This report contains detail for the following vulnerabilities:
CVE Issued by | Tag | CVE ID | CVE Title |
---|---|---|---|
Microsoft | .NET and Visual Studio | CVE-2024-0057 | NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability |
Microsoft | .NET Core & Visual Studio | CVE-2024-20672 | .NET Core and Visual Studio Denial of Service Vulnerability |
Microsoft | .NET Framework | CVE-2024-21312 | .NET Framework Denial of Service Vulnerability |
Microsoft | Azure Storage Mover | CVE-2024-20676 | Azure Storage Mover Remote Code Execution Vulnerability |
Microsoft | Microsoft Bluetooth Driver | CVE-2024-21306 | Microsoft Bluetooth Driver Spoofing Vulnerability |
Microsoft | Microsoft Devices | CVE-2024-21325 | Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability |
Chrome | Microsoft Edge (Chromium-based) | CVE-2024-0222 | Chromium: CVE-2024-0222 Use after free in ANGLE |
Chrome | Microsoft Edge (Chromium-based) | CVE-2024-0223 | Chromium: CVE-2024-0223 Heap buffer overflow in ANGLE |
Chrome | Microsoft Edge (Chromium-based) | CVE-2024-0224 | Chromium: CVE-2024-0224 Use after free in WebAudio |
Chrome | Microsoft Edge (Chromium-based) | CVE-2024-0225 | Chromium: CVE-2024-0225 Use after free in WebGPU |
Microsoft | Microsoft Identity Services | CVE-2024-21319 | Microsoft Identity Denial of service vulnerability |
Microsoft | Microsoft Office | CVE-2024-20677 | Microsoft Office Remote Code Execution Vulnerability |
Microsoft | Microsoft Office SharePoint | CVE-2024-21318 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
Microsoft | Microsoft Virtual Hard Drive | CVE-2024-20658 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability |
Microsoft | Remote Desktop Client | CVE-2024-21307 | Remote Desktop Client Remote Code Execution Vulnerability |
Microsoft | SQL Server | CVE-2024-0056 | Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability |
MITRE Corporation | SQLite | CVE-2022-35737 | MITRE: CVE-2022-35737 SQLite allows an array-bounds overflow |
Microsoft | Unified Extensible Firmware Interface | CVE-2024-21305 | Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability |
Microsoft | Visual Studio | CVE-2024-20656 | Visual Studio Elevation of Privilege Vulnerability |
Microsoft | Windows AllJoyn API | CVE-2024-20687 | Microsoft AllJoyn API Denial of Service Vulnerability |
Microsoft | Windows Authentication Methods | CVE-2024-20674 | Windows Kerberos Security Feature Bypass Vulnerability |
Microsoft | Windows BitLocker | CVE-2024-20666 | BitLocker Security Feature Bypass Vulnerability |
Microsoft | Windows Cloud Files Mini Filter Driver | CVE-2024-21310 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
Microsoft | Windows Collaborative Translation Framework | CVE-2024-20694 | Windows CoreMessaging Information Disclosure Vulnerability |
Microsoft | Windows Common Log File System Driver | CVE-2024-20653 | Microsoft Common Log File System Elevation of Privilege Vulnerability |
Microsoft | Windows Cryptographic Services | CVE-2024-20682 | Windows Cryptographic Services Remote Code Execution Vulnerability |
Microsoft | Windows Cryptographic Services | CVE-2024-21311 | Windows Cryptographic Services Information Disclosure Vulnerability |
Microsoft | Windows Group Policy | CVE-2024-20657 | Windows Group Policy Elevation of Privilege Vulnerability |
Microsoft | Windows Hyper-V | CVE-2024-20699 | Windows Hyper-V Denial of Service Vulnerability |
Microsoft | Windows Hyper-V | CVE-2024-20700 | Windows Hyper-V Remote Code Execution Vulnerability |
Microsoft | Windows Kernel | CVE-2024-20698 | Windows Kernel Elevation of Privilege Vulnerability |
Microsoft | Windows Kernel-Mode Drivers | CVE-2024-21309 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
Microsoft | Windows Libarchive | CVE-2024-20697 | Windows Libarchive Remote Code Execution Vulnerability |
Microsoft | Windows Libarchive | CVE-2024-20696 | Windows Libarchive Remote Code Execution Vulnerability |
Microsoft | Windows Local Security Authority Subsystem Service (LSASS) | CVE-2024-20692 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability |
Microsoft | Windows Message Queuing | CVE-2024-20660 | Microsoft Message Queuing Information Disclosure Vulnerability |
Microsoft | Windows Message Queuing | CVE-2024-20664 | Microsoft Message Queuing Information Disclosure Vulnerability |
Microsoft | Windows Message Queuing | CVE-2024-20680 | Windows Message Queuing Client (MSMQC) Information Disclosure |
Microsoft | Windows Message Queuing | CVE-2024-20663 | Windows Message Queuing Client (MSMQC) Information Disclosure |
Microsoft | Windows Message Queuing | CVE-2024-21314 | Microsoft Message Queuing Information Disclosure Vulnerability |
Microsoft | Windows Message Queuing | CVE-2024-20661 | Microsoft Message Queuing Denial of Service Vulnerability |
Microsoft | Windows Nearby Sharing | CVE-2024-20690 | Windows Nearby Sharing Spoofing Vulnerability |
Microsoft | Windows ODBC Driver | CVE-2024-20654 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
Microsoft | Windows Online Certificate Status Protocol (OCSP) SnapIn | CVE-2024-20662 | Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability |
Microsoft | Windows Online Certificate Status Protocol (OCSP) SnapIn | CVE-2024-20655 | Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability |
Microsoft | Windows Scripting | CVE-2024-20652 | Windows HTML Platforms Security Feature Bypass Vulnerability |
Microsoft | Windows Server Key Distribution Service | CVE-2024-21316 | Windows Server Key Distribution Service Security Feature Bypass |
Microsoft | Windows Subsystem for Linux | CVE-2024-20681 | Windows Subsystem for Linux Elevation of Privilege Vulnerability |
Microsoft | Windows TCP/IP | CVE-2024-21313 | Windows TCP/IP Information Disclosure Vulnerability |
Microsoft | Windows Themes | CVE-2024-20691 | Windows Themes Information Disclosure Vulnerability |
Microsoft | Windows Themes | CVE-2024-21320 | Windows Themes Spoofing Vulnerability |
Microsoft | Windows Win32 Kernel Subsystem | CVE-2024-20686 | Win32k Elevation of Privilege Vulnerability |
Microsoft | Windows Win32K | CVE-2024-20683 | Win32k Elevation of Privilege Vulnerability |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
CVE-2024-0222
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-0222 Use after free in ANGLE
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    05-Jan-24     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-0222 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
120.0.2210.121 | No | None |
CVE ID | Acknowledgements |
CVE-2024-0222 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
CVE-2024-0223
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-0223 Heap buffer overflow in ANGLE
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    05-Jan-24     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-0223 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
120.0.2210.121 | No | None |
CVE ID | Acknowledgements |
CVE-2024-0223 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
CVE-2024-0224
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-0224 Use after free in WebAudio
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    05-Jan-24     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-0224 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
120.0.2210.121 | No | None |
CVE ID | Acknowledgements |
CVE-2024-0224 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
CVE-2024-0225
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-0225 Use after free in WebGPU
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    05-Jan-24     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-0225 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
120.0.2210.121 | No | None |
CVE ID | Acknowledgements |
CVE-2024-0225 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-20666
MITRE NVD Issuing CNA: Microsoft |
CVE Title: BitLocker Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data. Are there additional steps that I need to take to be protected from this vulnerability? Depending on the version of Windows you are running, you may need to take additional steps to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. For the latest of Windows the process of updating WinRE is now fully automated. The following versions of Windows require no additional steps as WinRE will be updated as a part of Latest Cumulative Update if you are getting updates from Windows Update and WSUS.:
For the following Windows versions an automated solution is available. For devices using Windows Update no further action is needed. If you are using WSUS simply approve the standalone update in WSUS:
If your version of Windows is not listed above, you can download the latest Windows Safe OS Dynamic Update from the Microsoft Update Catalog. You can then apply the WinRE update, see Add an update package to Windows RE. To automate your installation Microsoft has developed a sample script that can help you automate updating WinRE from the running Windows OS. Please see KB5034957: Updating the WinRE partition on deployed devices to address security vulnerabilities in CVE-2024-20666 for more information. Can a bootable Windows ISO or USB flash drive that boot to Windows RE be used to exploit this vulnerability? No. The exploit is only possible with the winre.wim on the recovery partition of the device. Can a vulnerable version of WinRE WIM file be used to exploit this vulnerability? No. A BitLocker encrypted drive cannot be accessed via an arbitrary WinRE WIM file hosted on an external drive. Please complete all steps in Microsoft Learn | Add an Update to Windows RE | Apply the update to a running PC to ensure that the updated Windows RE image is turned on and correctly configured for your Windows installation. If TPM+PIN BitLocker protectors are being used, can the vulnerability be exploited if the attacker does not know the TPM PIN? No. To exploit the vulnerability the attacker needs to know the TPM PIN if the user is protected by the BitLocker TPM+PIN. How do I check whether WinRE has successfully updated? Follow all steps in complete all steps in Microsoft Learn | Check the WinRE image version to ensure that the updated Windows RE image is updated to the current ServicePackBuild. Mitigations: None Workarounds: None Revision: 1.0    09-Jan-24     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-20666 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Security Feature Bypass | 5033379 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Security Feature Bypass | 5033379 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Security Feature Bypass | 5033373 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Security Feature Bypass | 5033373 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Security Feature Bypass | 5033371 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Security Feature Bypass | 5033371 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Security Feature Bypass | 5033371 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Security Feature Bypass | 5033372 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Security Feature Bypass | 5033369 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Security Feature Bypass | 5033369 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Security Feature Bypass | 5033375 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Security Feature Bypass | 5033375 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Security Feature Bypass | 5033375 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Security Feature Bypass | 5033375 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows Server 2016 | 5034119 (Security Update) | Important | Security Feature Bypass | 5033373 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Security Feature Bypass | 5033373 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows Server 2019 | 5034127 (Security Update) | Important | Security Feature Bypass | 5033371 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Security Feature Bypass | 5033371 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2022 | 5034129 (Security Update) | Important | Security Feature Bypass | 5033118 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Security Feature Bypass | 5033118 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Security Feature Bypass | 5033383 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-20666 | Zammis Clark |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-20674
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kerberos Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.0/TemporalScore:7.8
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? The authentication feature could be bypassed as this vulnerability allows impersonation. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities. How could an attacker exploit this vulnerability? An unauthenticated attacker could exploit this vulnerability by establishing a machine-in-the-middle (MITM) attack or other local network spoofing technique, then sending a malicious Kerberos message to the client victim machine to spoof itself as the Kerberos authentication server. According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack. Mitigations: None Workarounds: None Revision: 1.0    09-Jan-24     Information published. |
Critical | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-20674 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5034134 (Security Update) | Critical | Security Feature Bypass | 5033379 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
Windows 10 for x64-based Systems | 5034134 (Security Update) | Critical | Security Feature Bypass | 5033379 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Critical | Security Feature Bypass | 5033373 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Critical | Security Feature Bypass | 5033373 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Critical | Security Feature Bypass | 5033371 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Critical | Security Feature Bypass | 5033371 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Critical | Security Feature Bypass | 5033371 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Critical | Security Feature Bypass | 5033372 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Critical | Security Feature Bypass | 5033372 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Critical | Security Feature Bypass | 5033372 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Critical | Security Feature Bypass | 5033372 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Critical | Security Feature Bypass | 5033372 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Critical | Security Feature Bypass | 5033372 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Critical | Security Feature Bypass | 5033369 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Critical | Security Feature Bypass | 5033369 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Critical | Security Feature Bypass | 5033375 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Critical | Security Feature Bypass | 5033375 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Critical | Security Feature Bypass | 5033375 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Critical | Security Feature Bypass | 5033375 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Critical | Security Feature Bypass | 5033422 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Critical | Security Feature Bypass | 5033422 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Critical | Security Feature Bypass | 5033422 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Critical | Security Feature Bypass | 5033422 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Critical | Security Feature Bypass | 5033433 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Critical | Security Feature Bypass | 5033433 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
Windows Server 2012 | 5034184 (Monthly Rollup) | Critical | Security Feature Bypass | 5033429 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Critical | Security Feature Bypass | 5033429 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Critical | Security Feature Bypass | 5033420 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Critical | Security Feature Bypass | 5033420 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
Windows Server 2016 | 5034119 (Security Update) | Critical | Security Feature Bypass | 5033373 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Critical | Security Feature Bypass | 5033373 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows Server 2019 | 5034127 (Security Update) | Critical | Security Feature Bypass | 5033371 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Critical | Security Feature Bypass | 5033371 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2022 | 5034129 (Security Update) | Critical | Security Feature Bypass | 5033118 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Critical | Security Feature Bypass | 5033118 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Critical | Security Feature Bypass | 5033383 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-20674 | ldwilmore34 |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-20677
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365. 3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time. This change is effective as of the January 9, 2024 security update. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the targeted environment. Where can I find more information? Please see the Microsoft Support Blog Post relating to the disablement of the ability to insert FBX (.fbx files) here: https://prod.support.services.microsoft.com/en-us/topic/9f2387f1-84ec-496a-a288-2c6f774db219 Are the updates for the Microsoft Office 2021 for Mac currently available? The security update for Microsoft Office 2021 for Mac is not immediately available. The update will be released as soon as possible, and when it is available, customers will be notified via a revision to this CVE information. Mitigations: None Workarounds: None Revision: 1.0    09-Jan-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-20677 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC for Mac 2021 | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | Unknown | None |
CVE ID | Acknowledgements |
CVE-2024-20677 | Kim Dong-Uk (@justlikebono) HAO LI of VenusTech ADLab Anonymous Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-20676
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure Storage Mover Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.0/TemporalScore:7.0
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H) and the privileges required is high (PR:H). What does this mean for this vulnerability? For a successful exploitation, the attacker would need some key information like ARMID and UUID of the installed agent as pre-requisite. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this situation a successful exploit could let attacker gain access to the network where the agent is installed which could lead to accessing to other assets in that network. How could an attacker exploit this vulnerability? An attacker who has performed the exploit successfully would be able to gain access to the installed agent and could perform remote code execution. Mitigations: None Workarounds: None Revision: 1.0    09-Jan-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-20676 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Storage Mover Agent | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
3.0.430 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-20676 | Shahar Zelig with Microsoft Oran Moyal with Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-20654
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft ODBC Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.0/TemporalScore:7.0
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable). According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Successful exploitation of this vulnerability simply requires the attacker or targeted user to leverage a Microsoft Access application to automatically talk to a SQL Server while utilizing a remote SQL Server address that they control. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the client receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. Mitigations: None Workarounds: None Revision: 1.0    09-Jan-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-20654 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Remote Code Execution | 5033379 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Remote Code Execution | 5033379 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Remote Code Execution | 5033373 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Remote Code Execution | 5033373 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Remote Code Execution | 5033369 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Remote Code Execution | 5033369 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Remote Code Execution | 5033422 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Remote Code Execution | 5033422 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Remote Code Execution | 5033422 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Remote Code Execution | 5033422 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Remote Code Execution | 5033433 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Remote Code Execution | 5033433 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Remote Code Execution | 5033429 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Remote Code Execution | 5033429 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Remote Code Execution | 5033420 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Remote Code Execution | 5033420 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
Windows Server 2016 | 5034119 (Security Update) | Important | Remote Code Execution | 5033373 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Remote Code Execution | 5033373 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows Server 2019 | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2022 | 5034129 (Security Update) | Important | Remote Code Execution | 5033118 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Remote Code Execution | 5033118 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Remote Code Execution | 5033383 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-20654 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-20657
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Group Policy Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    09-Jan-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-20657 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Elevation of Privilege | 5033379 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Elevation of Privilege | 5033379 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Elevation of Privilege | 5033369 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Elevation of Privilege | 5033369 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Elevation of Privilege | 5033422 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Elevation of Privilege | 5033422 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Elevation of Privilege | 5033422 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Elevation of Privilege | 5033422 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Elevation of Privilege | 5033433 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Elevation of Privilege | 5033433 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Elevation of Privilege | 5033429 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Elevation of Privilege | 5033429 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Elevation of Privilege | 5033420 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Elevation of Privilege | 5033420 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
Windows Server 2016 | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows Server 2019 | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2022 | 5034129 (Security Update) | Important | Elevation of Privilege | 5033118 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Elevation of Privilege | 5033118 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Elevation of Privilege | 5033383 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-20657 | Tyler Price with Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-20658
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges an attacker could gain with a successful exploitation? An attacker who successfully exploited this vulnerability could gain privilege escalation in the processing of .vhdx files in the Windows Kernel. Mitigations: None Workarounds: None Revision: 1.0    09-Jan-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-20658 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Elevation of Privilege | 5033379 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Elevation of Privilege | 5033379 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Elevation of Privilege | 5033369 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Elevation of Privilege | 5033369 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Elevation of Privilege | 5033429 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Elevation of Privilege | 5033429 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Elevation of Privilege | 5033420 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Elevation of Privilege | 5033420 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
Windows Server 2016 | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows Server 2019 | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2022 | 5034129 (Security Update) | Important | Elevation of Privilege | 5033118 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Elevation of Privilege | 5033118 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Elevation of Privilege | 5033383 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-20658 | Tianyao Xu(@sat0rn3) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-20680
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Message Queuing Client (MSMQC) Information Disclosure
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0    09-Jan-24     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-20680 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Information Disclosure | 5033379 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Information Disclosure | 5033379 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Information Disclosure | 5033422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Information Disclosure | 5033433 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Information Disclosure | 5033433 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Information Disclosure | 5033429 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Information Disclosure | 5033429 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Information Disclosure | 5033420 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Information Disclosure | 5033420 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
Windows Server 2016 | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows Server 2019 | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2022 | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Information Disclosure | 5033383 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-20680 | k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-20682
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Cryptographic Services Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. Mitigations: None Workarounds: None Revision: 1.0    09-Jan-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-20682 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Remote Code Execution | 5033379 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Remote Code Execution | 5033379 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Remote Code Execution | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Remote Code Execution | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Remote Code Execution | 5033369 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Remote Code Execution | 5033369 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Remote Code Execution | 5033429 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Remote Code Execution | 5033429 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Remote Code Execution | 5033420 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Remote Code Execution | 5033420 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
Windows Server 2016 | 5034119 (Security Update) | Important | Remote Code Execution | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Remote Code Execution | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows Server 2019 | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2022 | 5034129 (Security Update) | Important | Remote Code Execution | 5033118 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Remote Code Execution | 5033118 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Remote Code Execution | 5033383 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-20682 | 0poss with Thalium Team |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-20683
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    09-Jan-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-20683 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Elevation of Privilege | 5033379 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Elevation of Privilege | 5033379 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Elevation of Privilege | 5033369 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Elevation of Privilege | 5033369 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Elevation of Privilege | 5033422 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Elevation of Privilege | 5033422 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Elevation of Privilege | 5033422 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5034173 (Monthly Rollup) 5034176 (Security Only) |
Important | Elevation of Privilege | 5033422 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22464 |
Yes | 5034173 5034176 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Elevation of Privilege | 5033433 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Elevation of Privilege | 5033433 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Elevation of Privilege | 5033429 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Elevation of Privilege | 5033429 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Elevation of Privilege | 5033420 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Elevation of Privilege | 5033420 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
Windows Server 2016 | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Elevation of Privilege | 5033373 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows Server 2019 | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2022 | 5034129 (Security Update) | Important | Elevation of Privilege | 5033118 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Elevation of Privilege | 5033118 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Elevation of Privilege | 5033383 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-20683 | jackery |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-20690
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Nearby Sharing Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? This vulnerability could be triggered when a malicious actor spoofs a machine with the same name that a user is searching for. Mitigations: None Workarounds: None Revision: 1.0    09-Jan-24     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-20690 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Spoofing | 5033371 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Spoofing | 5033371 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Spoofing | 5033371 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Spoofing | 5033372 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Spoofing | 5033372 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Spoofing | 5033372 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Spoofing | 5033372 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Spoofing | 5033372 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Spoofing | 5033372 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Spoofing | 5033369 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Spoofing | 5033369 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Spoofing | 5033375 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Spoofing | 5033375 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Spoofing | 5033375 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Spoofing | 5033375 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
CVE ID | Acknowledgements |
CVE-2024-20690 | Crypto Board |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-20691
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Themes Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.7/TemporalScore:4.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Mitigations: None Workarounds: None Revision: 1.0    09-Jan-24     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-20691 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5034134 (Security Update) | Important | Information Disclosure | 5033379 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
Windows 10 for x64-based Systems | 5034134 (Security Update) | Important | Information Disclosure | 5033379 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20402 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Information Disclosure | 5033433 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5034169 (Monthly Rollup) 5034167 (Security Only) |
Important | Information Disclosure | 5033433 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.26910 |
Yes | 5034169 5034167 |
Windows Server 2012 | 5034184 (Monthly Rollup) | Important | Information Disclosure | 5033429 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
Windows Server 2012 (Server Core installation) | 5034184 (Monthly Rollup) | Important | Information Disclosure | 5033429 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24664 | Yes | None |
Windows Server 2012 R2 | 5034171 (Monthly Rollup) | Important | Information Disclosure | 5033420 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5034171 (Monthly Rollup) | Important | Information Disclosure | 5033420 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.21765 | Yes | None |
Windows Server 2016 | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows Server 2019 | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2022 | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Information Disclosure | 5033383 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-20691 | R4nger & Zhiniang Peng |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-20694
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows CoreMessaging Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of stack memory. Mitigations: None Workarounds: None Revision: 1.0    09-Jan-24     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-20694 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1607 for 32-bit Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Information Disclosure | 5033372 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Information Disclosure | 5033369 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Information Disclosure | 5033375 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows Server 2016 | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows Server 2016 (Server Core installation) | 5034119 (Security Update) | Important | Information Disclosure | 5033373 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.6614 | Yes | None |
Windows Server 2019 | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Information Disclosure | 5033371 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2022 | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Information Disclosure | 5033118 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Information Disclosure | 5033383 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-20694 | R4nger & Zhiniang Peng |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2022-35737
MITRE NVD Issuing CNA: MITRE Corporation |
CVE Title: MITRE: CVE-2022-35737 SQLite allows an array-bounds overflow
CVSS: None Executive Summary: None FAQ: Why is the MITRE Corporation the assigning CNA (CVE Numbering Authority)? CVE-2022-35737 is regarding a vulnerability in SQLite. MITRE assigned this CVE number on behalf of the SQLite organization. Microsoft has included the updated library in Windows that addresses this vulnerability. Mitigations: None Workarounds: None Revision: 1.0    09-Jan-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-35737 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
CBL Mariner 1.0 ARM | sqlite (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
3.34.1-2 | Unknown | None |
CBL Mariner 1.0 x64 | sqlite (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
3.34.1-2 | Unknown | None |
CBL Mariner 2.0 ARM | sqlite (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
3.39.2-1 | Unknown | None |
CBL Mariner 2.0 x64 | sqlite (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
3.39.2-1 | Unknown | None |
Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.19045.3930 |
Yes | 5034122 |
Windows Server 2019 | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: N/A Temporal: N/A Vector: N/A |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2022 | 5034129 (Security Update) | Important | Remote Code Execution | 5033118 | Base: N/A Temporal: N/A Vector: N/A |
10.0.20348.2227 | Yes | None |
Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Remote Code Execution | 5033118 | Base: N/A Temporal: N/A Vector: N/A |
10.0.20348.2227 | Yes | None |
CVE ID | Acknowledgements |
CVE-2022-35737 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-20696
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Libarchive Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability? An authorized attacker with guest privileges must send a victim a malicious site and convince them to open it. Mitigations: None Workarounds: None Revision: 1.0    09-Jan-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-20696 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Remote Code Execution | 5033372 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Remote Code Execution | 5033369 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Remote Code Execution | 5033369 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows Server 2019 | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Remote Code Execution | 5033371 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2022 | 5034129 (Security Update) | Important | Remote Code Execution | 5033118 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Remote Code Execution | 5033118 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Remote Code Execution | 5033383 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-20696 | Microsoft Offensive Research & Security Engineering with Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-20697
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Libarchive Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability? An authorized attacker with guest privileges must send a victim a malicious site and convince them to open it. Mitigations: None Workarounds: None Revision: 1.0    09-Jan-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-20697 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Remote Code Execution | 5033375 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Remote Code Execution | 5033383 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-20697 | Microsoft Offensive Research & Security Engineering with Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-20698
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    09-Jan-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-20698 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for ARM64-based Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 21H2 for 32-bit Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for 32-bit Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for ARM64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Elevation of Privilege | 5033372 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 11 version 21H2 for ARM64-based Systems | 5034121 (Security Update) | Important | Elevation of Privilege | 5033369 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Elevation of Privilege | 5033369 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 Version 22H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for ARM64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Elevation of Privilege | 5033375 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows Server 2019 | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Elevation of Privilege | 5033371 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2022 | 5034129 (Security Update) | Important | Elevation of Privilege | 5033118 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Elevation of Privilege | 5033118 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Elevation of Privilege | 5033383 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-20698 | ziming zhang with Ant Security Light-Year Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-20699
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Hyper-V Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An authenticated attacker could run a specially crafted application on a vulnerable Hyper-V guest to exploit this vulnerability which, if successful, could potentially interact with processes of another Hyper-V guest hosted on the same Hyper-V host. Mitigations: None Workarounds: None Revision: 1.0    09-Jan-24     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-20699 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Important | Denial of Service | 5033371 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Important | Denial of Service | 5033372 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.3930 |
Yes | 5034122 |
Windows 10 Version 22H2 for x64-based Systems | 5034122 (Security Update) | Important | Denial of Service | 5033372 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.3930 |
Yes | 5034122 |
Windows 11 version 21H2 for x64-based Systems | 5034121 (Security Update) | Important | Denial of Service | 5033369 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2713 |
Yes | 5034121 |
Windows 11 Version 22H2 for x64-based Systems | 5034123 (Security Update) | Important | Denial of Service | 5033375 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3007 |
Yes | 5034123 |
Windows 11 Version 23H2 for x64-based Systems | 5034123 (Security Update) | Important | Denial of Service | 5033375 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3007 |
Yes | 5034123 |
Windows Server 2019 | 5034127 (Security Update) | Important | Denial of Service | 5033371 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2019 (Server Core installation) | 5034127 (Security Update) | Important | Denial of Service | 5033371 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows Server 2022 | 5034129 (Security Update) | Important | Denial of Service | 5033118 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022 (Server Core installation) | 5034129 (Security Update) | Important | Denial of Service | 5033118 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2227 | Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5034130 (Security Update) | Important | Denial of Service | 5033383 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.643 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-20699 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-20700
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Hyper-V Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack. Mitigations: None Workarounds: None Revision: 1.0    09-Jan-24     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-20700 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for x64-based Systems | 5034127 (Security Update) | Critical | Remote Code Execution | 5033371 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5329 |
Yes | 5034127 |
Windows 10 Version 21H2 for x64-based Systems | 5034122 (Security Update) | Critical | <