This report contains detail for the following vulnerabilities:
| CVE Issued by | Tag | CVE ID | CVE Title |
|---|---|---|---|
| Microsoft | .NET and Visual Studio | CVE-2024-0057 | NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability |
| Microsoft | .NET Core & Visual Studio | CVE-2024-20672 | .NET Core and Visual Studio Denial of Service Vulnerability |
| Microsoft | .NET Framework | CVE-2024-21312 | .NET Framework Denial of Service Vulnerability |
| Microsoft | Azure Storage Mover | CVE-2024-20676 | Azure Storage Mover Remote Code Execution Vulnerability |
| Microsoft | Microsoft Bluetooth Driver | CVE-2024-21306 | Microsoft Bluetooth Driver Spoofing Vulnerability |
| Microsoft | Microsoft Devices | CVE-2024-21325 | Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-0222 | Chromium: CVE-2024-0222 Use after free in ANGLE |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-0223 | Chromium: CVE-2024-0223 Heap buffer overflow in ANGLE |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-0224 | Chromium: CVE-2024-0224 Use after free in WebAudio |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-0225 | Chromium: CVE-2024-0225 Use after free in WebGPU |
| Microsoft | Microsoft Identity Services | CVE-2024-21319 | Microsoft Identity Denial of service vulnerability |
| Microsoft | Microsoft Office | CVE-2024-20677 | Microsoft Office Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office SharePoint | CVE-2024-21318 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft Virtual Hard Drive | CVE-2024-20658 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability |
| Microsoft | Remote Desktop Client | CVE-2024-21307 | Remote Desktop Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-0056 | Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability |
| MITRE Corporation | SQLite | CVE-2022-35737 | MITRE: CVE-2022-35737 SQLite allows an array-bounds overflow |
| Microsoft | Unified Extensible Firmware Interface | CVE-2024-21305 | Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability |
| Microsoft | Visual Studio | CVE-2024-20656 | Visual Studio Elevation of Privilege Vulnerability |
| Microsoft | Windows AllJoyn API | CVE-2024-20687 | Microsoft AllJoyn API Denial of Service Vulnerability |
| Microsoft | Windows Authentication Methods | CVE-2024-20674 | Windows Kerberos Security Feature Bypass Vulnerability |
| Microsoft | Windows BitLocker | CVE-2024-20666 | BitLocker Security Feature Bypass Vulnerability |
| Microsoft | Windows Cloud Files Mini Filter Driver | CVE-2024-21310 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows Collaborative Translation Framework | CVE-2024-20694 | Windows CoreMessaging Information Disclosure Vulnerability |
| Microsoft | Windows Common Log File System Driver | CVE-2024-20653 | Microsoft Common Log File System Elevation of Privilege Vulnerability |
| Microsoft | Windows Cryptographic Services | CVE-2024-20682 | Windows Cryptographic Services Remote Code Execution Vulnerability |
| Microsoft | Windows Cryptographic Services | CVE-2024-21311 | Windows Cryptographic Services Information Disclosure Vulnerability |
| Microsoft | Windows Group Policy | CVE-2024-20657 | Windows Group Policy Elevation of Privilege Vulnerability |
| Microsoft | Windows Hyper-V | CVE-2024-20699 | Windows Hyper-V Denial of Service Vulnerability |
| Microsoft | Windows Hyper-V | CVE-2024-20700 | Windows Hyper-V Remote Code Execution Vulnerability |
| Microsoft | Windows Kernel | CVE-2024-20698 | Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft | Windows Kernel-Mode Drivers | CVE-2024-21309 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows Libarchive | CVE-2024-20697 | Windows Libarchive Remote Code Execution Vulnerability |
| Microsoft | Windows Libarchive | CVE-2024-20696 | Windows Libarchive Remote Code Execution Vulnerability |
| Microsoft | Windows Local Security Authority Subsystem Service (LSASS) | CVE-2024-20692 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2024-20660 | Microsoft Message Queuing Information Disclosure Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2024-20664 | Microsoft Message Queuing Information Disclosure Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2024-20680 | Windows Message Queuing Client (MSMQC) Information Disclosure |
| Microsoft | Windows Message Queuing | CVE-2024-20663 | Windows Message Queuing Client (MSMQC) Information Disclosure |
| Microsoft | Windows Message Queuing | CVE-2024-21314 | Microsoft Message Queuing Information Disclosure Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2024-20661 | Microsoft Message Queuing Denial of Service Vulnerability |
| Microsoft | Windows Nearby Sharing | CVE-2024-20690 | Windows Nearby Sharing Spoofing Vulnerability |
| Microsoft | Windows ODBC Driver | CVE-2024-20654 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
| Microsoft | Windows Online Certificate Status Protocol (OCSP) SnapIn | CVE-2024-20662 | Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability |
| Microsoft | Windows Online Certificate Status Protocol (OCSP) SnapIn | CVE-2024-20655 | Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability |
| Microsoft | Windows Scripting | CVE-2024-20652 | Windows HTML Platforms Security Feature Bypass Vulnerability |
| Microsoft | Windows Server Key Distribution Service | CVE-2024-21316 | Windows Server Key Distribution Service Security Feature Bypass |
| Microsoft | Windows Subsystem for Linux | CVE-2024-20681 | Windows Subsystem for Linux Elevation of Privilege Vulnerability |
| Microsoft | Windows TCP/IP | CVE-2024-21313 | Windows TCP/IP Information Disclosure Vulnerability |
| Microsoft | Windows Themes | CVE-2024-20691 | Windows Themes Information Disclosure Vulnerability |
| Microsoft | Windows Themes | CVE-2024-21320 | Windows Themes Spoofing Vulnerability |
| Microsoft | Windows Win32 Kernel Subsystem | CVE-2024-20686 | Win32k Elevation of Privilege Vulnerability |
| Microsoft | Windows Win32K | CVE-2024-20683 | Win32k Elevation of Privilege Vulnerability |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-0222
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-0222 Use after free in ANGLE
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0 05-Jan-24 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-0222 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
120.0.2210.121 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-0222 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-0223
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-0223 Heap buffer overflow in ANGLE
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0 05-Jan-24 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-0223 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
120.0.2210.121 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-0223 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-0224
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-0224 Use after free in WebAudio
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0 05-Jan-24 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-0224 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
120.0.2210.121 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-0224 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-0225
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-0225 Use after free in WebGPU
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0 05-Jan-24 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-0225 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
120.0.2210.121 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-0225 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20666
MITRE NVD Issuing CNA: Microsoft |
CVE Title: BitLocker Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data. Are there additional steps that I need to take to be protected from this vulnerability? Depending on the version of Windows you are running, you may need to take additional steps to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. For the latest of Windows the process of updating WinRE is now fully automated. The following versions of Windows require no additional steps as WinRE will be updated as a part of Latest Cumulative Update if you are getting updates from Windows Update and WSUS.:
For the following Windows versions an automated solution is available. For devices using Windows Update no further action is needed. If you are using WSUS simply approve the standalone update in WSUS:
If your version of Windows is not listed above, you can download the latest Windows Safe OS Dynamic Update from the Microsoft Update Catalog. You can then apply the WinRE update, see Add an update package to Windows RE. To automate your installation Microsoft has developed a sample script that can help you automate updating WinRE from the running Windows OS. Please see KB5034957: Updating the WinRE partition on deployed devices to address security vulnerabilities in CVE-2024-20666 for more information. Can a bootable Windows ISO or USB flash drive that boot to Windows RE be used to exploit this vulnerability? No. The exploit is only possible with the winre.wim on the recovery partition of the device. Can a vulnerable version of WinRE WIM file be used to exploit this vulnerability? No. A BitLocker encrypted drive cannot be accessed via an arbitrary WinRE WIM file hosted on an external drive. Please complete all steps in Microsoft Learn | Add an Update to Windows RE | Apply the update to a running PC to ensure that the updated Windows RE image is turned on and correctly configured for your Windows installation. If TPM+PIN BitLocker protectors are being used, can the vulnerability be exploited if the attacker does not know the TPM PIN? No. To exploit the vulnerability the attacker needs to know the TPM PIN if the user is protected by the BitLocker TPM+PIN. How do I check whether WinRE has successfully updated? Follow all steps in complete all steps in Microsoft Learn | Check the WinRE image version to ensure that the updated Windows RE image is updated to the current ServicePackBuild. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20666 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Security Feature Bypass | 5033379 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Security Feature Bypass | 5033379 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Security Feature Bypass | 5033373 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Security Feature Bypass | 5033373 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Security Feature Bypass | 5033371 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Security Feature Bypass | 5033371 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Security Feature Bypass | 5033371 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Security Feature Bypass | 5033369 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Security Feature Bypass | 5033369 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Security Feature Bypass | 5033375 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Security Feature Bypass | 5033375 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Security Feature Bypass | 5033375 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Security Feature Bypass | 5033375 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2016 | 5034119 (Security Update) | Important | Security Feature Bypass | 5033373 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Security Feature Bypass | 5033373 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Important | Security Feature Bypass | 5033371 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Security Feature Bypass | 5033371 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Security Feature Bypass | 5033118 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Security Feature Bypass | 5033118 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Security Feature Bypass | 5033383 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20666 | Zammis Clark |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20674
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kerberos Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.0/TemporalScore:7.8
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? The authentication feature could be bypassed as this vulnerability allows impersonation. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities. How could an attacker exploit this vulnerability? An unauthenticated attacker could exploit this vulnerability by establishing a machine-in-the-middle (MITM) attack or other local network spoofing technique, then sending a malicious Kerberos message to the client victim machine to spoof itself as the Kerberos authentication server. According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Critical | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20674 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034134 (Security Update) | Critical | Security Feature Bypass | 5033379 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 for x64-based Systems | 5034134 (Security Update) | Critical | Security Feature Bypass | 5033379 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Critical | Security Feature Bypass | 5033373 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Critical | Security Feature Bypass | 5033373 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Critical | Security Feature Bypass | 5033371 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Critical | Security Feature Bypass | 5033371 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Critical | Security Feature Bypass | 5033371 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Critical | Security Feature Bypass | 5033372 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Critical | Security Feature Bypass | 5033372 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Critical | Security Feature Bypass | 5033372 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Critical | Security Feature Bypass | 5033372 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Critical | Security Feature Bypass | 5033372 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Critical | Security Feature Bypass | 5033372 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Critical | Security Feature Bypass | 5033369 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Critical | Security Feature Bypass | 5033369 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Critical | Security Feature Bypass | 5033375 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Critical | Security Feature Bypass | 5033375 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Critical | Security Feature Bypass | 5033375 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Critical | Security Feature Bypass | 5033375 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Critical | Security Feature Bypass | 5033422 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Critical | Security Feature Bypass | 5033422 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Critical | Security Feature Bypass | 5033422 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Critical | Security Feature Bypass | 5033422 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Critical | Security Feature Bypass | 5033433 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Critical | Security Feature Bypass | 5033433 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2012 | 5034184 (Monthly Rollup) | Critical | Security Feature Bypass | 5033429 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Critical | Security Feature Bypass | 5033429 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Critical | Security Feature Bypass | 5033420 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Critical | Security Feature Bypass | 5033420 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2016 | 5034119 (Security Update) | Critical | Security Feature Bypass | 5033373 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Critical | Security Feature Bypass | 5033373 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Critical | Security Feature Bypass | 5033371 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Critical | Security Feature Bypass | 5033371 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Critical | Security Feature Bypass | 5033118 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Critical | Security Feature Bypass | 5033118 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Critical | Security Feature Bypass | 5033383 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20674 | ldwilmore34 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20677
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365. 3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time. This change is effective as of the January 9, 2024 security update. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the targeted environment. Where can I find more information? Please see the Microsoft Support Blog Post relating to the disablement of the ability to insert FBX (.fbx files) here: https://prod.support.services.microsoft.com/en-us/topic/9f2387f1-84ec-496a-a288-2c6f774db219 Are the updates for the Microsoft Office 2021 for Mac currently available? The security update for Microsoft Office 2021 for Mac is not immediately available. The update will be released as soon as possible, and when it is available, customers will be notified via a revision to this CVE information. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20677 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC for Mac 2021 | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | Unknown | None | |
| CVE ID | Acknowledgements |
| CVE-2024-20677 | Kim Dong-Uk (@justlikebono) HAO LI of VenusTech ADLab Anonymous Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20676
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure Storage Mover Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.0/TemporalScore:7.0
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H) and the privileges required is high (PR:H). What does this mean for this vulnerability? For a successful exploitation, the attacker would need some key information like ARMID and UUID of the installed agent as pre-requisite. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this situation a successful exploit could let attacker gain access to the network where the agent is installed which could lead to accessing to other assets in that network. How could an attacker exploit this vulnerability? An attacker who has performed the exploit successfully would be able to gain access to the installed agent and could perform remote code execution. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20676 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Storage Mover Agent | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
3.0.430 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-20676 | Shahar Zelig with Microsoft Oran Moyal with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20654
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft ODBC Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.0/TemporalScore:7.0
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable). According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Successful exploitation of this vulnerability simply requires the attacker or targeted user to leverage a Microsoft Access application to automatically talk to a SQL Server while utilizing a remote SQL Server address that they control. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the client receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20654 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Remote Code Execution | 5033379 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Remote Code Execution | 5033379 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Remote Code Execution | 5033373 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Remote Code Execution | 5033373 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Remote Code Execution | 5033369 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Remote Code Execution | 5033369 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Remote Code Execution | 5033422 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Remote Code Execution | 5033422 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Remote Code Execution | 5033422 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Remote Code Execution | 5033422 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Remote Code Execution | 5033433 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Remote Code Execution | 5033433 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Remote Code Execution | 5033429 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Remote Code Execution | 5033429 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Remote Code Execution | 5033420 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Remote Code Execution | 5033420 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2016 | 5034119 (Security Update) | Important | Remote Code Execution | 5033373 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Remote Code Execution | 5033373 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Remote Code Execution | 5033118 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Remote Code Execution | 5033118 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Remote Code Execution | 5033383 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20654 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20657
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Group Policy Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20657 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Elevation of Privilege | 5033379 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Elevation of Privilege | 5033379 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Elevation of Privilege | 5033369 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Elevation of Privilege | 5033369 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Elevation of Privilege | 5033422 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Elevation of Privilege | 5033422 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Elevation of Privilege | 5033422 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Elevation of Privilege | 5033422 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Elevation of Privilege | 5033433 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Elevation of Privilege | 5033433 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Elevation of Privilege | 5033429 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Elevation of Privilege | 5033429 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Elevation of Privilege | 5033420 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Elevation of Privilege | 5033420 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2016 | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Elevation of Privilege | 5033118 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Elevation of Privilege | 5033118 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Elevation of Privilege | 5033383 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20657 | Tyler Price with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20658
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges an attacker could gain with a successful exploitation? An attacker who successfully exploited this vulnerability could gain privilege escalation in the processing of .vhdx files in the Windows Kernel. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20658 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Elevation of Privilege | 5033379 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Elevation of Privilege | 5033379 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Elevation of Privilege | 5033369 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Elevation of Privilege | 5033369 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Elevation of Privilege | 5033429 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Elevation of Privilege | 5033429 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Elevation of Privilege | 5033420 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Elevation of Privilege | 5033420 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2016 | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Elevation of Privilege | 5033118 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Elevation of Privilege | 5033118 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Elevation of Privilege | 5033383 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20658 | Tianyao Xu(@sat0rn3) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20680
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Message Queuing Client (MSMQC) Information Disclosure
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20680 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Information Disclosure | 5033379 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Information Disclosure | 5033379 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Information Disclosure | 5033433 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Information Disclosure | 5033433 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Information Disclosure | 5033429 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Information Disclosure | 5033429 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Information Disclosure | 5033420 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Information Disclosure | 5033420 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2016 | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Information Disclosure | 5033383 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20680 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20682
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Cryptographic Services Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20682 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Remote Code Execution | 5033379 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Remote Code Execution | 5033379 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Remote Code Execution | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Remote Code Execution | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Remote Code Execution | 5033369 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Remote Code Execution | 5033369 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Remote Code Execution | 5033429 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Remote Code Execution | 5033429 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Remote Code Execution | 5033420 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Remote Code Execution | 5033420 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2016 | 5034119 (Security Update) | Important | Remote Code Execution | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Remote Code Execution | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Remote Code Execution | 5033118 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Remote Code Execution | 5033118 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Remote Code Execution | 5033383 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20682 | 0poss with Thalium Team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20683
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20683 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Elevation of Privilege | 5033379 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Elevation of Privilege | 5033379 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Elevation of Privilege | 5033369 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Elevation of Privilege | 5033369 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Elevation of Privilege | 5033422 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Elevation of Privilege | 5033422 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Elevation of Privilege | 5033422 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Elevation of Privilege | 5033422 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Elevation of Privilege | 5033433 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Elevation of Privilege | 5033433 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Elevation of Privilege | 5033429 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Elevation of Privilege | 5033429 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Elevation of Privilege | 5033420 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Elevation of Privilege | 5033420 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2016 | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Elevation of Privilege | 5033118 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Elevation of Privilege | 5033118 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Elevation of Privilege | 5033383 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20683 | jackery |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20690
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Nearby Sharing Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? This vulnerability could be triggered when a malicious actor spoofs a machine with the same name that a user is searching for. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20690 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Spoofing | 5033371 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Spoofing | 5033371 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Spoofing | 5033371 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Spoofing | 5033372 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Spoofing | 5033372 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Spoofing | 5033372 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Spoofing | 5033372 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Spoofing | 5033372 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Spoofing | 5033372 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Spoofing | 5033369 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Spoofing | 5033369 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Spoofing | 5033375 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Spoofing | 5033375 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Spoofing | 5033375 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Spoofing | 5033375 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| CVE ID | Acknowledgements |
| CVE-2024-20690 | Crypto Board |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20691
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Themes Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.7/TemporalScore:4.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20691 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Information Disclosure | 5033379 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Information Disclosure | 5033379 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Information Disclosure | 5033433 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Information Disclosure | 5033433 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Information Disclosure | 5033429 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Information Disclosure | 5033429 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Information Disclosure | 5033420 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Information Disclosure | 5033420 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2016 | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Information Disclosure | 5033383 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20691 | R4nger & Zhiniang Peng |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20694
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows CoreMessaging Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of stack memory. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20694 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2016 | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Information Disclosure | 5033383 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20694 | R4nger & Zhiniang Peng |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2022-35737
MITRE NVD Issuing CNA: MITRE Corporation |
CVE Title: MITRE: CVE-2022-35737 SQLite allows an array-bounds overflow
CVSS: None Executive Summary: None FAQ: Why is the MITRE Corporation the assigning CNA (CVE Numbering Authority)? CVE-2022-35737 is regarding a vulnerability in SQLite. MITRE assigned this CVE number on behalf of the SQLite organization. Microsoft has included the updated library in Windows that addresses this vulnerability. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-35737 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 1.0 ARM | sqlite (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
3.34.1-2 | Unknown | None |
| CBL Mariner 1.0 x64 | sqlite (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
3.34.1-2 | Unknown | None |
| CBL Mariner 2.0 ARM | sqlite (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
3.39.2-1 | Unknown | None |
| CBL Mariner 2.0 x64 | sqlite (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
3.39.2-1 | Unknown | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.19045.3930 |
Yes | 5034122 |
| Windows Server 2019 | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Remote Code Execution | 5033118 | Base: N/A Temporal: N/A Vector: N/A |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Remote Code Execution | 5033118 | Base: N/A Temporal: N/A Vector: N/A |
10.0.20348.2227 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2022-35737 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20696
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Libarchive Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability? An authorized attacker with guest privileges must send a victim a malicious site and convince them to open it. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20696 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Remote Code Execution | 5033369 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Remote Code Execution | 5033369 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2019 | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Remote Code Execution | 5033118 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Remote Code Execution | 5033118 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Remote Code Execution | 5033383 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20696 | Microsoft Offensive Research & Security Engineering with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20697
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Libarchive Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability? An authorized attacker with guest privileges must send a victim a malicious site and convince them to open it. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20697 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Remote Code Execution | 5033383 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20697 | Microsoft Offensive Research & Security Engineering with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20698
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20698 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Elevation of Privilege | 5033369 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Elevation of Privilege | 5033369 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2019 | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Elevation of Privilege | 5033118 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Elevation of Privilege | 5033118 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Elevation of Privilege | 5033383 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20698 | ziming zhang with Ant Security Light-Year Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20699
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Hyper-V Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An authenticated attacker could run a specially crafted application on a vulnerable Hyper-V guest to exploit this vulnerability which, if successful, could potentially interact with processes of another Hyper-V guest hosted on the same Hyper-V host. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20699 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Denial of Service | 5033371 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Denial of Service | 5033372 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Denial of Service | 5033372 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Denial of Service | 5033369 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Denial of Service | 5033375 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Denial of Service | 5033375 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2019 | 5034127 (Security Update) | Important | Denial of Service | 5033371 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Denial of Service | 5033371 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Denial of Service | 5033118 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Denial of Service | 5033118 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Denial of Service | 5033383 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20699 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20700
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Hyper-V Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20700 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Critical | Remote Code Execution | 5033371 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Critical | Remote Code Execution | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Critical | Remote Code Execution | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Critical | Remote Code Execution | 5033369 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Critical | Remote Code Execution | 5033369 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Critical | Remote Code Execution | 5033375 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Critical | Remote Code Execution | 5033375 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Critical | Remote Code Execution | 5033375 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Critical | Remote Code Execution | 5033375 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2019 | 5034127 (Security Update) | Critical | Remote Code Execution | 5033371 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Critical | Remote Code Execution | 5033371 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Critical | Remote Code Execution | 5033118 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Critical | Remote Code Execution | 5033118 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Critical | Remote Code Execution | 5033383 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20700 | @australeo @rezer0dai |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21305
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.4/TemporalScore:3.9
Executive Summary: None FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device. What kind of security feature could be bypassed by successfully exploiting this vulnerability? A hypervisor-protected code integrity (HVCI) security feature bypass vulnerability could exist on some specific Microsoft Surface hardware computers that are still in support, when Windows incorrectly allows certain kernel-mode pages to be marked as Read, Write, Execute (RWX) even with HVCI enabled. To exploit this vulnerability an attacker could run a specially crafted application at administrator level that exploits a signed driver to bypass code integrity protections in Windows. The following versions of Microsoft Surface computers are exploitable by this vulnerability:
Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21305 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Security Feature Bypass | 5033371 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Security Feature Bypass | 5033371 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Security Feature Bypass | 5033371 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Security Feature Bypass | 5033369 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Security Feature Bypass | 5033369 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Security Feature Bypass | 5033375 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Security Feature Bypass | 5033375 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Security Feature Bypass | 5033375 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Security Feature Bypass | 5033375 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2019 | 5034127 (Security Update) | Important | Security Feature Bypass | 5033371 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Security Feature Bypass | 5033371 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Security Feature Bypass | 5033118 | Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Security Feature Bypass | 5033118 | Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Security Feature Bypass | 5033383 | Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21305 | Satoshi Tanda with System Programming Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21307
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Remote Desktop Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21307 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Remote Code Execution | 5033379 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Remote Code Execution | 5033379 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Remote Code Execution | 5033373 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Remote Code Execution | 5033373 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Remote Code Execution | 5033369 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Remote Code Execution | 5033369 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Remote Code Execution | 5033433 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Remote Code Execution | 5033433 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Remote Code Execution | 5033429 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Remote Code Execution | 5033429 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Remote Code Execution | 5033420 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Remote Code Execution | 5033420 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2016 | 5034119 (Security Update) | Important | Remote Code Execution | 5033373 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Remote Code Execution | 5033373 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Remote Code Execution | 5033118 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Remote Code Execution | 5033118 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21307 | YingQi Shi with DBAPPSecurity WeBin Lab Quan Jin with DBAPPSecurity WeBin Lab MingjiaLiu with DBAPPSecurity WeBin Lab YingQi Shi with DBAPPSecurity WeBin Lab, Quan Jin and MingjiaLiu with DBAPPSecurity WeBin Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21313
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows TCP/IP Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.3/TemporalScore:4.6
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack. What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the unencrypted contents of IPsec packets from other sessions on a server. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21313 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Information Disclosure | 5033379 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Information Disclosure | 5033379 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Information Disclosure | 5033433 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Information Disclosure | 5033433 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Information Disclosure | 5033429 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Information Disclosure | 5033429 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Information Disclosure | 5033420 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Information Disclosure | 5033420 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2016 | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Information Disclosure | 5033383 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21313 | Sujeet Kumar of Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21325
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability
CVSS: None Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? A user needs to be tricked into running malicious files. Do customers need to take additional action if they have already downloaded and ran the Microsoft Printer Metadata Remediation Tool documented in KB5034510? No, customers who have already downloaded and ran the tool do not need to take additional action. The tool can be removed after its use as the machine is no longer susceptible to this vulnerability. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21325 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Printer Metadata Troubleshooter Tool | Release Notes (Security Update) | Important | Remote Code Execution | Base: N/A Temporal: N/A Vector: N/A |
1.0.0.1 |
Yes | Known Issues | |
| CVE ID | Acknowledgements |
| CVE-2024-21325 | Stefan Kanthak |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20672
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET Core and Visual Studio Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20672 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| .NET 6.0 | 5033733 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
6.0.26 | Maybe | None |
| .NET 7.0 | 5033734 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
7.0.15 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-20672 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-0056
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.7/TemporalScore:7.6
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack. How could an attacker exploit this vulnerability? An attacker who successfully exploited this vulnerability could carry out a machine-in-the-middle (MITM) attack and could decrypt and read or modify TLS traffic between the client and server. There is no impact to the availability of the attacked machine (A:N). If I am using System.Data.SqlClient or Microsoft.Data.SqlClient, what do I need to do to be protected from this vulnerability? Customers developing applications using either the System.Data.SqlClient or Microsoft.Data.SqlClient NuGet Packages need to do the following to be protected:
Please see Microsoft Security Advisory CVE 2024-0056 | .NET Information Disclosure Vulnerability. Please Note: Customers running applications that install either System.Data.SqlClient.dll or Microsoft.Data.SqlClient.dll should contact the application developer for application updates. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? A successful attack could exploit a vulnerability in the SQL Data Provider which allows the attacker to exploit the SQL Server. What security feature is bypassed with this vulnerability? An attacker might be able to evade the encryption used in a TLS connection. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Security Feature Bypass, Repudiation |
||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-0056 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| .NET 6.0 | 5033733 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.0.26 | Maybe | None |
| .NET 7.0 | 5033734 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
7.0.15 | Maybe | None |
| .NET 8.0 | 5033741 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
8.0.1 | Maybe | None |
| Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034280 (Monthly Rollup) 5034270 (Security Only) |
Important | Security Feature Bypass | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
3.0.50727.8976 | Maybe | None | |
| Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5034280 (Monthly Rollup) 5034270 (Security Only) |
Important | Security Feature Bypass | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
3.0.50727.8976 | Maybe | None | |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Security Feature Bypass | 5033373 | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Security Feature Bypass | 5033373 | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems | 5034273 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.7.04081.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems | 5034273 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.7.04081.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems | 5034273 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.7.04081.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 | 5034119 (Security Update) | Important | Security Feature Bypass | 5033373 | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Security Feature Bypass | 5033373 | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 | 5034273 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.7.04081.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) | 5034273 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.7.04081.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems | 5034273 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems | 5034273 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems | 5034274 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems | 5034274 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems | 5034274 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems | 5034275 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems | 5034275 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems | 5034275 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for ARM64-based Systems | 5034276 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for x64-based Systems | 5034276 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 | 5034273 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) | 5034273 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 | 5034272 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) | 5034272 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems | 5034274 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems | 5034274 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems | 5034274 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems | 5034275 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems | 5034275 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems | 5034274 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for ARM64-based Systems | 5034276 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for x64-based Systems | 5034276 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems | 5034275 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems | 5033920 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems | 5033920 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems | 5033920 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 | 5034272 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) | 5034272 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022, 23H2 Edition (Server Core installation) | 5034272 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034269 (Security Only) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.7.04081.02 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034269 (Security Only) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.7.04081.02 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 | 5034278 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.7.04081.03 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) | 5034278 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.7.04081.03 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 | 5034279 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
3.0.50727.8976 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) | 5034279 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
3.0.50727.8976 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems | 5033910 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems | 5033910 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034277 (Monthly Rollup) 5034269 (Security Only) |
Important | Security Feature Bypass | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.04690.02 4.8.04690.01 |
Maybe | None | |
| Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034277 (Monthly Rollup) 5034269 (Security Only) |
Important | Security Feature Bypass | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.04690.02 4.8.04690.01 |
Maybe | None | |
| Microsoft .NET Framework 4.8 on Windows Server 2012 | 5034278 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) | 5034278 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2012 R2 | 5034279 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) | 5034279 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2016 | 5033910 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) | 5033910 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 10) | 5033592 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
16.0.4100.1 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5032968 (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
16.0.1110.1 | Yes | None |
| Microsoft Visual Studio 2022 version 17.2 | Release Notes (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
17.2.23 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.4 | Release Notes (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
17.4.15 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
17.6.11 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
17.8.4 | Maybe | None |
| Microsoft.Data.SqlClient 2.1 | Release Notes (Security Update) | Important | Repudiation | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
2.1.7 | No | None |
| Microsoft.Data.SqlClient 3.1 | Release Notes (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
3.1.5 | No | None |
| Microsoft.Data.SqlClient 4.0 | Release Notes (Security Update) | Important | Security Feature Bypass | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.0.5 | No | None |
| Microsoft.Data.SqlClient 5.1 | Release Notes (Security Update) | Important | Repudiation | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
5.1.3 | No | None |
| System.Data.SqlClient | Release Notes (Security Update) | Important | Repudiation | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
4.8.6 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-0056 | Vishal Mishra and Anita Gaud with Microsoft's Azure DevSec Variant Hunt Team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-0057
MITRE NVD Issuing CNA: Microsoft |
CVE Title: NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.1/TemporalScore:8.2
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? A security feature bypass vulnerability exists when Microsoft .NET Framework-based applications use X.509 chain building APIs but do not completely validate the X.509 certificate due to a logic flaw. An attacker could present an arbitrary untrusted certificate with malformed signatures, triggering a bug in the framework. The framework will correctly report that X.509 chain building failed, but it will return an incorrect reason code for the failure. Applications which utilize this reason code to make their own chain building trust decisions may inadvertently treat this scenario as a successful chain build. This could allow an adversary to subvert the app's typical authentication logic. How could an attacker exploit this vulnerability? An attacker could exploit this by creating a specially crafted X.509 certificate that intentionally introduce or intentionally induces a chain building failure. Is there are reason for such a high CVSS score? Yes, the CVSS scoring guide recommends using a reasonable worst-case implementation scenario when scoring vulnerabilities in software libraries. Vulnerabilites in .NET Framework and similar products are scored with this advice in mind. The score for your implmentation this product may not be as severe, however we recommend installing the update as soon as possible in an abundance of caution. Please see the CVSS user guide for more information. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-0057 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| .NET 6.0 | 5033733 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
6.0.26 | Maybe | None |
| .NET 7.0 | 5033734 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
7.0.15 | Maybe | None |
| .NET 8.0 | 5033741 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
8.0.1 | Maybe | None |
| Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034280 (Monthly Rollup) 5034270 (Security Only) |
Important | Security Feature Bypass | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
3.0.50727.8976 | Maybe | None | |
| Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5034280 (Monthly Rollup) 5034270 (Security Only) |
Important | Security Feature Bypass | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
3.0.50727.8976 | Maybe | None | |
| Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034280 (Monthly Rollup) 5034270 (Security Only) |
Important | Security Feature Bypass | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
3.0.50727.8976 | Maybe | None | |
| Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5034280 (Monthly Rollup) 5034270 (Security Only) |
Important | Security Feature Bypass | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
3.0.50727.8976 | Maybe | None | |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Security Feature Bypass | 5033373 | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Security Feature Bypass | 5033373 | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems | 5034273 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.7.04081.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems | 5034273 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.7.04081.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems | 5034273 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.7.04081.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 | 5034119 (Security Update) | Important | Security Feature Bypass | 5033373 | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Security Feature Bypass | 5033373 | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 | 5034273 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.7.04081.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) | 5034273 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.7.04081.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems | 5034273 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems | 5034273 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems | 5034274 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems | 5034274 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems | 5034274 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems | 5034275 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems | 5034275 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems | 5034275 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for ARM64-based Systems | 5034276 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for x64-based Systems | 5034276 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 | 5034273 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) | 5034273 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 | 5034272 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) | 5034272 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems | 5034274 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems | 5034274 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems | 5034274 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems | 5034275 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems | 5033920 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems | 5034274 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for ARM64-based Systems | 5034276 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for x64-based Systems | 5034276 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems | 5033920 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems | 5033920 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems | 5033920 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems | 5033920 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 | 5034272 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) | 5034272 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022, 23H2 Edition (Server Core installation) | 5034272 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034269 (Security Only) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.7.04081.02 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034269 (Security Only) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.7.04081.02 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 | 5034278 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.7.04081.03 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) | 5034278 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.7.04081.03 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 | 5034279 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
3.0.50727.8976 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) | 5034279 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
3.0.50727.8976 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems | 5033910 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems | 5033910 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034277 (Monthly Rollup) 5034269 (Security Only) |
Important | Security Feature Bypass | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.04690.02 4.8.04690.01 |
Maybe | None | |
| Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034277 (Monthly Rollup) 5034269 (Security Only) |
Important | Security Feature Bypass | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.04690.02 4.8.04690.01 |
Maybe | None | |
| Microsoft .NET Framework 4.8 on Windows Server 2012 | 5034278 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) | 5034278 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2012 R2 | 5034279 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) | 5034279 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2016 | 5033910 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) | 5033910 (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.2 | Release Notes (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
17.2.23 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.4 | Release Notes (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
17.4.15 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
17.6.11 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Security Feature Bypass | None | Base: 9.1 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
17.8.4 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-0057 | Vishal Mishra and Anita Gaud with Microsoft's Azure DevSec Variant Hunt Team and Stav Nir from Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20652
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows HTML Platforms Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. What kind of security feature could be bypassed by successfully exploiting this vulnerability? The MapURLToZone method could be bypassed by an attacker if the API returned a Zone value of 'Intranet' by a passing URL with a device path to the Lanman redirector device object. The same is true of the WebDav device. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20652 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Security Feature Bypass | 5033379 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Security Feature Bypass | 5033379 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Security Feature Bypass | 5033373 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Security Feature Bypass | 5033373 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Security Feature Bypass | 5033371 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Security Feature Bypass | 5033371 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Security Feature Bypass | 5033371 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Security Feature Bypass | 5033369 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Security Feature Bypass | 5033369 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Security Feature Bypass | 5033375 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Security Feature Bypass | 5033375 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Security Feature Bypass | 5033375 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Security Feature Bypass | 5033375 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034169 (Monthly Rollup) 5034167 (Security Only) 5034120 (IE Cumulative) |
Important | Security Feature Bypass | 5033433 5033420 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 1.001 |
Yes | 5034169 5034167 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034169 (Monthly Rollup) 5034167 (Security Only) 5034120 (IE Cumulative) |
Important | Security Feature Bypass | 5033433 5033420 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 1.001 |
Yes | 5034169 5034167 |
| Windows Server 2012 | 5034120 (IE Cumulative) 5034184 (Monthly Rollup) |
Important | Security Feature Bypass | 5033420 5033429 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
1.001 6.2.9200.24664 |
Yes | None |
| Windows Server 2012 (Server Core installation) | 5034120 (IE Cumulative) 5034184 (Monthly Rollup) |
Important | Security Feature Bypass | 5033420 5033429 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
1.001 6.2.9200.24664 |
Yes | None |
| Windows Server 2012 R2 | 5034120 (IE Cumulative) 5034171 (Monthly Rollup) |
Important | Security Feature Bypass | 5033420 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
1.001 6.3.9600.21765 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034120 (IE Cumulative) 5034171 (Monthly Rollup) |
Important | Security Feature Bypass | 5033420 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
1.001 6.3.9600.21765 |
Yes | None |
| Windows Server 2016 | 5034119 (Security Update) | Important | Security Feature Bypass | 5033373 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Security Feature Bypass | 5033373 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Important | Security Feature Bypass | 5033371 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Security Feature Bypass | 5033371 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Security Feature Bypass | 5033118 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Security Feature Bypass | 5033118 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Security Feature Bypass | 5033383 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20652 | Ben Barnea with Akamai Technologies |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20653
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Common Log File System Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20653 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Elevation of Privilege | 5033379 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Elevation of Privilege | 5033379 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Elevation of Privilege | 5033369 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Elevation of Privilege | 5033369 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Unknown | Unknown | 5033422 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Unknown | Unknown | 5033422 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Unknown | Unknown | 5033422 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Unknown | Unknown | 5033422 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Unknown | Unknown | 5033433 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Unknown | Unknown | 5033433 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2012 | 5034184 (Monthly Rollup) | Unknown | Unknown | 5033429 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Unknown | Unknown | 5033429 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Unknown | Unknown | 5033420 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Unknown | Unknown | 5033420 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2016 | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Elevation of Privilege | 5033118 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Elevation of Privilege | 5033118 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Elevation of Privilege | 5033383 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20653 | Tianyao Xu(@sat0rn3) Sangjun Park with 우리 오늘부터 0-day? (BoB 12th) Jongseong Kim with 우리 오늘부터 0-day? (BoB 12th) Byunghyun Kang with 우리 오늘부터 0-day? (BoB 12th) Yunjin Park with 우리 오늘부터 0-day? (BoB 12th) Kwon Yul with 우리 오늘부터 0-day? (BoB 12th) Seungchan Kim with 우리 오늘부터 0-day? (BoB 12th) Sangjun Park, Jongseong Kim, Byunghyun Kang, Yunjin Park, Kwon Yul and Seungchan Kim with 우리 오늘부터 0-day? (BoB 12th) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20655
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? To successfully exploit this vulnerability the attacker must be an authenticated user that is granted the "manage online responder" permission. This permission defines who can use the Online Responder snap-in to modify the configuration of the Online Responder, and should be granted very selectively. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20655 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Remote Code Execution | 5033422 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Remote Code Execution | 5033422 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Remote Code Execution | 5033422 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Remote Code Execution | 5033422 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Remote Code Execution | 5033433 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Remote Code Execution | 5033433 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Remote Code Execution | 5033429 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Remote Code Execution | 5033429 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Remote Code Execution | 5033420 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Remote Code Execution | 5033420 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2016 | 5034119 (Security Update) | Important | Remote Code Execution | 5033373 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Remote Code Execution | 5033373 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Remote Code Execution | 5033118 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Remote Code Execution | 5033118 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Remote Code Execution | 5033383 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20655 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20656
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Visual Studio Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20656 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Visual Studio 2015 Update 3 | 5030979 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.27560.00 | Maybe | None |
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.9.59 | Maybe | None |
| Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.11.33 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.2 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.2.23 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.4 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.4.15 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.6.11 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-20656 | Filip Dragović |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20660
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20660 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Information Disclosure | 5033379 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Information Disclosure | 5033379 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Information Disclosure | 5033433 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Information Disclosure | 5033433 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Information Disclosure | 5033429 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Information Disclosure | 5033429 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Information Disclosure | 5033420 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Information Disclosure | 5033420 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2016 | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Information Disclosure | 5033383 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20660 | Yuki Chen with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20661
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20661 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Denial of Service | 5033379 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Denial of Service | 5033379 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Denial of Service | 5033373 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Denial of Service | 5033373 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Denial of Service | 5033371 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Denial of Service | 5033371 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Denial of Service | 5033371 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Denial of Service | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Denial of Service | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Denial of Service | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Denial of Service | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Denial of Service | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Denial of Service | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Denial of Service | 5033369 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Denial of Service | 5033369 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Denial of Service | 5033375 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Denial of Service | 5033375 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Denial of Service | 5033375 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Denial of Service | 5033375 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Denial of Service | 5033422 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Denial of Service | 5033422 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Denial of Service | 5033422 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Denial of Service | 5033422 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Denial of Service | 5033433 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Denial of Service | 5033433 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Denial of Service | 5033429 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Denial of Service | 5033429 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Denial of Service | 5033420 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Denial of Service | 5033420 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2016 | 5034119 (Security Update) | Important | Denial of Service | 5033373 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Denial of Service | 5033373 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Important | Denial of Service | 5033371 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Denial of Service | 5033371 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Denial of Service | 5033118 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Denial of Service | 5033118 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Denial of Service | 5033383 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20661 | bee13oy with Cyber Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20662
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.3
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is remote heap memory. According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? To successfully exploit this vulnerability the attacker must be an authenticated user that is granted the "manage online responder" permission. This permission defines who can use the Online Responder snap-in to modify the configuration of the Online Responder, and should be granted very selectively. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20662 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 4.9 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 4.9 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 4.9 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 4.9 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Information Disclosure | 5033433 |
Base: 4.9 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Information Disclosure | 5033433 |
Base: 4.9 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Information Disclosure | 5033429 | Base: 4.9 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Information Disclosure | 5033429 | Base: 4.9 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Information Disclosure | 5033420 | Base: 4.9 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Information Disclosure | 5033420 | Base: 4.9 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2016 | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 4.9 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 4.9 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 4.9 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 4.9 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 4.9 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 4.9 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Information Disclosure | 5033383 | Base: 4.9 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20662 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20663
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Message Queuing Client (MSMQC) Information Disclosure
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20663 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Information Disclosure | 5033379 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Information Disclosure | 5033379 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Information Disclosure | 5033433 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Information Disclosure | 5033433 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Information Disclosure | 5033429 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Information Disclosure | 5033429 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Information Disclosure | 5033420 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Information Disclosure | 5033420 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2016 | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Information Disclosure | 5033383 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20663 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20664
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20664 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Information Disclosure | 5033379 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Information Disclosure | 5033379 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Information Disclosure | 5033433 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Information Disclosure | 5033433 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Information Disclosure | 5033429 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Information Disclosure | 5033429 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Information Disclosure | 5033420 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Information Disclosure | 5033420 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2016 | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Information Disclosure | 5033383 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20664 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21316
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Server Key Distribution Service Security Feature Bypass
CVSS: CVSS:3.1 Highest BaseScore:6.1/TemporalScore:5.3
Executive Summary: None FAQ: How can an attacker successfully exploit this vulnerability? This vulnerability can be exploited when an attacker with admin privileges creates an x509 certificate with an MD5 property, which causes certificate validation to fail with no further validation checks. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21316 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Security Feature Bypass | 5033373 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Security Feature Bypass | 5033373 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Security Feature Bypass | 5033371 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Security Feature Bypass | 5033371 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Security Feature Bypass | 5033371 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Security Feature Bypass | 5033369 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Security Feature Bypass | 5033369 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Security Feature Bypass | 5033375 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Security Feature Bypass | 5033375 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Security Feature Bypass | 5033375 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Security Feature Bypass | 5033375 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2016 | 5034119 (Security Update) | Important | Security Feature Bypass | 5033373 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Security Feature Bypass | 5033373 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Important | Security Feature Bypass | 5033371 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Security Feature Bypass | 5033371 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Security Feature Bypass | 5033118 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Security Feature Bypass | 5033118 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Security Feature Bypass | 5033383 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21316 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20681
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20681 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Elevation of Privilege | 5033369 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Elevation of Privilege | 5033369 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Elevation of Privilege | 5033118 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Elevation of Privilege | 5033118 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Elevation of Privilege | 5033383 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20681 | bframer12@live.com |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20686
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20686 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Elevation of Privilege | 5033383 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20686 | esakis |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20687
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft AllJoyn API Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20687 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Denial of Service | 5033379 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Denial of Service | 5033379 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Denial of Service | 5033373 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Denial of Service | 5033373 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Denial of Service | 5033371 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Denial of Service | 5033371 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Denial of Service | 5033371 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Denial of Service | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Denial of Service | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Denial of Service | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Denial of Service | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Denial of Service | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Denial of Service | 5033372 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Denial of Service | 5033369 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Denial of Service | 5033369 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Denial of Service | 5033375 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Denial of Service | 5033375 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Denial of Service | 5033375 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Denial of Service | 5033375 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2016 | 5034119 (Security Update) | Important | Denial of Service | 5033373 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Denial of Service | 5033373 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Important | Denial of Service | 5033371 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Denial of Service | 5033371 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Denial of Service | 5033118 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Denial of Service | 5033118 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Denial of Service | 5033383 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20687 | ziming zhang with Ant Security Light-Year Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-20692
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.7/TemporalScore:5.0
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by convincing, or waiting for, a user to connect to an Active Directory Domain Controller and then stealing network secrets. When the vulnerability is successfully exploited this could allow the attacker to retrieve sensitive data in plain-text which could be exploited for further attacks. According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? An authorized attacker must be on the network to monitor domain network traffic (PR:L) while monitoring for user (UI:R) generated network traffic, or alternatively that attacker convinces an authenticated user to execute a malicious script, as a step to exploit this vulnerability. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20692 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Information Disclosure | 5033379 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Information Disclosure | 5033379 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Information Disclosure | 5033433 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Information Disclosure | 5033433 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Information Disclosure | 5033429 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Information Disclosure | 5033429 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Information Disclosure | 5033420 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Information Disclosure | 5033420 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2016 | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Information Disclosure | 5033383 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20692 | Michael Grafnetter |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21306
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Bluetooth Driver Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.7/TemporalScore:5.0
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? In order to exploit this vulnerability, the victim must pair with the attacker's Bluetooth device. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21306 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Spoofing | 5033372 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Spoofing | 5033372 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Spoofing | 5033372 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Spoofing | 5033372 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Spoofing | 5033372 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Spoofing | 5033372 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Spoofing | 5033369 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Spoofing | 5033369 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Spoofing | 5033375 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Spoofing | 5033375 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Spoofing | 5033375 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Spoofing | 5033375 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Spoofing | 5033118 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Spoofing | 5033118 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Spoofing | 5033383 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21306 | Marc Newlin with SkySafe |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21309
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21309 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Elevation of Privilege | 5033369 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Elevation of Privilege | 5033369 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Elevation of Privilege | 5033118 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Elevation of Privilege | 5033118 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Elevation of Privilege | 5033383 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21309 | pwnht |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21310
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21310 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Elevation of Privilege | 5033369 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Elevation of Privilege | 5033369 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2019 | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Elevation of Privilege | 5033118 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Elevation of Privilege | 5033118 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Elevation of Privilege | 5033383 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21310 | Anonymous working with Trend Micro Zero Day Initiative Keqi Hu |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21311
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Cryptographic Services Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. How could an attacker exploit this vulnerability? For successful exploitation, a locally authenticated attacker needs to send a specially crafted request to the cryptography provider's vulnerable function. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21311 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Information Disclosure | 5033379 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Information Disclosure | 5033379 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Information Disclosure | 5033433 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Information Disclosure | 5033433 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Information Disclosure | 5033429 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Information Disclosure | 5033429 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Information Disclosure | 5033420 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Information Disclosure | 5033420 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2016 | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Information Disclosure | 5033383 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21311 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21312
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET Framework Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.7
Executive Summary: None FAQ: According to the CVSS metric, the privileges required is none (PR:N). What does that mean for this vulnerability? The score is based on websites/apps that are configured to allow anonymous access without authentication. When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21312 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Denial of Service | 5033373 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Denial of Service | 5033373 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems | 5034273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.7.04081.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems | 5034273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.7.04081.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems | 5034273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.7.04081.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 | 5034119 (Security Update) | Important | Denial of Service | 5033373 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Denial of Service | 5033373 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 | 5034273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.7.04081.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) | 5034273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.7.04081.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems | 5034273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems | 5034273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems | 5034274 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems | 5034274 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems | 5034274 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems | 5034275 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems | 5034275 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems | 5034275 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for ARM64-based Systems | 5034276 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for x64-based Systems | 5034276 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 | 5034273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) | 5034273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 | 5034272 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) | 5034272 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems | 5034274 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems | 5034274 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems | 5034274 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems | 5034275 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems | 5034275 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems | 5034274 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for ARM64-based Systems | 5034276 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for x64-based Systems | 5034276 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems | 5033920 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems | 5033920 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems | 5033920 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems | 5033920 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 | 5034272 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) | 5034272 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.09214.01 | Maybe | None |
| Microsoft .NET Framework 3.5 on Windows Server 2012 | 5034278 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
3.0.50727.8976 | Maybe | None |
| Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) | 5034278 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
3.0.50727.8976 | Maybe | None |
| Microsoft .NET Framework 3.5 on Windows Server 2012 R2 | 5034279 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
3.0.50727.8976 | Maybe | None |
| Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) | 5034279 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
3.0.50727.8976 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034269 (Security Only) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.7.04081.02 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034269 (Security Only) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.7.04081.02 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 | 5034278 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.7.04081.03 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) | 5034278 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.7.04081.03 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 | 5034279 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
3.0.50727.8976 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) | 5034279 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
3.0.50727.8976 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems | 5033910 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems | 5033910 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2012 | 5034278 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) | 5034278 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2012 R2 | 5034279 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) | 5034279 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2016 | 5033910 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) | 5033910 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
4.8.04690.02 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-21312 | Karel Rymes |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21314
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21314 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Information Disclosure | 5033379 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Information Disclosure | 5033379 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Information Disclosure | 5033433 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Information Disclosure | 5033433 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
| Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Information Disclosure | 5033429 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Information Disclosure | 5033429 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Information Disclosure | 5033420 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Information Disclosure | 5033420 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2016 | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Information Disclosure | 5033383 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21314 | Yuki Chen with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21318
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? An authenticated attacker with Site Owner permission can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server. How could an attacker exploit the vulnerability? In a network-based attack, an authenticated attacker, as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21318 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SharePoint Enterprise Server 2016 | 5002541 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5430.1000 | Maybe | None |
| Microsoft SharePoint Server 2019 | 5002539 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10406.20000 | Maybe | None |
| Microsoft SharePoint Server Subscription Edition | 5002540 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10406.20000 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-21318 | Ngo Wei Lin, Billy Jheng Bing Jhong, Lê Hữu Quang Linh, Bruce Chen, Nguyễn Tiền Giang with STAR Labs SG Pte. Ltd. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21319
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Identity Denial of service vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? The attacker must have access to the public encrypt key registered with the IDP(Entra ID) for successful exploitation. How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by crafting a malicious JSON Web Encryption (JWE) token with a high compression ratio. This token, when processed by a server, leads to excessive memory allocation and processing time during decompression, causing a denial-of-service (DoS) condition. It's important to note that the attacker must have access to the public key registered with the IDP(AAD) for successful exploitation. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? A scope change (S:C) in the CVSS metric indicates that successful exploitation of this vulnerability could extend beyond the immediate processing of malicious tokens, affecting the overall availability of the system by causing a denial-of-service (DoS) condition. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21319 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| .NET 6.0 | 5033733 (Security Update) | Important | Denial of Service | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.26 | Maybe | None |
| .NET 7.0 | 5033734 (Security Update) | Important | Denial of Service | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
7.0.15 | Maybe | None |
| .NET 8.0 | 5033741 (Security Update) | Important | Denial of Service | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
8.0.1 | Maybe | None |
| Microsoft Identity Model v5.0.0 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
5.7.0 | Maybe | None |
| Microsoft Identity Model v5.0.0 for Nuget | Release Notes (Security Update) | Important | Denial of Service | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
5.7.0 | Maybe | None |
| Microsoft Identity Model v6.0.0 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.34.0 | Maybe | None |
| Microsoft Identity Model v6.0.0 for Nuget | Release Notes (Security Update) | Important | Denial of Service | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.34.0 | Maybe | None |
| Microsoft Identity Model v7.0.0 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
7.1.2 | Maybe | None |
| Microsoft Identity Model v7.0.0 for Nuget | Release Notes (Security Update) | Important | Denial of Service | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
7.1.2 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.2 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
17.2.23 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.4 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
17.4.15 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
17.6.11 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
17.8.4 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-21319 | Morgan Brown with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21320
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Themes Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily click or open the malicious file. Mitigations: Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigations might apply in your situation:
References:
Workarounds: None Revision: 1.0 09-Jan-24 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21320 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Spoofing | 5033379 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Spoofing | 5033379 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Spoofing | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Spoofing | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Spoofing | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Spoofing | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Spoofing | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Spoofing | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Spoofing | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Spoofing | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Spoofing | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Spoofing | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Spoofing | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
| Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Spoofing | 5033369 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Spoofing | 5033369 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Spoofing | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Spoofing | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Spoofing | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Spoofing | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
| Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Spoofing | 5033429 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Spoofing | 5033429 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
| Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Spoofing | 5033420 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Spoofing | 5033420 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
| Windows Server 2016 | 5034119 (Security Update) | Important | Spoofing | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Spoofing | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
| Windows Server 2019 | 5034127 (Security Update) | Important | Spoofing | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Spoofing | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
| Windows Server 2022 | 5034129 (Security Update) | Important | Spoofing | 5033118 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Spoofing | 5033118 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21320 | Tomer Peled with Akamai |