This report contains detail for the following vulnerabilities:
| CVE Issued by | Tag | CVE ID | CVE Title |
|---|---|---|---|
| Microsoft | .NET and Visual Studio | CVE-2024-43499 | .NET and Visual Studio Denial of Service Vulnerability |
| Microsoft | .NET and Visual Studio | CVE-2024-43498 | .NET and Visual Studio Remote Code Execution Vulnerability |
| Microsoft | Airlift.microsoft.com | CVE-2024-49056 | Airlift.microsoft.com Elevation of Privilege Vulnerability |
| Microsoft | Azure CycleCloud | CVE-2024-43602 | Azure CycleCloud Remote Code Execution Vulnerability |
| Microsoft | LightGBM | CVE-2024-43598 | LightGBM Remote Code Execution Vulnerability |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47689 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47681 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47682 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47683 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47684 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47691 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47697 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47692 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47698 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47690 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47673 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-36478 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-46849 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-46710 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-35857 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-35823 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-27017 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-46857 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47672 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47671 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47674 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-46855 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-46858 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-46859 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47699 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47752 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47753 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49851 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47744 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47750 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47751 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49850 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49859 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49860 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49875 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49853 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49852 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49858 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47742 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47710 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47716 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47718 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47700 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47707 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47709 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47719 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47734 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47735 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47743 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47720 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47730 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47731 | Unknown |
| security@golang.org | Mariner | CVE-2023-3978 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-43829 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-42246 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-28180 | Unknown |
| cve@mitre.org | Mariner | CVE-2023-39129 | Unknown |
| cve@mitre.org | Mariner | CVE-2023-39128 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-42297 | Unknown |
| security@php.net | Mariner | CVE-2024-8925 | Unknown |
| security@php.net | Mariner | CVE-2024-9026 | Unknown |
| security@golang.org | Mariner | CVE-2023-45288 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-43897 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47755 | Unknown |
| security@php.net | Mariner | CVE-2024-8926 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49965 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49976 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49986 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-44952 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49894 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49954 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50006 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49977 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49988 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50008 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49867 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49901 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49967 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-26940 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-27393 | Unknown |
| security@apache.org | Mariner | CVE-2023-38709 | Unknown |
| secalert@redhat.com | Mariner | CVE-2022-32746 | Unknown |
| secalert@redhat.com | Mariner | CVE-2021-20277 | Unknown |
| secalert@redhat.com | Mariner | CVE-2023-1393 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-27005 | Unknown |
| cve@mitre.org | Mariner | CVE-2022-28506 | Unknown |
| cve@kernel.org | Mariner | CVE-2024-27397 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-27436 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-33875 | Unknown |
| ykramarz@cisco.com | Mariner | CVE-2024-20505 | Unknown |
| ykramarz@cisco.com | Mariner | CVE-2024-20506 | Unknown |
| secalert@redhat.com | Mariner | CVE-2023-5981 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-38577 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-43884 | Unknown |
| cve@mitre.org | Mariner | CVE-2023-39130 | Unknown |
| 2499f714-1537-4658-8207-48ae4bb9eae9 | Mariner | CVE-2024-8096 | Unknown |
| security@hashicorp.com | Mariner | CVE-2024-6104 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-43892 | Unknown |
| cve@mitre.org | Mariner | CVE-2007-4559 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-27058 | Unknown |
| secalert@redhat.com | Mariner | CVE-2020-27840 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-43905 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-44946 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-44974 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49989 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49987 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50000 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49981 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49983 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49992 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49995 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50007 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-49761 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50013 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50005 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50002 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50012 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49953 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49958 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49955 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49903 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49924 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49930 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49957 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49966 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49975 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49978 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49962 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49960 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49963 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49985 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49980 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49982 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49950 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49969 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49973 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49996 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50003 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49997 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50015 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49993 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49991 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50001 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49868 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49884 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49890 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50093 | Unknown |
| security@golang.org | Mariner | CVE-2023-39325 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49870 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49883 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49959 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49961 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49936 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49889 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49929 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49931 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50057 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50058 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50064 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50044 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50055 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50049 | Unknown |
| cve@mitre.org | Mariner | CVE-2023-48795 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21096 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21125 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21135 | Unknown |
| security@tcpdump.org | Mariner | CVE-2023-7256 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-31852 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-20996 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49913 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49912 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50019 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49874 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49877 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49879 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50022 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50041 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50040 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50045 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50031 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50032 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50033 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21247 | Unknown |
| secalert@redhat.com | Mariner | CVE-2024-43167 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-25629 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21230 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21241 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21239 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-43790 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49881 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49900 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49895 | Unknown |
| sep@nlnetlabs.nl | Mariner | CVE-2024-8508 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49882 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49892 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21165 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21171 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21173 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21142 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21157 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21166 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21198 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21213 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21218 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21219 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21197 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21201 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21199 | Unknown |
| security@apache.org | Mariner | CVE-2024-47554 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47679 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-46864 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47670 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47675 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47685 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47686 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47678 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-46860 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-27012 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-26596 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2023-52917 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-46853 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-46861 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-46852 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-46854 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47715 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47714 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47712 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47713 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47727 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47723 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47728 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47706 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47695 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47693 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47688 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47696 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47704 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47701 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47705 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-27028 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-43853 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-41098 | Unknown |
| security@golang.org | Mariner | CVE-2022-32149 | Unknown |
| security@php.net | Mariner | CVE-2024-8927 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-31228 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-28182 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-46863 | Unknown |
| security@golang.org | Mariner | CVE-2024-24786 | Unknown |
| security@apache.org | Mariner | CVE-2023-49582 | Unknown |
| openssl-security@openssl.org | Mariner | CVE-2023-6237 | Unknown |
| 2499f714-1537-4658-8207-48ae4bb9eae9 | Mariner | CVE-2024-2398 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-38588 | Unknown |
| security@tcpdump.org | Mariner | CVE-2024-8006 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-42228 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-38381 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-50602 | Unknown |
| secalert@redhat.com | Mariner | CVE-2023-1981 | Unknown |
| cve@mitre.org | Mariner | CVE-2023-45866 | Unknown |
| cve-coordination@google.com | Mariner | CVE-2024-2410 | Unknown |
| cve@mitre.org | Mariner | CVE-2023-48161 | Unknown |
| secalert@redhat.com | Mariner | CVE-2024-28834 | Unknown |
| secalert@redhat.com | Mariner | CVE-2024-28835 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-26950 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-31951 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-27282 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-31449 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-32607 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-30203 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-27037 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-27435 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47739 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21129 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21127 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21134 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21163 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21162 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21159 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21160 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21130 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50062 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50059 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50061 | Unknown |
| support@hackerone.com | Mariner | CVE-2023-46219 | Unknown |
| 2499f714-1537-4658-8207-48ae4bb9eae9 | Mariner | CVE-2024-2004 | Unknown |
| support@hackerone.com | Mariner | CVE-2023-46218 | Unknown |
| cve-coordination@google.com | Mariner | CVE-2022-1941 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-42934 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21237 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21231 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-22365 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-47814 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50016 | Unknown |
| 2499f714-1537-4658-8207-48ae4bb9eae9 | Mariner | CVE-2024-7264 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21238 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21194 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21193 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21196 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21212 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21236 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21207 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21203 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50048 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49856 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47757 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47754 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49854 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49871 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49863 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49855 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47756 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47737 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47738 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47741 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47745 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47748 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47747 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-47749 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50038 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50039 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50023 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50036 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50046 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50047 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50035 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50029 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49905 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49862 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49861 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49907 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50024 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50026 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49896 | Unknown |
| OpenSSL | Microsoft Defender for Endpoint | CVE-2024-5535 | OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-10826 | Chromium: CVE-2024-10826 Use after free in Family Experiences |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-10827 | Chromium: CVE-2024-10827 Use after free in Serial |
| Microsoft | Microsoft Exchange Server | CVE-2024-49040 | Microsoft Exchange Server Spoofing Vulnerability |
| Microsoft | Microsoft Graphics Component | CVE-2024-49031 | Microsoft Office Graphics Remote Code Execution Vulnerability |
| Microsoft | Microsoft Graphics Component | CVE-2024-49032 | Microsoft Office Graphics Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Excel | CVE-2024-49029 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Excel | CVE-2024-49026 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Excel | CVE-2024-49027 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Excel | CVE-2024-49028 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Excel | CVE-2024-49030 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office SharePoint | ADV240001 | Microsoft SharePoint Server Defense in Depth Update |
| Microsoft | Microsoft Office Word | CVE-2024-49033 | Microsoft Word Security Feature Bypass Vulnerability |
| Microsoft | Microsoft PC Manager | CVE-2024-49051 | Microsoft PC Manager Elevation of Privilege Vulnerability |
| Microsoft | Microsoft Virtual Hard Drive | CVE-2024-38264 | Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability |
| Microsoft | Microsoft Windows DNS | CVE-2024-43450 | Windows DNS Spoofing Vulnerability |
| Microsoft | Role: Windows Active Directory Certificate Services | CVE-2024-49019 | Active Directory Certificate Services Elevation of Privilege Vulnerability |
| Microsoft | Role: Windows Hyper-V | CVE-2024-43633 | Windows Hyper-V Denial of Service Vulnerability |
| Microsoft | Role: Windows Hyper-V | CVE-2024-43624 | Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability |
| Microsoft | SQL Server | CVE-2024-48998 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-48997 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-48993 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-49001 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-49000 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-48999 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-49043 | Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-43462 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-48995 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-48994 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-38255 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-48996 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-43459 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-49002 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-49013 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-49014 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-49011 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-49012 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-49015 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-49018 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-49021 | Microsoft SQL Server Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-49016 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-49017 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-49010 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-49005 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-49007 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-49003 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-49004 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-49006 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-49009 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-49008 | SQL Server Native Client Remote Code Execution Vulnerability |
| Microsoft | TorchGeo | CVE-2024-49048 | TorchGeo Remote Code Execution Vulnerability |
| Microsoft | Visual Studio | CVE-2024-49044 | Visual Studio Elevation of Privilege Vulnerability |
| Microsoft | Visual Studio Code | CVE-2024-49050 | Visual Studio Code Python Extension Remote Code Execution Vulnerability |
| Microsoft | Visual Studio Code | CVE-2024-49049 | Visual Studio Code Remote Extension Elevation of Privilege Vulnerability |
| Microsoft | Windows CSC Service | CVE-2024-43644 | Windows Client-Side Caching Elevation of Privilege Vulnerability |
| Microsoft | Windows Defender Application Control (WDAC) | CVE-2024-43645 | Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability |
| Microsoft | Windows DWM Core Library | CVE-2024-43636 | Win32k Elevation of Privilege Vulnerability |
| Microsoft | Windows DWM Core Library | CVE-2024-43629 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| Microsoft | Windows Kerberos | CVE-2024-43639 | Windows Kerberos Remote Code Execution Vulnerability |
| Microsoft | Windows Kernel | CVE-2024-43630 | Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft | Windows NT OS Kernel | CVE-2024-43623 | Windows NT OS Kernel Elevation of Privilege Vulnerability |
| Microsoft | Windows NTLM | CVE-2024-43451 | NTLM Hash Disclosure Spoofing Vulnerability |
| Microsoft | Windows Package Library Manager | CVE-2024-38203 | Windows Package Library Manager Information Disclosure Vulnerability |
| Microsoft | Windows Registry | CVE-2024-43641 | Windows Registry Elevation of Privilege Vulnerability |
| Microsoft | Windows Registry | CVE-2024-43452 | Windows Registry Elevation of Privilege Vulnerability |
| Microsoft | Windows Secure Kernel Mode | CVE-2024-43631 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
| Microsoft | Windows Secure Kernel Mode | CVE-2024-43646 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
| Microsoft | Windows Secure Kernel Mode | CVE-2024-43640 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows SMB | CVE-2024-43642 | Windows SMB Denial of Service Vulnerability |
| Microsoft | Windows SMBv3 Client/Server | CVE-2024-43447 | Windows SMBv3 Server Remote Code Execution Vulnerability |
| Microsoft | Windows Task Scheduler | CVE-2024-49039 | Windows Task Scheduler Elevation of Privilege Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2024-43628 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2024-43621 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2024-43620 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2024-43627 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2024-43635 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2024-43622 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2024-43626 | Windows Telephony Service Elevation of Privilege Vulnerability |
| Microsoft | Windows Update Stack | CVE-2024-43530 | Windows Update Stack Elevation of Privilege Vulnerability |
| Microsoft | Windows USB Video Driver | CVE-2024-43643 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows USB Video Driver | CVE-2024-43449 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows USB Video Driver | CVE-2024-43637 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows USB Video Driver | CVE-2024-43634 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows USB Video Driver | CVE-2024-43638 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows VMSwitch | CVE-2024-43625 | Microsoft Windows VMSwitch Elevation of Privilege Vulnerability |
| Microsoft | Windows Win32 Kernel Subsystem | CVE-2024-49046 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43530
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Update Stack Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43530 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-43530 | CHEN QINGYANG with Topsec Alpha Team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43499
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET and Visual Studio Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43499 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| .NET 9.0 installed on Linux | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
9.0.0 | Maybe | None |
| .NET 9.0 installed on Mac OS | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
9.0.0 | Maybe | None |
| .NET 9.0 installed on Windows | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
9.0.0 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
17.10.9 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.11 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
17.11.6 | Unknown | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
17.6.21 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
17.8.16 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-43499 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43602
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure CycleCloud Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.9/TemporalScore:8.6
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker with basic user permissions can send specially crafted requests to modify the configuration of an Azure CycleCloud cluster to gain Root level permissions enabling them to execute commands on any Azure CycleCloud cluster in the current instance and in some scenarios, compromise administrator credentials. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43602 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure CycleCloud 8.0.0 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.5 | Maybe | None |
| Azure CycleCloud 8.0.1 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.5 | Maybe | None |
| Azure CycleCloud 8.0.2 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.5 | Maybe | None |
| Azure CycleCloud 8.1.0 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.5 | Maybe | None |
| Azure CycleCloud 8.1.1 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.5 | Maybe | None |
| Azure CycleCloud 8.2.0 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.5 | Maybe | None |
| Azure CycleCloud 8.2.1 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.5 | Maybe | None |
| Azure CycleCloud 8.2.2 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.5 | Maybe | None |
| Azure CycleCloud 8.3.0 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.5 | Maybe | None |
| Azure CycleCloud 8.4.0 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.5 | Maybe | None |
| Azure CycleCloud 8.4.1 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.5 | Maybe | None |
| Azure CycleCloud 8.4.2 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.5 | Maybe | None |
| Azure CycleCloud 8.5.0 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.5 | Maybe | None |
| Azure CycleCloud 8.6.0 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.5 | Maybe | None |
| Azure CycleCloud 8.6.1 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.5 | Maybe | None |
| Azure CycleCloud 8.6.2 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.5 | Maybe | None |
| Azure CycleCloud 8.6.3 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.5 | Maybe | None |
| Azure CycleCloud 8.6.4 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.6.5 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-43602 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43623
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows NT OS Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43623 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Elevation of Privilege | 5044286 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Elevation of Privilege | 5044286 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | 5044356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | 5044356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | 5044342 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | 5044342 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | 5044343 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | 5044343 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | 5044288 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-43623 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43625
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to execute code on the Hyper-V host execution environment. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. Is SCVMM (System Center Virtual Machine Manager) affected by this vulnerability? The vulnerability is confined to the VmSwitch component within Hyper-V. SCVMM (System Center Virtual Machine Manager) primarily functions as an orchestration layer and is not exploitable by this vulnerability itself. How could an attacker exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to send a specific series of networking requests to the VMswitch driver triggering a use after free vulnerability in the Hyper-V host which grants host privileges that could be used to perform arbitrary code execution. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Critical | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43625 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Critical | Elevation of Privilege | 5044285 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Critical | Elevation of Privilege | 5044285 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Critical | Elevation of Privilege | 5044285 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Critical | Elevation of Privilege | 5044285 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Critical | Elevation of Privilege | 5044284 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Critical | Elevation of Privilege | 5044284 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2022 | 5046616 (Security Update) | Critical | Elevation of Privilege | 5044281 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Critical | Elevation of Privilege | 5044281 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Critical | Elevation of Privilege | 5044288 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Critical | Elevation of Privilege | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Critical | Elevation of Privilege | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-43625 | Henry Wang with Microsoft Offensive Research and Security Engineering (MORSE) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43626
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43626 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Elevation of Privilege | 5044286 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Elevation of Privilege | 5044286 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | 5044356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | 5044356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | 5044342 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | 5044342 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | 5044343 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | 5044343 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | 5044288 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-43626 | Chen Le Qi with STAR Labs SG Pte. Ltd.
mochizu with STAR Labs SG Pte. Ltd. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43627
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43627 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Remote Code Execution | 5044286 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Remote Code Execution | 5044286 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Remote Code Execution | 5044293 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Remote Code Execution | 5044293 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Remote Code Execution | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Remote Code Execution | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5044284 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5044284 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | 5044320 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | 5044320 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | 5044320 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | 5044320 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Remote Code Execution | 5044356 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Remote Code Execution | 5044356 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Remote Code Execution | 5044342 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Remote Code Execution | 5044342 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Remote Code Execution | 5044343 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Remote Code Execution | 5044343 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2016 | 5046612 (Security Update) | Important | Remote Code Execution | 5044293 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Remote Code Execution | 5044293 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2019 | 5046615 (Security Update) | Important | Remote Code Execution | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Remote Code Execution | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Remote Code Execution | 5044281 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Remote Code Execution | 5044281 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Remote Code Execution | 5044288 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-43627 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43628
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43628 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Remote Code Execution | 5044286 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Remote Code Execution | 5044286 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Remote Code Execution | 5044293 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Remote Code Execution | 5044293 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Remote Code Execution | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Remote Code Execution | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5044284 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5044284 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | 5044320 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | 5044320 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | 5044320 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | 5044320 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Remote Code Execution | 5044356 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Remote Code Execution | 5044356 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Remote Code Execution | 5044342 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Remote Code Execution | 5044342 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Remote Code Execution | 5044343 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Remote Code Execution | 5044343 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2016 | 5046612 (Security Update) | Important | Remote Code Execution | 5044293 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Remote Code Execution | 5044293 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2019 | 5046615 (Security Update) | Important | Remote Code Execution | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Remote Code Execution | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Remote Code Execution | 5044281 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Remote Code Execution | 5044281 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Remote Code Execution | 5044288 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-43628 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43630
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43630 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | 5044288 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-43630 | Anonymous RanchoIce |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43631
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.7/TemporalScore:5.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43631 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | 5044288 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-43631 | Microsoft Offensive Research & Security Engineering (MORSE) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43634
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43634 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Elevation of Privilege | 5044286 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Elevation of Privilege | 5044286 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | 5044356 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | 5044356 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | 5044342 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | 5044342 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | 5044343 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | 5044343 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | 5044288 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-43634 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43637
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43637 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Elevation of Privilege | 5044286 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Elevation of Privilege | 5044286 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | 5044356 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | 5044356 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | 5044342 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | 5044342 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | 5044343 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | 5044343 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | 5044288 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-43637 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43638
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43638 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Elevation of Privilege | 5044286 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Elevation of Privilege | 5044286 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | 5044356 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | 5044356 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | 5044342 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | 5044342 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | 5044343 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | 5044343 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | 5044288 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-43638 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43643
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43643 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Elevation of Privilege | 5044286 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Elevation of Privilege | 5044286 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | 5044356 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | 5044356 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | 5044342 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | 5044342 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | 5044343 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | 5044343 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | 5044288 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-43643 | Adel from MSRC V&M |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43644
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Client-Side Caching Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43644 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Elevation of Privilege | 5044286 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Elevation of Privilege | 5044286 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | 5044356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | 5044356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | 5044342 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | 5044342 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | 5044343 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | 5044343 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | 5044288 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-43644 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43645
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.7/TemporalScore:5.8
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploits this vulnerability could bypass Windows Defender Application Control (WDAC) enforcement. This could lead to the ability to run unauthorized applications on target systems. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43645 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Security Feature Bypass | 5044286 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Security Feature Bypass | 5044286 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Security Feature Bypass | 5044293 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Security Feature Bypass | 5044293 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Security Feature Bypass | 5044277 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Security Feature Bypass | 5044277 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2016 | 5046612 (Security Update) | Important | Security Feature Bypass | 5044293 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Security Feature Bypass | 5044293 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2019 | 5046615 (Security Update) | Important | Security Feature Bypass | 5044277 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Security Feature Bypass | 5044277 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-43645 | Jordan Geurten with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43646
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.7/TemporalScore:5.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43646 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | 5044288 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-43646 | Microsoft Offensive Research & Security Engineering (MORSE) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43447
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows SMBv3 Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? To successfully exploit this vulnerability, an attacker would need to use a malicious SMB client to mount an attack against the SMB server. This exploit is only applicable to SMB over QUIC. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43447 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2022 | 5046616 (Security Update) | Important | Remote Code Execution | 5044281 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Remote Code Execution | 5044281 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-43447 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43449
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43449 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Elevation of Privilege | 5044286 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Elevation of Privilege | 5044286 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | 5044356 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | 5044356 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | 5044342 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | 5044342 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | 5044343 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | 5044343 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | 5044288 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-43449 | Adel from MSRC V&M |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43450
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows DNS Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack. According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43450 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Spoofing | 5044356 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Spoofing | 5044356 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Spoofing | 5044342 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Spoofing | 5044342 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Spoofing | 5044343 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Spoofing | 5044343 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2016 | 5046612 (Security Update) | Important | Spoofing | 5044293 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Spoofing | 5044293 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2019 | 5046615 (Security Update) | Important | Spoofing | 5044277 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Spoofing | 5044277 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Spoofing | 5044281 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Spoofing | 5044281 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Spoofing | 5044288 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Spoofing | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | None | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Spoofing | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | None | |
| CVE ID | Acknowledgements |
| CVE-2024-43450 | Peng Zuo (zuopeng@cnnic.cn) Qian Wang (wangqian@cnnic.cn) Ming He (heming@cnnic.cn) Zhiwei Yanyan (zhiwei@cnnic.cn) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43451
MITRE NVD Issuing CNA: Microsoft |
CVE Title: NTLM Hash Disclosure Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.0
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability? This vulnerability discloses a user's NTLMv2 hash to the attacker who could use this to authenticate as the user. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Minimal interaction with a malicious file by a user such as selecting (single-click), inspecting (right-click), or performing an action other than opening or executing could trigger this vulnerability. The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | Yes | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43451 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Spoofing | 5044286 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Spoofing | 5044286 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Spoofing | 5044293 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Spoofing | 5044293 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Spoofing | 5044277 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Spoofing | 5044277 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Spoofing | 5044273 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Spoofing | 5044273 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Spoofing | 5044273 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Spoofing | 5044273 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Spoofing | 5044273 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Spoofing | 5044273 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Spoofing | 5044285 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Spoofing | 5044285 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Spoofing | 5044285 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Spoofing | 5044285 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Spoofing | 5044284 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Spoofing | 5044284 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) 5046630 (IE Cumulative) |
Important | Spoofing | 5044320 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
6.0.6003.22966 1.001 |
Yes | 5046661 5046639 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) 5046630 (IE Cumulative) |
Important | Spoofing | 5044320 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
6.0.6003.22966 1.001 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) 5046630 (IE Cumulative) |
Important | Spoofing | 5044320 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
6.0.6003.22966 1.001 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) 5046630 (IE Cumulative) |
Important | Spoofing | 5044320 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
6.0.6003.22966 1.001 |
Yes | 5046661 5046639 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046630 (IE Cumulative) 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Spoofing | 5044356 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
1.001 6.1.7601.27415 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046630 (IE Cumulative) 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Spoofing | 5044356 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
1.001 6.1.7601.27415 |
Yes | None |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Spoofing | 5044342 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Spoofing | 5044342 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 R2 | 5046630 (IE Cumulative) 5046682 (Monthly Rollup) |
Important | Spoofing | 5044343 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
1.001 6.3.9600.22267 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5046630 (IE Cumulative) 5046682 (Monthly Rollup) |
Important | Spoofing | 5044343 |
Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
1.001 6.3.9600.22267 |
Yes | None |
| Windows Server 2016 | 5046612 (Security Update) | Important | Spoofing | 5044293 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Spoofing | 5044293 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2019 | 5046615 (Security Update) | Important | Spoofing | 5044277 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Spoofing | 5044277 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Spoofing | 5044281 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Spoofing | 5044281 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Spoofing | 5044288 | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Spoofing | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Spoofing | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-43451 | Israel Yeshurun with ClearSky Cyber Security |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43452
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Registry Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to have a deep understanding of the system and the ability to manipulate its components to trigger a specific condition. Successful exploitation is not guaranteed and depends on a combination of factors that may include the environment, system configuration, and the presence of additional security measures. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? This vulnerability could be triggered when a windows client connects to a malicious remote share. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43452 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | 5044288 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-43452 | Mateusz Jurczyk with Google Project Zero |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-38255
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38255 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-38255 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38264
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.2
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38264 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Denial of Service | 5044285 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Denial of Service | 5044285 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Denial of Service | 5044285 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Denial of Service | 5044285 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5044284 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5044284 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Denial of Service | 5044288 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Denial of Service | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Denial of Service | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-38264 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-43459
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43459 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-43459 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-43462
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43462 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-43462 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-48994
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-48994 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-48994 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-48995
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-48995 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-48995 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-48996
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-48996 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-48996 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-5535
MITRE NVD Issuing CNA: OpenSSL |
CVE Title: OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread
CVSS: CVSS:3.1 Highest BaseScore:9.1/TemporalScore:9.1
Executive Summary: We are republishing this OpenSSL CVE to document that the latest version Microsoft Defender for Endpoint has been updated to protect against this OpenSSL library vulnerability. FAQ: How could an attacker exploit this vulnerability? Exploitation of this vulnerability requires that an attacker send a malicious link to the victim via email, or that they convince the user to click the link, typically by way of an enticement in an email or Instant Messenger message. In the worst-case email attack scenario, an attacker could send a specially crafted email to the user without a requirement that the victim open, read, or click on the link. This could result in the attacker executing remote code on the victim's machine. When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk (UI:N). Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-5535 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | openssl (CBL-Mariner) | Unknown | Unknown | None | Base: 9.1 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
3.3.0-2 | Unknown | None |
| Azure Linux 3.0 x64 | openssl (CBL-Mariner) | Unknown | Unknown | None | Base: 9.1 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
3.3.0-2 | Unknown | None |
| CBL Mariner 2.0 ARM | cloud-hypervisor-cvm (CBL-Mariner) openssl (CBL-Mariner) |
Unknown | Unknown | Base: 9.1 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
38.0.72.2-3 1.1.1k-35 |
None | ||
| CBL Mariner 2.0 x64 | openssl (CBL-Mariner) cloud-hypervisor-cvm (CBL-Mariner) |
Unknown | Unknown | Base: 9.1 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
1.1.1k-35 38.0.72.2-3 |
None | ||
| Microsoft Defender for Endpoint for Android | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.1 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
1.0.7001.0101 | No | None |
| Microsoft Defender for Endpoint for iOS | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.1 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
1.1.58140101 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-5535 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49040
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Exchange Server Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.7
Executive Summary: None FAQ: Is there additional information I need to know about or actions to perform after installing the update? Yes, please see the information available in Exchange Server non-RFC compliant P2 FROM header detection. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49040 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Exchange Server 2016 Cumulative Update 23 | 5044062 (Security Update) | Important | Spoofing | 5037224 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
15.01.2507.043 | Yes | None |
| Microsoft Exchange Server 2019 Cumulative Update 13 | 5044062 (Security Update) | Important | Spoofing | 5037224 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
15.02.1258.038 | Yes | None |
| Microsoft Exchange Server 2019 Cumulative Update 14 | 5044062 (Security Update) | Important | Spoofing | 5037224 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
15.02.1544.013 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-49040 | Slonser with Solidlab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-49043
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49043 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 15) | 5046862 (Security Update) | Important | Remote Code Execution | 5046059 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4155.4 | Maybe | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5046861 (Security Update) | Important | Remote Code Execution | 5046057 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1135.2 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49043 | CHEN QINGYANG with Topsec Alpha Team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49044
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Visual Studio Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.7/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability? An authenticated attacker could create a malicious extension and then wait for an authenticated user to create a new Visual Studio project that uses that extension. The result is that the attacker could gain the privileges of the user. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability? The performance can be interrupted and/or reduced, but the attacker cannot fully deny service. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49044 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C |
17.10.9 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.11 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C |
17.11.6 | Unknown | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C |
17.6.21 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C |
17.8.16 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49044 | Filip Dragović |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49046
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49046 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Elevation of Privilege | 5044286 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Elevation of Privilege | 5044286 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | 5044356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | 5044356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | 5044342 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | 5044342 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | 5044343 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | 5044343 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | 5044288 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-49046 | Joe Bialek with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49049
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Visual Studio Code Remote Extension Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.1/TemporalScore:6.2
Executive Summary: None FAQ: According to the CVSS metrics, the attack vector is local (AV:L) and privilege required is low (PR:L). What does that mean for this vulnerability? An attacker must have local access to the targeted machine and must be able to create folders and performance traces on the machine, with restricted privileges that normal users have by default. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Moderate | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49049 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Visual Studio Code Remote - SSH Extension | Release Notes (Security Update) | Moderate | Elevation of Privilege | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
0.115.1 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49049 | Aleksandar Straumann with Meta Greg Prosser with Meta |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49056
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Airlift.microsoft.com Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network. FAQ: Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability? This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. This purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Critical | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49056 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| airlift.microsoft.com | Critical | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Unknown | Unknown | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49056 | Cameron Vincent with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43598
MITRE NVD Issuing CNA: Microsoft |
CVE Title: LightGBM Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43598 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| LightGBM | Releaase Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
4.6.0 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-43598 | Tian Yu (@0gur1). Submitted to Huntr by ProtectAI |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43498
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET and Visual Studio Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.8/TemporalScore:8.5
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to a vulnerable .NET webapp or by loading a specially crafted file into a vulnerable desktop app. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43498 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| .NET 9.0 installed on Linux | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.0 | Maybe | None |
| .NET 9.0 installed on Mac OS | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.0 | Maybe | None |
| .NET 9.0 installed on Windows | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.0 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.10.9 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.11 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.11.6 | Unknown | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.6.21 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.8.16 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-43498 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43620
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43620 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Remote Code Execution | 5044286 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Remote Code Execution | 5044286 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Remote Code Execution | 5044293 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Remote Code Execution | 5044293 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Remote Code Execution | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Remote Code Execution | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5044284 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5044284 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | 5044320 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | 5044320 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | 5044320 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | 5044320 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Remote Code Execution | 5044356 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Remote Code Execution | 5044356 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Remote Code Execution | 5044342 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Remote Code Execution | 5044342 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Remote Code Execution | 5044343 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Remote Code Execution | 5044343 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2016 | 5046612 (Security Update) | Important | Remote Code Execution | 5044293 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Remote Code Execution | 5044293 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2019 | 5046615 (Security Update) | Important | Remote Code Execution | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Remote Code Execution | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Remote Code Execution | 5044281 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Remote Code Execution | 5044281 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Remote Code Execution | 5044288 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-43620 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43621
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43621 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Remote Code Execution | 5044286 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Remote Code Execution | 5044286 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Remote Code Execution | 5044293 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Remote Code Execution | 5044293 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Remote Code Execution | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Remote Code Execution | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5044284 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5044284 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | 5044320 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | 5044320 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | 5044320 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | 5044320 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Remote Code Execution | 5044356 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Remote Code Execution | 5044356 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Remote Code Execution | 5044342 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Remote Code Execution | 5044342 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Remote Code Execution | 5044343 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Remote Code Execution | 5044343 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2016 | 5046612 (Security Update) | Important | Remote Code Execution | 5044293 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Remote Code Execution | 5044293 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2019 | 5046615 (Security Update) | Important | Remote Code Execution | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Remote Code Execution | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Remote Code Execution | 5044281 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Remote Code Execution | 5044281 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Remote Code Execution | 5044288 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-43621 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43622
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43622 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Remote Code Execution | 5044286 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Remote Code Execution | 5044286 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Remote Code Execution | 5044293 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Remote Code Execution | 5044293 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Remote Code Execution | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Remote Code Execution | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5044284 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5044284 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | 5044320 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | 5044320 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | 5044320 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | 5044320 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Remote Code Execution | 5044356 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Remote Code Execution | 5044356 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Remote Code Execution | 5044342 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Remote Code Execution | 5044342 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Remote Code Execution | 5044343 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Remote Code Execution | 5044343 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2016 | 5046612 (Security Update) | Important | Remote Code Execution | 5044293 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Remote Code Execution | 5044293 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2019 | 5046615 (Security Update) | Important | Remote Code Execution | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Remote Code Execution | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Remote Code Execution | 5044281 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Remote Code Execution | 5044281 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Remote Code Execution | 5044288 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-43622 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43624
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How would an attacker exploit this vulnerability? This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43624 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | 5044288 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-43624 | D4m0n with CW Research Inc. nevul37 with CW Research Inc. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43629
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows DWM Core Library Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43629 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | 5044288 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-43629 | Sergey Tarasov with Positive Technologies |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43633
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Hyper-V Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An attacker who successfully exploited this vulnerability could potentially execute a cross-VM attack, thereby compromising multiple virtual machines and expanding the impact of the attack beyond the initially targeted VM. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43633 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Denial of Service | 5044285 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Denial of Service | 5044285 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Denial of Service | 5044285 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Denial of Service | 5044285 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5044284 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5044284 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| CVE ID | Acknowledgements |
| CVE-2024-43633 | ChengBin Wang with ZheJiang Guoli Security Technology |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43635
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43635 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Remote Code Execution | 5044286 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Remote Code Execution | 5044286 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Remote Code Execution | 5044293 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Remote Code Execution | 5044293 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Remote Code Execution | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Remote Code Execution | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | 5044273 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | 5044285 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5044284 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5044284 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | 5044320 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | 5044320 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | 5044320 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | 5044320 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Remote Code Execution | 5044356 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Remote Code Execution | 5044356 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Remote Code Execution | 5044342 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Remote Code Execution | 5044342 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Remote Code Execution | 5044343 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Remote Code Execution | 5044343 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2016 | 5046612 (Security Update) | Important | Remote Code Execution | 5044293 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Remote Code Execution | 5044293 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2019 | 5046615 (Security Update) | Important | Remote Code Execution | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Remote Code Execution | 5044277 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Remote Code Execution | 5044281 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Remote Code Execution | 5044281 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Remote Code Execution | 5044288 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-43635 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43636
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43636 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Elevation of Privilege | 5044286 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Elevation of Privilege | 5044286 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | 5044343 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | 5044343 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | 5044288 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-43636 | Joe Bialek (Microsoft Offensive Research & Security Engineering) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43639
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kerberos Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.8/TemporalScore:8.5
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could use a specially crafted application to leverage a cryptographic protocol vulnerability in Windows Kerberos to perform remote code execution against the target. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43639 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Critical | Remote Code Execution | 5044342 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Critical | Remote Code Execution | 5044342 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Critical | Remote Code Execution | 5044343 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Critical | Remote Code Execution | 5044343 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2016 | 5046612 (Security Update) | Critical | Remote Code Execution | 5044293 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Critical | Remote Code Execution | 5044293 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2019 | 5046615 (Security Update) | Critical | Remote Code Execution | 5044277 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Critical | Remote Code Execution | 5044277 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Critical | Remote Code Execution | 5044281 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Critical | Remote Code Execution | 5044281 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Critical | Remote Code Execution | 5044288 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Critical | Remote Code Execution | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | None | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Critical | Remote Code Execution | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | None | |
| CVE ID | Acknowledgements |
| CVE-2024-43639 | Wei in Kunlun Lab with Cyber KunLun k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43640
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43640 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-43640 | Kam Reypour |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43641
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Registry Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43641 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Elevation of Privilege | 5044286 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Elevation of Privilege | 5044286 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | 5044356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | 5044356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | 5044342 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | 5044342 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | 5044343 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | 5044343 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | 5044288 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-43641 | Mateusz Jurczyk with Google Project Zero |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43642
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows SMB Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43642 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Denial of Service | 5044285 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Denial of Service | 5044285 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Denial of Service | 5044285 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Denial of Service | 5044285 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5044284 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5044284 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2022 | 5046616 (Security Update) | Important | Denial of Service | 5044281 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Denial of Service | 5044281 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Denial of Service | 5044288 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Denial of Service | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Denial of Service | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-43642 | Andrew Ruddick with Microsoft Red Team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38203
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Package Library Manager Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.2/TemporalScore:5.4
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is secrets or privileged information belonging to the user of the affected application. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38203 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Information Disclosure | 5044286 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Information Disclosure | 5044286 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Information Disclosure | 5044293 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Information Disclosure | 5044293 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Information Disclosure | 5044277 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Information Disclosure | 5044277 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Information Disclosure | 5044273 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Information Disclosure | 5044273 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Information Disclosure | 5044273 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Information Disclosure | 5044273 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Information Disclosure | 5044273 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Information Disclosure | 5044273 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Information Disclosure | 5044285 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Information Disclosure | 5044285 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Information Disclosure | 5044285 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Information Disclosure | 5044285 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Information Disclosure | 5044284 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Information Disclosure | 5044284 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Information Disclosure | 5044320 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Information Disclosure | 5044320 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Information Disclosure | 5044320 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Information Disclosure | 5044320 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Information Disclosure | 5044356 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Information Disclosure | 5044356 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Information Disclosure | 5044342 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Information Disclosure | 5044342 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Information Disclosure | 5044343 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Information Disclosure | 5044343 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2016 | 5046612 (Security Update) | Important | Information Disclosure | 5044293 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Information Disclosure | 5044293 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2019 | 5046615 (Security Update) | Important | Information Disclosure | 5044277 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Information Disclosure | 5044277 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Information Disclosure | 5044281 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Information Disclosure | 5044281 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Information Disclosure | 5044288 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Information Disclosure | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Information Disclosure | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-38203 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-48993
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-48993 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-48993 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-48997
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-48997 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-48997 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-48998
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-48998 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-48998 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-48999
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-48999 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-48999 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-49000
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49000 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49000 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-49001
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49001 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49001 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-49002
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49002 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49002 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-49003
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49003 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49003 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-49004
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49004 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49004 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-49005
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49005 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49005 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-49007
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49007 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49007 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-49006
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49006 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49006 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49008
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49008 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49008 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49009
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49009 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49009 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49010
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49010 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49010 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49011
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49011 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49011 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49012
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49012 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49012 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49013
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49013 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49013 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49014
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49014 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49014 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49015
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49015 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49015 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49016
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49016 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49016 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49017
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49017 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49017 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49018
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49018 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49018 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49019
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Active Directory Certificate Services Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain domain administrator privileges. What types of certificates are vulnerable to this type of attack? Certificates created using a version 1 certificate template with Source of subject name set to "Supplied in the request" are potentially vulnerable if the template is not secured according to the best practices published in the Securing Certificate Templates section of Securing PKI: Technical Controls for Securing PKI | Microsoft Learn. How do I know if my PKI environment is vulnerable to this type of attack? Check if you have published any certificates created using a version 1 certificate template where the Source of subject name is set to "Supplied in the request" and the Enroll permissions are granted to a broader set of accounts, such as domain users or domain computers. An example is the built-in Web Server template, but it is not vulnerable by default due to its restricted Enroll permissions. Mitigations: The following are several recommendations to consider in order to secure certificate templates: 1. Remove Overly Broad Enroll or Autoenroll Permissions - Avoid granting overly broad enrollment permissions for certificates. Instead, carefully consider which accounts need permissions, and explicitly deny enrollment rights for users or groups of users that should not be eligible for enrollment. 2. Remove Unused Templates from Certification Authorities - several templates are included as part of the installation of an enterprise CA. If those templates are not required, they should be removed. 3. Secure Templates that Allow You to Specify the Subject in the Request:
More details on securing certificate templates can be found in this following documentation: Securing PKI: Technical Controls for Securing PKI | Microsoft Learn. Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49019 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | 5044320 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22966 |
Yes | 5046661 5046639 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | 5044356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | 5044356 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27415 | Yes | None |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | 5044342 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | 5044342 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25165 | Yes | None |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | 5044343 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | 5044343 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22267 | Yes | None |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | 5044288 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | None | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49019 | Justin Bollinger with TrustedSec Scot Berner with TrustedSec Lou Scicchitano with TrustedSec |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49021
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SQL Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49021 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6455.2 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | 5046063 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7050.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | 5046061 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3485.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | 5046058 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2070.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | 5046365 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4410.1 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | 5046056 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2130.3 | Maybe | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 15) | 5046862 (Security Update) | Important | Remote Code Execution | 5046059 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4155.4 | Maybe | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5046861 (Security Update) | Important | Remote Code Execution | 5046057 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1135.2 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49021 | CHEN QINGYANG with Topsec Alpha Team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49026
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49026 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Excel 2016 Click-to-Run (C2R) for 32-bit editions | 5002653 (Security Update) | Important | Remote Code Execution | 5002643 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5474.1001 | Maybe | None |
| Microsoft Excel 2016 Click-to-Run (C2R) for 64-bit editions | 5002653 (Security Update) | Important | Remote Code Execution | 5002643 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5474.1001 | Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office Online Server | 5002648 (Security Update) | Important | Remote Code Execution | 5002601 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10416.20007 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49026 | Orange Tsai (@orange_8361) with DEVCORE splitline (@_splitline_) with DEVCORE |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49027
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49027 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Excel 2016 (32-bit edition) | 5002653 (Security Update) | Important | Remote Code Execution | 5002643 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5474.1001 | Maybe | None |
| Microsoft Excel 2016 (64-bit edition) | 5002653 (Security Update) | Important | Remote Code Execution | 5002643 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5474.1001 | Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.91.24111020 | Maybe | None |
| Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.91.24111020 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49027 | 0x140ce |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49028
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49028 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Excel 2016 (32-bit edition) | 5002653 (Security Update) | Important | Remote Code Execution | 5002643 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5474.1001 | Maybe | None |
| Microsoft Excel 2016 (64-bit edition) | 5002653 (Security Update) | Important | Remote Code Execution | 5002643 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5474.1001 | Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.91.24111020 | Maybe | None |
| Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.91.24111020 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49028 | Li Shuang and willJ with vulnerability research institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49029
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49029 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Excel 2016 (32-bit edition) | 5002653 (Security Update) | Important | Remote Code Execution | 5002643 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5474.1001 | Maybe | None |
| Microsoft Excel 2016 (64-bit edition) | 5002653 (Security Update) | Important | Remote Code Execution | 5002643 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5474.1001 | Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.91.24111020 | Maybe | None |
| Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.91.24111020 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49029 | Li Shuang and willJ with vulnerability research institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49030
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49030 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Excel 2016 (32-bit edition) | 5002653 (Security Update) | Important | Remote Code Execution | 5002643 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5474.1001 | Maybe | None |
| Microsoft Excel 2016 (64-bit edition) | 5002653 (Security Update) | Important | Remote Code Execution | 5002643 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5474.1001 | Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.91.24111020 | Maybe | None |
| Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.91.24111020 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49030 | Li Shuang and willJ with vulnerability research institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49031
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Graphics Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49031 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2016 (32-bit edition) | 5002642 (Security Update) | Important | Remote Code Execution | 5002625 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5474.1000 | Maybe | None |
| Microsoft Office 2016 (64-bit edition) | 5002642 (Security Update) | Important | Remote Code Execution | 5002625 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5474.1000 | Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.91.24111020 | Maybe | None |
| Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.91.24111020 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49031 | Li Shuang and willJ with vulnerability research institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49032
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Graphics Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49032 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2016 (32-bit edition) | 5002642 (Security Update) | Important | Remote Code Execution | 5002625 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5474.1000 | Maybe | None |
| Microsoft Office 2016 (64-bit edition) | 5002642 (Security Update) | Important | Remote Code Execution | 5002625 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5474.1000 | Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.91.24111020 | Maybe | None |
| Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.91.24111020 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49032 | Anonymous with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49033
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Word Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? This vulnerability could allow an attacker to bypass specific functionality of the Office Protected View. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted Word file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to open the file, typically by way of an enticement in an email or instant message. Then the attacker must convince the victim to open the malicious file. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49033 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Security Feature Bypass | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.91.24111020 | Maybe | None |
| Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Security Feature Bypass | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.91.24111020 | Maybe | None |
| Microsoft Word 2016 (32-bit edition) | 5002619 (Security Update) | Important | Security Feature Bypass | 5002542 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5474.1000 | Maybe | None |
| Microsoft Word 2016 (64-bit edition) | 5002619 (Security Update) | Important | Security Feature Bypass | 5002542 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5474.1000 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49033 | Felix Boulet |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49039
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Task Scheduler Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:8.2
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application on the target system exploit the vulnerability to elevate their privileges to a Medium Integrity Level. According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to privileged accounts only. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49039 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Elevation of Privilege | 5044286 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Elevation of Privilege | 5044286 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.10240.20826 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19044.5131 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | 5044273 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19045.5131 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22621.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | 5044285 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22631.4460 |
Yes | 5046633 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5044284 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | 5044293 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.7515 | Yes | None |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | 5044277 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.6532 | Yes | None |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | 5044281 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.20348.2849 | Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | 5044288 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.25398.1251 | Yes | None |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.26100.2314 10.0.26100.2240 |
Yes | 5046617 | |
| CVE ID | Acknowledgements |
| CVE-2024-49039 | Anonymous Vlad Stolyarov and Bahare Sabouri of Google's Threat Analysis Group Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49048
MITRE NVD Issuing CNA: Microsoft |
CVE Title: TorchGeo Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49048 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft TorchGeo | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
0.6.1 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49048 | Peng Zhou (zpbrent) with Shanghai University |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49050
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Visual Studio Code Python Extension Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49050 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Python extension for Visual Studio Code | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
2024.18.2 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49050 | Felix Boulet |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49051
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft PC Manager Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker would be able to delete any system files. How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49051 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft PC Manager | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
3.14.10.0 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49051 | BochengXiang(@Crispr) with FDU |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2024-10826
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-10826 Use after free in Family Experiences
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 07-Nov-24 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-10826 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
130.0.2849.80 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-10826 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2024-10827
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-10827 Use after free in Serial
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 07-Nov-24 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-10827 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
130.0.2849.80 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-10827 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| ADV240001
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Defense in Depth Update
CVSS: None Executive Summary: Microsoft has released an security update for Microsoft SharePoint Server. The update provides a defense in depth enhancement regarding redirections. FAQ: Why is this advisory published to the Security Updates Guide Vulnerabilities tab instead of the Advisories tab? We are publishing this advisory to the Security Update Guide's Vulnerabilities tab to document the related defense in depth security updates in the Deployments tab. Generally advisories do not contain security updates. However Microsoft Engineering elected to provide them to ensure customers could ensure they are protected. Please reference the Security Updates table or the Deployments tab to find the security update for related to your product. Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. |
None | Defense in Depth |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| ADV240001 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SharePoint Enterprise Server 2016 | 5002654 (Security Update) | None | Defense in Depth | 5002645 | Base: N/A Temporal: N/A Vector: N/A |
16.0.5474.1001 | Yes | None |
| Microsoft SharePoint Server 2019 | 5002650 (Security Update) | None | Defense in Depth | 5002647 | Base: N/A Temporal: N/A Vector: N/A |
16.0.10416.20000 | Yes | None |
| Microsoft SharePoint Server Subscription Edition | 5002651 (Security Update) | None | Defense in Depth | 5002649 | Base: N/A Temporal: N/A Vector: N/A |
16.0.17928.20238 | Maybe | None |
| CVE ID | Acknowledgements |
| ADV240001 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-6237
MITRE NVD Issuing CNA: openssl-security@openssl.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 25-Apr-24 Information published. 1.0 30-Jun-24 Information published. 1.0 13-Jul-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 2.0 01-Nov-24 Added cloud-hypervisor-cvm to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0 Added cloud-hypervisor-cvm to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added openssl to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-6237 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | cloud-hypervisor-cvm (CBL-Mariner) nodejs (CBL-Mariner) openssl (CBL-Mariner) |
Unknown | Unknown | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
38.0.72.2-1 20.14.0-1 3.3.0-1 |
None | ||
| Azure Linux 3.0 x64 | cloud-hypervisor-cvm (CBL-Mariner) nodejs (CBL-Mariner) openssl (CBL-Mariner) |
Unknown | Unknown | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
38.0.72.2-1 20.14.0-1 3.3.0-1 |
None | ||
| CBL Mariner 2.0 ARM | cloud-hypervisor-cvm (CBL-Mariner) nodejs18 (CBL-Mariner) |
Unknown | Unknown | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
38.0.72.2-1 18.20.2-1 |
None | ||
| CBL Mariner 2.0 x64 | cloud-hypervisor-cvm (CBL-Mariner) nodejs18 (CBL-Mariner) |
Unknown | Unknown | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
38.0.72.2-1 18.20.2-1 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2023-6237 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-49582
MITRE NVD Issuing CNA: security@apache.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01-Nov-24 Information published. 2.0 09-Nov-24 Added apr to Azure Linux 3.0 Added apr to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-49582 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | apr (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.7.5-1 | Unknown | None |
| Azure Linux 3.0 x64 | apr (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.7.5-1 | Unknown | None |
| CBL Mariner 2.0 ARM | apr (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.7.5-1 | Unknown | None |
| CBL Mariner 2.0 x64 | apr (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.7.5-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-49582 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-38588
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Oct-24 Information published. 2.0 01-Nov-24 Added kernel to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38588 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.167.1-2 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.167.1-2 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-38588 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-38381
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.1/TemporalScore:7.1
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Oct-24 Information published. 2.0 15-Oct-24 Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0 3.0 01-Nov-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38381 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
6.6.51.1-1 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
6.6.51.1-1 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
5.15.167.1-2 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
5.15.167.1-2 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-38381 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-42228
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:7.0
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 16-Aug-24 Information published. 1.0 12-Oct-24 Information published. 2.0 01-Nov-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-42228 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.43.1-7 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.43.1-7 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.167.1-2 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.167.1-2 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-42228 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-8006
MITRE NVD Issuing CNA: security@tcpdump.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.4/TemporalScore:4.4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01-Nov-24 Information published. 2.0 09-Nov-24 Added libpcap to Azure Linux 3.0 Added libpcap to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-8006 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | libpcap (CBL-Mariner) | Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
1.10.5-1 | Unknown | None |
| Azure Linux 3.0 x64 | libpcap (CBL-Mariner) | Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
1.10.5-1 | Unknown | None |
| CBL Mariner 2.0 ARM | libpcap (CBL-Mariner) | Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
1.10.1-3 | Unknown | None |
| CBL Mariner 2.0 x64 | libpcap (CBL-Mariner) | Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
1.10.1-3 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-8006 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-24786
MITRE NVD Issuing CNA: security@golang.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 08-Mar-24 Information published. 2.0 01-Apr-24 Added node-problem-detector to CBL-Mariner 2.0 1.0 30-Jun-24 Information published. 1.0 02-Jul-24 Information published. 1.0 10-Jul-24 Information published. 1.0 16-Aug-24 Information published. 1.0 25-Aug-24 Information published. 1.0 26-Aug-24 Information published. 1.0 27-Aug-24 Information published. 1.0 28-Aug-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 1.0 13-Sep-24 Information published. 1.0 12-Oct-24 Information published. 3.0 16-Oct-24 Added prometheus to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added vitess to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added ig to Azure Linux 3.0 4.0 01-Nov-24 Added kubernetes to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added vitess to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added ig to Azure Linux 3.0 5.0 08-Nov-24 Added azcopy to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-24786 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | azcopy (CBL-Mariner) blobfuse2 (CBL-Mariner) cert-manager (CBL-Mariner) cri-tools (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
10.24.0-1 2.3.0-1 1.12.12-1 1.30.1-1 |
None | ||
| Azure Linux 3.0 x64 | azcopy (CBL-Mariner) blobfuse2 (CBL-Mariner) cert-manager (CBL-Mariner) cri-tools (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
10.24.0-1 2.3.0-1 1.12.12-1 1.30.1-1 |
None | ||
| CBL Mariner 2.0 ARM | azcopy (CBL-Mariner) cert-manager (CBL-Mariner) kubernetes (CBL-Mariner) kubevirt (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
10.24.0-1 1.11.2-15 1.28.4-12 0.59.0-18 |
None | ||
| CBL Mariner 2.0 x64 | azcopy (CBL-Mariner) cert-manager (CBL-Mariner) kubernetes (CBL-Mariner) kubevirt (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
10.24.0-1 1.11.2-15 1.28.4-12 0.59.0-18 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2024-24786 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2022-32149
MITRE NVD Issuing CNA: security@golang.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 08-Nov-23 Information published. 2.0 24-Jan-24 Added sriov-network-device-plugin to CBL-Mariner 2.0 1.0 30-Jun-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 1.0 13-Sep-24 Information published. 1.0 19-Sep-24 Information published. 1.0 20-Sep-24 Information published. 1.0 21-Sep-24 Information published. 1.0 22-Sep-24 Information published. 1.0 23-Sep-24 Information published. 1.0 24-Sep-24 Information published. 1.0 25-Sep-24 Information published. 1.0 26-Sep-24 Information published. 1.0 27-Sep-24 Information published. 1.0 28-Sep-24 Information published. 1.0 29-Sep-24 Information published. 1.0 30-Sep-24 Information published. 1.0 01-Oct-24 Information published. 1.0 02-Oct-24 Information published. 1.0 03-Oct-24 Information published. 1.0 04-Oct-24 Information published. 1.0 05-Oct-24 Information published. 1.0 06-Oct-24 Information published. 1.0 07-Oct-24 Information published. 1.0 08-Oct-24 Information published. 1.0 09-Oct-24 Information published. 1.0 11-Oct-24 Information published. 1.0 12-Oct-24 Information published. 1.0 13-Oct-24 Information published. 1.0 14-Oct-24 Information published. 3.0 15-Oct-24 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 4.0 16-Oct-24 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 5.0 17-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 6.0 18-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 7.0 19-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 8.0 20-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 9.0 21-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 10.0 22-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 11.0 23-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 12.0 24-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 13.0 25-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 14.0 26-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 15.0 27-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 16.0 28-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 17.0 29-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 18.0 30-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 19.0 31-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 20.0 01-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 21.0 02-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 22.0 04-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 23.0 05-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 24.0 06-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 25.0 07-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 26.0 08-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 27.0 09-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 28.0 10-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 29.0 11-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 30.0 12-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2022-32149 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | cni (CBL-Mariner) keda (CBL-Mariner) kubevirt (CBL-Mariner) multus (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.1.2-3 2.14.0-1 1.2.0-1 4.0.2-1 |
None | ||
| Azure Linux 3.0 x64 | cni (CBL-Mariner) keda (CBL-Mariner) kubevirt (CBL-Mariner) multus (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.1.2-3 2.14.0-1 1.2.0-1 4.0.2-1 |
None | ||
| CBL Mariner 2.0 ARM | application-gateway-kubernetes-ingress (CBL-Mariner) cf-cli (CBL-Mariner) containerized-data-importer (CBL-Mariner) gh (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.4.0-23 8.4.0-21 1.55.0-21 2.13.0-22 |
None | ||
| CBL Mariner 2.0 x64 | application-gateway-kubernetes-ingress (CBL-Mariner) cf-cli (CBL-Mariner) containerized-data-importer (CBL-Mariner) gh (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.4.0-23 8.4.0-21 1.55.0-21 2.13.0-22 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2022-32149 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-41098
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 16-Aug-24 Information published. 1.0 12-Oct-24 Information published. 2.0 01-Nov-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-41098 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.43.1-7 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.43.1-7 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-2 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-2 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-41098 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-43853
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 1.0 12-Oct-24 Information published. 2.0 01-Nov-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43853 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.47.1-1 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.47.1-1 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-2 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-2 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-43853 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-8927
MITRE NVD Issuing CNA: security@php.net |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01-Nov-24 Information published. 2.0 09-Nov-24 Added php to Azure Linux 3.0 Added php to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-8927 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | php (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
8.3.12-1 | Unknown | None |
| Azure Linux 3.0 x64 | php (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
8.3.12-1 | Unknown | None |
| CBL Mariner 2.0 ARM | php (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
8.1.30-1 | Unknown | None |
| CBL Mariner 2.0 x64 | php (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
8.1.30-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-8927 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-46863
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Oct-24 Information published. 2.0 01-Nov-24 Added kernel to CBL-Mariner 2.0 3.0 09-Nov-24 Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-46863 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-2 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-2 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-46863 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-28182
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 30-Jun-24 Information published. 1.0 10-Jul-24 Information published. 1.0 16-Aug-24 Information published. 1.0 17-Aug-24 Information published. 1.0 18-Aug-24 Information published. 1.0 19-Aug-24 Information published. 1.0 20-Aug-24 Information published. 1.0 21-Aug-24 Information published. 1.0 22-Aug-24 Information published. 1.0 23-Aug-24 Information published. 1.0 24-Aug-24 Information published. 1.0 25-Aug-24 Information published. 1.0 26-Aug-24 Information published. 1.0 27-Aug-24 Information published. 1.0 28-Aug-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 2.0 22-Oct-24 Added fluent-bit to Azure Linux 3.0 Added nghttp2 to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added nodejs18 to CBL-Mariner 2.0 3.0 01-Nov-24 Added nghttp2 to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0 Added fluent-bit to Azure Linux 3.0 Added nghttp2 to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-28182 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | fluent-bit (CBL-Mariner) nghttp2 (CBL-Mariner) nodejs (CBL-Mariner) |
Unknown | Unknown | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.0.6-1 1.61.0-1 20.14.0-1 |
None | ||
| Azure Linux 3.0 x64 | fluent-bit (CBL-Mariner) nghttp2 (CBL-Mariner) nodejs (CBL-Mariner) |
Unknown | Unknown | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.0.6-1 1.61.0-1 20.14.0-1 |
None | ||
| CBL Mariner 2.0 ARM | nghttp2 (CBL-Mariner) nodejs18 (CBL-Mariner) |
Unknown | Unknown | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
1.57.0-2 18.20.3-1 |
None | ||
| CBL Mariner 2.0 x64 | nghttp2 (CBL-Mariner) nodejs18 (CBL-Mariner) |
Unknown | Unknown | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
1.57.0-2 18.20.3-1 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2024-28182 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-31228
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-31228 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | redis (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.2.16-1 | Unknown | None |
| CBL Mariner 2.0 x64 | redis (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.2.16-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-31228 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-31449
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:7.0
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 16-Oct-24 Information published. 2.0 01-Nov-24 Added redis to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-31449 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | redis (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.2.16-1 | Unknown | None |
| CBL Mariner 2.0 x64 | redis (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.2.16-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-31449 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-27282
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:6.6
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. 1.0 25-Aug-24 Information published. 1.0 26-Aug-24 Information published. 1.0 27-Aug-24 Information published. 1.0 28-Aug-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 2.0 01-Nov-24 Added ruby to CBL-Mariner 2.0 Added ruby to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-27282 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | ruby (CBL-Mariner) | Unknown | Unknown | None | Base: 6.6 Temporal: 6.6 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L |
3.3.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | ruby (CBL-Mariner) | Unknown | Unknown | None | Base: 6.6 Temporal: 6.6 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L |
3.3.3-1 | Unknown | None |
| CBL Mariner 2.0 ARM | ruby (CBL-Mariner) | Unknown | Unknown | None | Base: 6.6 Temporal: 6.6 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L |
3.1.4-5 | Unknown | None |
| CBL Mariner 2.0 x64 | ruby (CBL-Mariner) | Unknown | Unknown | None | Base: 6.6 Temporal: 6.6 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L |
3.1.4-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-27282 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-31951
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 2.0 05-Nov-24 Added frr to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-31951 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | frr (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
8.5.5-2 | Unknown | None |
| CBL Mariner 2.0 x64 | frr (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
8.5.5-2 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-31951 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-32607
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.7/TemporalScore:5.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. 1.0 30-Jun-24 Information published. 2.0 06-Nov-24 Added hdf5 to CBL-Mariner 2.0 Added hdf5 to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-32607 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.7 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
1.14.4.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.7 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
1.14.4.3-1 | Unknown | None |
| CBL Mariner 2.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.7 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
1.14.4-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.7 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
1.14.4-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-32607 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-27435
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 2.0 07-Nov-24 Added hyperv-daemons to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-27435 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-1 | Unknown | None |
| Azure Linux 3.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-27435 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-27037
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 30-Jun-24 Information published. 2.0 08-Nov-24 Added hyperv-daemons to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-27037 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.29.1-1 | Unknown | None |
| Azure Linux 3.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.29.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-27037 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-30203
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 30-Jun-24 Information published. 2.0 08-Nov-24 Added emacs to CBL-Mariner 2.0 Added emacs to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30203 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | emacs (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
29.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | emacs (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
29.3-1 | Unknown | None |
| CBL Mariner 2.0 ARM | emacs (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
29.3-1 | Unknown | None |
| CBL Mariner 2.0 x64 | emacs (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
29.3-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-30203 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-26950
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 2.0 08-Nov-24 Added hyperv-daemons to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-26950 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-1 | Unknown | None |
| Azure Linux 3.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-26950 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-45866
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:6.3/TemporalScore:6.3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 21-Dec-23 Information published. 2.0 09-Nov-24 Added bluez to Azure Linux 3.0 Added bluez to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-45866 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | bluez (CBL-Mariner) | Unknown | Unknown | None | Base: 6.3 Temporal: 6.3 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
5.63-6 | Unknown | None |
| Azure Linux 3.0 x64 | bluez (CBL-Mariner) | Unknown | Unknown | None | Base: 6.3 Temporal: 6.3 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
5.63-6 | Unknown | None |
| CBL Mariner 2.0 ARM | bluez (CBL-Mariner) | Unknown | Unknown | None | Base: 6.3 Temporal: 6.3 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
5.63-5 | Unknown | None |
| CBL Mariner 2.0 x64 | bluez (CBL-Mariner) | Unknown | Unknown | None | Base: 6.3 Temporal: 6.3 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
5.63-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-45866 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-1981
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-1981 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | avahi (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
0.8-3 | Unknown | None |
| Azure Linux 3.0 x64 | avahi (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
0.8-3 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-1981 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-50602
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50602 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | expat (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.6.3-2 | Unknown | None |
| Azure Linux 3.0 x64 | expat (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.6.3-2 | Unknown | None |
| CBL Mariner 2.0 ARM | expat (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.6.3-2 | Unknown | None |
| CBL Mariner 2.0 x64 | expat (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.6.3-2 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-50602 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-2410
MITRE NVD Issuing CNA: cve-coordination@google.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.6/TemporalScore:7.6
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-2410 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 7.6 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L |
8.0.40-2 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 7.6 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L |
8.0.40-2 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-2410 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-28835
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.0/TemporalScore:5.0
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-28835 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | gnutls (CBL-Mariner) | Unknown | Unknown | None | Base: 5.0 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H |
3.8.3-2 | Unknown | None |
| Azure Linux 3.0 x64 | gnutls (CBL-Mariner) | Unknown | Unknown | None | Base: 5.0 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H |
3.8.3-2 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-28835 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-28834
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-28834 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | gnutls (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
3.8.3-2 | Unknown | None |
| Azure Linux 3.0 x64 | gnutls (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
3.8.3-2 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-28834 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-48161
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.1/TemporalScore:7.1
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 16-Oct-24 Information published. 2.0 09-Nov-24 Added giflib to Azure Linux 3.0 Added giflib to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-48161 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | giflib (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
5.2.1-7 | Unknown | None |
| Azure Linux 3.0 x64 | giflib (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
5.2.1-7 | Unknown | None |
| CBL Mariner 2.0 ARM | giflib (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
5.2.1-7 | Unknown | None |
| CBL Mariner 2.0 x64 | giflib (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
5.2.1-7 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-48161 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-27028
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 2.0 09-Nov-24 Added hyperv-daemons to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-27028 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
6.6.35.1-1 | Unknown | None |
| Azure Linux 3.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
6.6.35.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-27028 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-52917
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-52917 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-52917 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-26596
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-26596 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.57.1-1 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.57.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-26596 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-27012
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-27012 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.57.1-1 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.57.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-27012 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-46853
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-46853 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.56.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.56.1-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-46853 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-46854
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.1/TemporalScore:7.1
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-46854 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-46854 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-46852
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-46852 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.56.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.56.1-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-46852 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-46861
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-46861 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-46861 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-46860
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-46860 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-46860 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-47670
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47670 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.56.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.56.1-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-47670 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-46864
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-46864 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-46864 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-47679
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.7/TemporalScore:4.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47679 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-47679 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-47675
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47675 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.56.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.56.1-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-47675 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-47678
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47678 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
6.6.56.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
6.6.56.1-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-47678 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-47686
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.1/TemporalScore:7.1
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47686 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-47686 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-47685
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:9.1/TemporalScore:9.1
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47685 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 9.1 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 9.1 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-47685 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-47688
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47688 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-47688 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-47693
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47693 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-47693 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-47695
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47695 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.56.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.56.1-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-47695 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-47696
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47696 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.56.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.56.1-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-47696 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-47705
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47705 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-47705 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-47701
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47701 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.56.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.56.1-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-47701 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-47704
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47704 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-47704 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-47706
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47706 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-47706 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-47712
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47712 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-47712 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | |||||||||||||||||||
| CVE-2024-47714
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
| |||||||||||||||||||||