Feature Bypass | 5034129 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Security Feature Bypass | 5034129 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Security Feature Bypass | 5034130 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21362 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21363
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21363 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Remote Code Execution | 5034130 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21363 | Yuki Chen with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21364
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.3/TemporalScore:8.4
Executive Summary: None FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities. How could an attacker exploit this vulnerability? An attacker with local access to a machine with Azure Site Recovery (ASR) can execute code that allows escalating privileges to IUSR (or Anonymous User Identity) and could discover MySQL root password, which could result in the discovery of other stored encrypted credentials. Why is this CVE rated as Moderate severity? The attacker can only elevate their privileges to Root on the specific system or database which they are targeting. System privileges cannot be gained and information relating to other systems or database can not be obtained after elevating their privileges. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Moderate | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21364 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Site Recovery | 5034599 (Security Update) | Moderate | Elevation of Privilege | None | Base: 9.3 Temporal: 8.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
9.57 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21364 | Chris Hernandez with Adversary Academy |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21365
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21365 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Remote Code Execution | 5034130 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21365 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21367
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21367 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Remote Code Execution | 5034130 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21367 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21368
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21368 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Remote Code Execution | 5034130 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21368 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21370
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21370 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Remote Code Execution | 5034130 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21370 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21374
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Teams for Android Information Disclosure
CVSS: CVSS:3.1 Highest BaseScore:5.0/TemporalScore:4.4
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is information disclosure? The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local (AV:L) and User Interaction is Required (UI:R), this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and run a malicious application. This could lead to a local attack on the user's device which could leak data. How do I get the update for Teams for Android?
Is there a direct link on the web? Yes: https://play.google.com/store/apps/details?id=com.microsoft.teams According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability? An authenticated attacker could convince a user to confirm an action through a dialog box. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21374 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Teams for Android | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
1.0.0.2024022302 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-21374 | Dimitrios Valsamaras of Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21376
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.0/TemporalScore:8.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. Is there any action I need to take to be protected from this vulnerability? Customers who do not have According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An attacker who successfully exploited this vulnerability could steal credentials and affect resources beyond the security scope managed by Azure Kubernetes Service Confidential Containers (AKSCC). How could an attacker exploit this vulnerability? An attacker can access the untrusted AKS Kubernetes node and AKS Confidential Container to take over confidential guests and containers beyond the network stack it might be bound to. According to the CVSS metric, privileges required is none (PR:N). Does the attacker need to be authenticated? No. An unauthenticated attacker can move the same workload onto a machine they control, where the attacker is root. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21376 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Kubernetes Service Confidential Containers | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.0 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
0.3.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-21376 | Yuval Avrahami |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21377
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows DNS Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.1/TemporalScore:6.2
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21377 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Information Disclosure | 5034134 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Information Disclosure | 5034134 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Information Disclosure | 5034119 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Information Disclosure | 5034119 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Information Disclosure | 5034127 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Information Disclosure | 5034127 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Information Disclosure | 5034127 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Information Disclosure | 5034122 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Information Disclosure | 5034122 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Information Disclosure | 5034122 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Information Disclosure | 5034122 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Information Disclosure | 5034122 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Information Disclosure | 5034122 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Information Disclosure | 5034121 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Information Disclosure | 5034121 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Information Disclosure | 5034123 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Information Disclosure | 5034123 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Information Disclosure | 5034123 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Information Disclosure | 5034123 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Information Disclosure | 5034171 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Information Disclosure | 5034171 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Information Disclosure | 5034119 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Information Disclosure | 5034119 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Information Disclosure | 5034127 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Information Disclosure | 5034127 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Information Disclosure | 5034129 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Information Disclosure | 5034129 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Information Disclosure | 5034130 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21377 | STATE GRID INFORMATION&TELECOMMUNICATION BRANCH Wei Hu,Jingchu Wang |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21378
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Outlook Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.0/TemporalScore:7.0
Executive Summary: None FAQ: Is the Preview Pane an attack vector for this vulnerability? Yes, the Preview Pane is an attack vector. According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? An authorized attacker must send the user a malicious file and convince the user to open it. According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server? Yes, the attacker must be authenticated with LAN-access and have credentials for a valid Exchange user. According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21378 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Outlook 2016 (32-bit edition) | 5002543 (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5435.1000 | Maybe | None |
| Microsoft Outlook 2016 (64-bit edition) | 5002543 (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5435.1000 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-21378 | Nick Landers with NetSPI |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21380
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.0/TemporalScore:7.0
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? This vulnerability could lead to the attacker gaining the ability to interact with other tenant’s applications and content. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker must be authenticated to be able to exploit this vulnerability. According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality. According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could craft a payload allowing them to access sensitive user data, which could result in unauthorized access to the victim's account or compromise of other confidential information. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Critical | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21380 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Dynamics 365 Business Central 2022 Release Wave 2 | 5035205 (Security Update) | Critical | Information Disclosure | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Application Build 21.16.63199, Platform Build 21.0 | Maybe | None |
| Microsoft Dynamics 365 Business Central 2023 Release Wave 1 | 5035206 (Security Update) | Critical | Information Disclosure | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Application Build 22.10.63195, Platform Build 22.0 | Maybe | None |
| Microsoft Dynamics 365 Business Central 2023 Release Wave 2 | 5035207 (Security Update) | Critical | Information Disclosure | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Application Build 23.4.15715, Platform Build 23.0. | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-21380 | Marco Niederberger with Logico Solutions AG |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21384
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office OneNote Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21384 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-21384 | wh1tc & Zhiniang Peng |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21391
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. This CVE was addressed by updates that were released in January 2024, but the CVE was inadvertently omitted from the January 2024 Security Updates. This is an informational change only. Customers who have already installed the January 2024 updates do not need to take any further action. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21391 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Remote Code Execution | 5034134 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Remote Code Execution | 5034122 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Remote Code Execution | 5034121 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Remote Code Execution | 5034123 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Remote Code Execution | 5034173 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Remote Code Execution | 5034169 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Remote Code Execution | 5034184 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Remote Code Execution | 5034171 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Remote Code Execution | 5034119 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Remote Code Execution | 5034127 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Remote Code Execution | 5034129 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Remote Code Execution | 5034130 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21391 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21395
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.2/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21395 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Dynamics 365 (on-premises) version 9.1 | 5035110 (Security Update) | Important | Spoofing | None | Base: 8.2 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
TBD | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-21395 | Erik Donker |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21397
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Azure File Sync Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.3/TemporalScore:4.8
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker can create new files in directories they do not normally have access to. Those can only be on directories where Azure File Sync is configured, which could include SYSTEM directories. However, the attacker would not gain privileges to read, modify, or delete files. According to the CVSS metrics, successful exploitation of this vulnerability would not impact confidentiality (C:N), but would have a major impact on integrity (I:H) and have less impact on availability (A:L). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could affect the integrity because they could create new files in system directories. Confidentiality is not affected by a successful attack, because the attacker cannot modify, delete, or read files. A successful exploitation could have come impact on availability because there could be some interruption to the availability of the file server. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21397 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure File Sync v14.0 | 5023052 (Security Update) | Important | Elevation of Privilege | None | Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L/E:P/RL:O/RC:C |
16.2 | Maybe | None |
| Azure File Sync v15.0 | 5023052 (Security Update) | Important | Elevation of Privilege | None | Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L/E:P/RL:O/RC:C |
16.2 | Maybe | None |
| Azure File Sync v16.0 | 5023052 (Security Update) | Important | Elevation of Privilege | None | Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L/E:P/RL:O/RC:C |
16.2 | Maybe | None |
| Azure File Sync v17.0 | 5023054 (Security Update) | Important | Elevation of Privilege | None | Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L/E:P/RL:O/RC:C |
17.1 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-21397 | 3wyeye5 with OSR |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-21399
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.3/TemporalScore:7.2
Executive Summary: None FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? This vulnerability could lead to a browser sandbox escape. Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal? Per our severity guidelines, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, "If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded". The CVSS scoring system doesn't allow for this type of nuance. How could an attacker exploit this vulnerability via the Network? An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.
Mitigations: None Workarounds: None Revision: 1.0 01-Feb-24 Information published. |
Moderate | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21399 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Moderate | Remote Code Execution | None | Base: 8.3 Temporal: 7.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
121.0.2277.98 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-21399 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21403
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.0/TemporalScore:8.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. Is there any action I need to take to be protected from this vulnerability? Customers who do not have According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An attacker who successfully exploited this vulnerability could steal credentials and affect resources beyond the security scope managed by Azure Kubernetes Service Confidential Containers (AKSCC). How could an attacker exploit this vulnerability? An attacker can access the untrusted AKS Kubernetes node and AKS Confidential Container to take over confidential guests and containers beyond the network stack it might be bound to. According to the CVSS metric, privileges required is none (PR:N). Does the attacker need to be authenticated? No. An unauthenticated attacker can move the same workload onto a machine they control, where the attacker is root. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21403 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Kubernetes Service Confidential Containers | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 9.0 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
0.3.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-21403 | Yuval Avrahami |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21405
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21405 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Elevation of Privilege | 5034134 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Elevation of Privilege | 5034134 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Elevation of Privilege | 5034119 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Elevation of Privilege | 5034119 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Elevation of Privilege | 5034122 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Elevation of Privilege | 5034121 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Elevation of Privilege | 5034121 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Elevation of Privilege | 5034123 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Elevation of Privilege | 5034173 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Elevation of Privilege | 5034173 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Elevation of Privilege | 5034173 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034795 (Monthly Rollup) 5034833 (Security Only) |
Important | Elevation of Privilege | 5034173 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22511 |
Yes | 5034795 5034833 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Elevation of Privilege | 5034169 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Elevation of Privilege | 5034169 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Elevation of Privilege | 5034184 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Elevation of Privilege | 5034184 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Elevation of Privilege | 5034171 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Elevation of Privilege | 5034171 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Elevation of Privilege | 5034119 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Elevation of Privilege | 5034119 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Elevation of Privilege | 5034127 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Elevation of Privilege | 5034129 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Elevation of Privilege | 5034129 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Elevation of Privilege | 5034130 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21405 | Yuki Chen with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21406
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Printing Service Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21406 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034774 (Security Update) | Important | Spoofing | 5034134 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 for x64-based Systems | 5034774 (Security Update) | Important | Spoofing | 5034134 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20469 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034767 (Security Update) | Important | Spoofing | 5034119 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034767 (Security Update) | Important | Spoofing | 5034119 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Spoofing | 5034127 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Spoofing | 5034127 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Spoofing | 5034127 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Spoofing | 5034122 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Spoofing | 5034122 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Spoofing | 5034122 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Spoofing | 5034122 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Spoofing | 5034122 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Spoofing | 5034122 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Spoofing | 5034121 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Spoofing | 5034121 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Spoofing | 5034123 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Spoofing | 5034123 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Spoofing | 5034123 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Spoofing | 5034123 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Spoofing | 5034169 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034831 (Monthly Rollup) 5034809 (Security Only) |
Important | Spoofing | 5034169 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
6.1.7601.26961 | Yes | None |
| Windows Server 2012 | 5034830 (Monthly Rollup) | Important | Spoofing | 5034184 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034830 (Monthly Rollup) | Important | Spoofing | 5034184 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
6.2.9200.24710 | Yes | None |
| Windows Server 2012 R2 | 5034819 (Monthly Rollup) | Important | Spoofing | 5034171 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034819 (Monthly Rollup) | Important | Spoofing | 5034171 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
6.3.9600.21813 | Yes | None |
| Windows Server 2016 | 5034767 (Security Update) | Important | Spoofing | 5034119 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034767 (Security Update) | Important | Spoofing | 5034119 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6709 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Spoofing | 5034127 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Spoofing | 5034127 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Spoofing | 5034129 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Spoofing | 5034129 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Spoofing | 5034130 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21406 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21410
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Exchange Server Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.1
Executive Summary: None FAQ: Where can I find more information about NTLM relay attacks? Download Mitigating Pass the Hash (PtH) Attacks and Other Credential Theft, Version 1 and 2. This document discusses Pass-the-Hash (PtH) attacks against the Windows operating systems and provides holistic planning strategies that, when combined with the Windows security features, will provide a more effective defense against pass-the-hash attacks. How could an attacker exploit this vulnerability? An attacker could target an NTLM client such as Outlook with an NTLM credentials-leaking type vulnerability. The leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim's behalf. For more information about Exchange Server's support for Extended Protection for Authentication(EPA), please see Configure Windows Extended Protection in Exchange Server. According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H) and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could relay a user's leaked Net-NTLMv2 hash against a vulnerable Exchange Server and authenticate as the user. How do I protect myself from this vulnerability? Prior to the Exchange Server 2019 Cumulative Update 14 (CU14) update, Exchange Server did not enable NTLM credentials Relay Protections (called Extended Protection for Authentication or EPA) by default. Without the protection enabled, an attacker can target Exchange Server to relay leaked NTLM credentials from other targets (for example Outlook). Exchange Server 2019 CU14 enables EPA by default on Exchange servers. For more information regarding this update, please refer to the latest Exchange Blog Post. I'm running Microsoft Exchange Server 2016 Cumulative Update 23. How do I protect myself from this vulnerability? Microsoft introduced Extended Protection support as an optional feature for Exchange Server 2016 CU23 with the August 2022 security update (build 15.01.2507.012). We strongly recommend to download the latest security update for Exchange Server 2016 CU23 prior turning Extended Protection by the help of the ExchangeExtendedProtectionManagement.ps1 on. If I already ran the script that enables NTLM credentials Relay Protections am I protected from this vulnerability? Yes. If, for example, you are running Exchange Server 2019 CU13 or earlier and you have previously run the script then you are protected from this vulnerability, however, Microsoft strongly suggests installing the latest cumulative update. How can I determine if Extended Protection is configured as expected and if my Exchange Server is protected against this vulnerability? Run the latest version of the Exchange Server Health Checker script. The script will provide you with an overview of the Extended Protection status of your server. Mitigations: The following mitigating factors might be helpful in your situation: Consult the Exchange Extended Protection documentation and use the ExchangeExtendedProtectionManagement.ps1 script to turn on the Extended Protection for Authentication (EPA) for Exchange Servers. Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Critical | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21410 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Exchange Server 2016 Cumulative Update 23 | Critical | Elevation of Privilege | None | Base: 9.8 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Unknown | Unknown | None | |
| Microsoft Exchange Server 2019 Cumulative Update 13 | 5035606 (Security Update) | Critical | Elevation of Privilege | Base: 9.8 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
15.2.1544.004 |
Yes | 5035606 | |
| Microsoft Exchange Server 2019 Cumulative Update 14 | 5035606 (Security Update) | Critical | Elevation of Privilege | Base: 9.8 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
15.2.1544.004 |
Yes | 5035606 | |
| CVE ID | Acknowledgements |
| CVE-2024-21410 | Internally found by Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21412
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Internet Shortcut Files Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. How could an attacker exploit the vulnerability? An unauthenticated attacker could send the targeted user a specially crafted file that is designed to bypass displayed security checks. However, the attacker would have no way to force a user to view the attacker-controlled content. Instead, the attacker would have to convince them to take action by clicking on the file link. Mitigations: None Workarounds: None Revision: 1.0 13-Feb-24 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21412 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5034768 (Security Update) | Important | Security Feature Bypass | 5034127 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for ARM64-based Systems | 5034768 (Security Update) | Important | Security Feature Bypass | 5034127 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5034768 (Security Update) | Important | Security Feature Bypass | 5034127 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5034763 (Security Update) | Important | Security Feature Bypass | 5034122 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Security Feature Bypass | 5034122 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 21H2 for x64-based Systems | 5034763 (Security Update) | Important | Security Feature Bypass | 5034122 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034763 (Security Update) | Important | Security Feature Bypass | 5034122 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034763 (Security Update) | Important | Security Feature Bypass | 5034122 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 10 Version 22H2 for x64-based Systems | 5034763 (Security Update) | Important | Security Feature Bypass | 5034122 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.4046 |
Yes | 5034763 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034766 (Security Update) | Important | Security Feature Bypass | 5034121 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 version 21H2 for x64-based Systems | 5034766 (Security Update) | Important | Security Feature Bypass | 5034121 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.2777 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Security Feature Bypass | 5034123 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5034765 (Security Update) | Important | Security Feature Bypass | 5034123 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.3155 | Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034765 (Security Update) | Important | Security Feature Bypass | 5034123 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5034765 (Security Update) | Important | Security Feature Bypass | 5034123 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.3155 | Yes | None |
| Windows Server 2019 | 5034768 (Security Update) | Important | Security Feature Bypass | 5034127 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5034768 (Security Update) | Important | Security Feature Bypass | 5034127 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5458 | Yes | None |
| Windows Server 2022 | 5034770 (Security Update) | Important | Security Feature Bypass | 5034129 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022 (Server Core installation) | 5034770 (Security Update) | Important | Security Feature Bypass | 5034129 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.2322 |
Yes | 5034770 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034769 (Security Update) | Important | Security Feature Bypass | 5034130 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.25398.709 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21412 | Peter Girnus (gothburz) of Trend Micro's Zero Day Initiative with Trend Micro Dima Lenz and Vlad Stolyarov of Google's Threat Analysis Group dwbzn with Aura Information Security |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
| CVE-2024-1060
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-1060 Use after free in Canvas
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 01-Feb-24 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-1060 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
121.0.2277.98 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-1060 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
| CVE-2024-1059
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-1059 Use after free in WebRTC
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 01-Feb-24 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-1059 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
121.0.2277.98 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-1059 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
| CVE-2024-1077
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-1077 Use after free in Network
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 01-Feb-24 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-1077 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
121.0.2277.98 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-1077 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21626
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:8.6/TemporalScore:8.6
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 05-Feb-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21626 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | moby-runc (CBL-Mariner) | Unknown | Unknown | None | Base: 8.6 Temporal: 8.6 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
1.1.9-4 | Unknown | None |
| CBL Mariner 2.0 x64 | moby-runc (CBL-Mariner) | Unknown | Unknown | None | Base: 8.6 Temporal: 8.6 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
1.1.9-4 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21626 | None |